“We Don’t Bribe” Isn’t Enough: Anti-Corruption Risk for International SMBs

Anti-corruption compliance for international small and mid-size businesses — FCPA risk guide

IBCircle Member Roxane Peyser - Alliance Growth Legal Advisors

Most international business owners would never approve a bribe. The problem is that anti-corruption risk rarely looks like one. IBCircle Member Roxane Peyser of Alliance Growth Legal Advisors explains why small and mid-size businesses doing business internationally face real FCPA exposure — through agents, consultants, distributors, and local partners — and the three questions every founder should ask before approving any third-party payment.

At a recent international business discussion, I raised the U.S. Foreign Corrupt Practices Act, or FCPA, and the shift toward more selective anti-corruption enforcement. The reaction was telling: several business owners and companies operating internationally had never heard of it, and some dismissed the issue as irrelevant because they “do not bribe anyone.”

That reaction is exactly why this matters.

Anti-corruption risk is rarely presented as an obvious bribe. It often appears as a consulting fee, success fee, referral payment, discount, rebate, sponsorship, charitable contribution, travel expense, customs payment, permitting “expediter,” reseller margin, or a request from a local partner who says, “This is how business is done here.” The company that would never approve a bribe may still be exposed through the agent it hired, the consultant it retained, the distributor it relies on, or the referral source it rewards.

Indeed, small and mid-size companies can be more exposed precisely because they are lean. They move quickly, depend heavily on local agents and distributors, and may not have formal legal, compliance, finance, or internal audit infrastructure. A founder may know the company would never approve a bribe, but may not know who the distributor is paying, why a consultant is receiving a commission, whether a reseller margin is commercially reasonable, or whether a “facilitation” request involves a government official.

For small and mid-size businesses expanding or already doing business internationally, anti-corruption compliance is a practical business issue, not a theoretical legal concern. It affects contracts, third-party relationships, policies and procedures, employee training, investor diligence, financing, exits, and the company’s ability to operate across borders.

The FCPA is not new. It was enacted in 1977 and has been part of the U.S. legal framework for nearly 50 years. It can apply to U.S. companies of every size, including private companies, small businesses, mid-size businesses, and large multinationals. It can also apply to U.S. citizens, nationals, residents, and certain foreign companies and individuals when there is a sufficient U.S. connection. It reaches not only direct payments by the company, but also conduct by officers, directors, employees, agents, consultants, distributors, and other third parties acting on behalf of the business.

For this discussion, small businesses are companies with fewer than 100 employees and revenues up to $50 million. Mid-size businesses are companies with 100 to 999 employees and annual revenues between $50 million and $1 billion. These companies may not have large legal or compliance departments, but they often face real exposure because they rely on agents, distributors, consultants, resellers, customs brokers, referral partners, joint venture partners, and local advisors.

Readers may also ask whether this has actually applied to smaller or mid-size companies. It has. Transport Logistics International, a Maryland-based transportation services company, entered into a deferred prosecution agreement with DOJ in 2018 and agreed to pay a $2 million penalty in an FCPA matter involving bribes to an official at a subsidiary of Russia’s state atomic energy company. This was not a household-name multinational; it was a specialized services company doing international work with government-linked customers. Balt SAS, a privately held French medical-device company, resolved a U.S. FCPA investigation in 2026 involving alleged payments to a physician at a French state-owned public hospital. DOJ declined prosecution but required disgorgement, and individuals connected to the matter were indicted. Sargeant Marine, a Florida-based asphalt company, pleaded guilty in 2020 to FCPA-related charges involving bribes to officials in Brazil, Venezuela, and Ecuador and agreed to pay $16.6 million.

These are not isolated examples. Across administrations—including the first and second Trump Administrations— FCPA enforcement has reached smaller, private, specialized, and mid-market companies.

The point is that FCPA exposure is not limited to mega-cap public companies. It can reach smaller, private, specialized, and mid-market businesses when they operate internationally through agents, consultants, distributors, state-owned customers, or government touchpoints.

The Problem Is Often Not the Fee. It Is the Lack of Proof.

Referral fees, consulting fees, success fees, commission payments, distributor margins, and local advisory fees are not inherently improper. In many industries they are legitimate and commercially necessary. The problem arises when the company cannot show what the third party actually did, why the payment was commercially reasonable, who benefited, whether a government touchpoint existed, and whether the payment was accurately recorded.

A vague invoice for “market development,” “special handling,” “relationship management,” “consulting,” “expediting,” or “business development support” is not enough. A contract label does not make a payment legitimate. A purchase order does not prove services were performed. A clean-looking invoice does not eliminate risk if the real purpose of the payment was to influence a government official, obtain a permit, steer a state-owned customer, move goods through customs, or secure business through an undisclosed intermediary.

Good documentation should answer the basic business questions a skeptical reviewer would ask later: Who is being paid? What exactly did they do? Why were they selected? How was the fee calculated? Is the fee consistent with market practice? Who approved it? Was any government official, state-owned enterprise, public hospital, customs authority, regulator, permitting office, or public procurement process involved? Were any red flags identified? If so, how were they resolved before payment?

What Good Documentation Looks Like

For legitimate referral, consultation, success, reseller, customs, or local advisory fees, a company should be able to produce a file that shows substance, not just paperwork. At a minimum, that file should include:

  • A written agreement before services begin. The agreement should describe the scope of work, territory, compensation, anti-corruption obligations, audit rights, termination rights, and the third party’s obligation to comply with applicable law. It should prohibit payments to government officials and undisclosed sub-agents without prior written approval.

  • Due diligence on the third party. The company should document ownership, beneficial owners, qualifications, reputation, references, sanctions screening, government affiliations, litigation or enforcement history, and any relationship to customers, officials, regulators, procurement personnel, or state-owned enterprises.

  • A clear business rationale. The file should explain why this third party was needed, who selected them, what alternative providers were considered, and why the fee structure is commercially justified.

  • Fee support. The company should be able to show how the fee was calculated. A percentage success fee or unusually high commission should be supported by market comparisons, prior deal history, pricing analysis, board or management approval, or other evidence that the payment was reasonable for actual services.

  • Proof of services. There should be real work product: meeting summaries, call notes, market reports, introduction records, deliverables, translation or logistics support, customs documentation, project status updates, travel records, customer communications, or other evidence that services were actually performed.

  • Payment controls. Payments should match the contract and invoice, be made to the contracted party in the country where services are performed or where the party is located, and avoid cash, personal accounts, offshore accounts, split payments, or payments to unrelated entities unless there is a documented and approved reason.

  • Accurate books and records. The payment should be coded accurately. A referral fee should not be booked as “miscellaneous,” a customs payment should not be buried in “logistics,” and a success fee should not be disguised as a discount, rebate, marketing allowance, or charitable contribution.

  • Red-flag review. If red flags exist, the file should show they were identified, escalated, and resolved before approval. Examples include government connections, vague services, urgency, refusal to certify compliance, 2 requests for unusual payment channels, excessive fees, poor qualifications, or a demand to keep the arrangement confidential.

A good file does not need to be elaborate. It needs to be contemporaneous, specific, and consistent. The documentation should make sense to someone who was not in the room: a lender, investor, buyer, auditor, regulator, prosecutor, or new general counsel reviewing the transaction two years later.

How These Issues Surface

Companies often assume regulators find anti-corruption issues only through dramatic raids or government investigations. In practice, problems surface through ordinary business friction. A former employee complains. A terminated sales agent threatens to expose the company. A customer refuses to pay and raises questions about the fee. A competitor complains that a contract award was unfair. An auditor asks why a consultant received a large success fee. A bank flags unusual payments. A buyer in diligence asks for third-party files and the company cannot produce them.

Reports can also come through formal channels. The SEC maintains a whistleblower program for tips about possible securities law violations, including tips submitted through its Tips, Complaints and Referrals portal. Whistleblowers may be eligible for monetary awards in qualifying SEC enforcement actions. DOJ also accepts FCPA reports and has corporate enforcement and voluntary self-disclosure policies designed to encourage companies and individuals to report misconduct. In other words, a company should assume that employees, former employees, competitors, counterparties, agents, customers, auditors, lenders, investors, buyers, and regulators may all become sources of information.

That is why documentation matters. If a company receives a complaint, finds an issue during diligence, or learns that a whistleblower has raised a concern, the first question will not be whether management believes it is ethical. The first question will be: what does the record show?

Practical Red Flags for SMBs

Smaller companies should be especially alert when a third party is introduced by a government official, public customer, or state-owned enterprise; when the third party lacks relevant experience; when the fee is unusually high; when services are vague; when the payment is requested in cash or to an offshore account; when the consultant asks not to be named; when invoices do not describe specific work; when the work involves customs, permits, licenses, inspections, public hospitals, utilities, defense, energy, infrastructure, or public procurement; or when the third party resists anti-corruption language.

None of these facts automatically proves misconduct. But they require discipline. The company should slow down, document the business rationale, conduct diligence, obtain appropriate approvals, and confirm that the payment is for legitimate services actually rendered.

A Simple Test

Before approving a referral, consulting, success, reseller, or local advisory fee, leadership should ask three questions:

  1. Could we explain this payment clearly to a lender, investor, buyer, auditor, or regulator?

  2. Do we have documents showing what was done, by whom, and why the amount was reasonable?

  3. Would the payment still look legitimate if an employee, former employee, customer, competitor, or agent sent the file to the SEC or DOJ?

If the answer to any of those questions is no, the company does not necessarily have an FCPA violation. But it does have a control problem. And control problems are where many anti-corruption matters begin.

The fact that some international business owners have never heard of the FCPA is not reassuring. It is a flashing red light. It suggests that contracts may not include the right protections, third parties may not be vetted, employees may not be trained, and payment approvals may not be documented. It also means that founders, owners, and investors 3 may underestimate how quickly an ordinary international transaction can create legal, financial, reputational, or diligence exposure.

That is the point. The issue is not whether good people intend to break the law. The issue is whether the company has enough oversight, documentation, contractual protection, and internal discipline to prevent third parties, employees, or local partners from exposing it to liability. The FCPA does not excuse companies simply because leadership was unaware of what happened through an agent, distributor, consultant, referral partner, or local advisor.

Companies that have never heard of it are not exempt from it. They are simply unprepared for it.

Regulatory Sources Consulted

Sources consulted include the DOJ and SEC FCPA Resource Guide, the DOJ Corporate Enforcement and Voluntary Self-Disclosure materials, and SEC materials regarding whistleblower tips, complaints, referrals, and the SEC Whistleblower Program.

About The Author

IBCircle Member Roxane Peyser is the founder of Alliance Growth Legal Advisors (agla-ltd.com), a legal advisory firm specializing in international business law, cross-border compliance, and anti-corruption risk management for small and mid-size businesses expanding globally. She can be contacted at: rpeyser@agla-ltd.com

About IBCircle

International Business Circle (IBCircle) is a Colorado-based Think Tank and independent business network for CEOs, founders, executives, and investors in internationally active businesses. Founded in 2004. Members from 30+ countries. Twice named Business Networking Organisation of the Year — Global Innovation and Excellence Awards 2025 & 2026.

PLEASE NOTE: This article is for informational purposes only and does not constitute legal advice. Consult qualified legal counsel for advice specific to your situation.

Next
Next

What Aikido Taught 20 Global Executives About Leadership — and Why It Matters Right Now