They have been there all along, hiding in plain sight: the Foreign Corrupt Practices Act requirements for internal controls.
The problem is that most compliance practitioners have not been reading them too carefully. What are internal controls in a FCPA compliance program? Aaron Murphy, a partner at Akin Gump and author of “Foreign Corrupt Practices Act,” has said that, “Internal controls are policies, procedures, monitoring, and training that are designed to ensure that company assets are used properly, with proper approval, and that transactions are properly recorded in the books and records. While it is theoretically possible to have good controls but bad books and records (and vice versa), the two generally go hand in hand—where there are recordkeeping violations, an internal controls failure is almost presumed because the records would have been accurate had the controls been adequate.”
