Armed with government guidance on the Foreign Corrupt Practices Act released late last year, compliance teams have another weapon in their arsenal as they seek buy-in on best practices and due diligence from the executives who tightly control their purse-strings.

That was among the new developments in FCPA enforcement discussed during a panel at the Compliance Week 2013 annual conference in Washington D.C. on Wednesday.

Moderated by Paul McNulty, a partner with the law firm Baker & McKenzie and former U.S. Deputy Attorney General, Charles Duross, deputy chief of the FCPA fraud section at the Department of Justice, and Kara Novaco Brockmeyer, chief of the FCPA unit for the Securities and Exchange Commission's Division of Enforcement, discussed the long-awaited new guidance issued jointly by the DOJ and SEC.

Both speakers were instrumental in crafting the resulting document, “A Resource Guide to the Foreign Corrupt Practices Act.” It is intended to be a straightforward resource for business leaders and, as Brockmeyer stressed, one that is stripped of the jargon and legalese that might otherwise prove confusing.

The guidance delves into such matters as who qualifies as a foreign official under the FCPA; what constitutes a permissible gift rather than a bribe; the features of an effective anti-corruption compliance program; and the various resolutions a company can reach if it faces FCPA-related trouble with regulators.

Am imperative for the compliance function when it comes to FCPA due diligence is understanding that companies can no longer afford to have “just a good program on paper,” Brockmeter said. Those policies must be enforced and tied to internal controls and internal audit and “you need to kick the tires to see if it works,” she says.

Mergers and acquisitions are key areas where preventative measures can add measurable value,” she said, delving into the risk of successor liability.

Brockmeyer stressed that investigators will focus on companies that turned a blind eye to pre-existing risks, especially if they take “years, not months” to either identify or admit to a problem with a subsidiary.

“If it takes 10 years before you identify a problem and shut it down, that is no longer their problem, it is your problem,” she said.

Compliance and rigorous due diligence offer a business benefit, because otherwise, when a company “acquires a pig in a poke” the absorbed entity may fail to adhere to good accounting principles, and is likely to have understated costs and exagerated revenues, harming the buyer's bottom line and, in turn, shareholders.

A common trap companies fall into is assuming that one, isolated bribe can be both undetected and a one-time event., Duross said. “The first bribe is exactly that, the first bribe in a series of bribes,” he said. “It just keeps growing, like a cancer that spreads.”

Duross compared the compliance function at a company to the Alamo, as a “last stand,” in this case, “between people making good decisions and bad decisions.” (An attendee, did, however, needle him for the metaphor given how things turned out at the Texas landmark).

From an enforcement point of view, a good compliance program can minimize the fallout, saving considerable time, money and resources, Duross stressed. “We've seen examples of compliance officers shutting down something that is problematic and companies are being rewarded for that,” he said.

As such, following the FCPA guidance can be “good for business,” he added. An FCPA risk assessment may also lead company leadership to question activities that are not necessarily in their best financial interests. For example, they may question why they have so many third parties and demand an accounting of what value they provide.

Asking those questions, and volunteering potential FCPA violations, could help spare a company from full brunt of enforcement consequences, at the very least earning a deferred prosecution agreement. “If there is a good faith effort being made, it really does carry weight,” Duross said, explaining that “meaningful credit” is given to parties that did step forward.

It is better for a company to get ahead of its problems, than to suffer the “collateral consequences” of enforcement actions,” Duross said.

“We understand that the actions we take are incredibly serious and affect a whole bunch of folks we'll never set eyes on,” he said, recalling executives who were driven to tears during an investigation. “This is going to kill my company you don't know what this is going to do to my people,” was a typical response.

“One of the ways we can tell a compliance program is working, is when we start to hear about complaints and issues, and they are catching them before they become a multi-million dollar  problem,” Brockmeyer said. “If your compliance program is saying, ‘We don't hear of any problems,' that is a red flag you need to take a look at.”