Anti-Bribery & Corruption — Module 1 of 4

Hospitality

When a client's invitation blurs the line between networking and inducement — three days before a contract decision.

Your Role

Alexa Reeves

Compliance Manager, Meridian Engineering Inc.

Two years into the role. You were hired to build the compliance programme from scratch — the policies exist, the training is planned, but it hasn't been truly tested yet. Today, it will be.

Meridian Engineering Inc. has grown from 280 to 600 employees in four years, driven by international project wins in infrastructure and energy.

The Gifts & Hospitality Policy requires pre-approval for hospitality above $650. During active tenders or contract renewals, the threshold drops to $300.

David Mercer, Business Development Director, brought in $23M of contracts last year. He is Meridian's most commercially important employee. You report to Helen Carr, CFO.

Before You Start

How This Works

This is a decision-driven scenario. You'll face real decisions — and your choices shape how the story unfolds.

+3 Best practice — the response a compliance expert would choose

+1 Reasonable but incomplete — you're on the right track

−2 Risky or non-compliant — learn why this path creates problems

Tip: Highlighted text like FCPA §78m is clickable — tap to read the legal reference in full.

Portrait of David Mercer, Business Development Director

Tuesday, 4:47 PM

Narrator

You're heading to the kitchen when David Mercer catches you in the corridor. Just back from London — suit jacket over one arm, looking relaxed. He mentions it almost as an afterthought.

David Mercer

Alexa — good timing. Quick one. I was at the Masters over the weekend. Corporate box, Haldane's invite. Took Jenny from proposals. Spectacular match — a tense final round — Scheffler one shot off the lead. Anyway, just thought I'd mention it. Should I log it somewhere?

You

David, the Haldane contract renewal is next week.

David Mercer

Exactly. That's why the relationship matters. Look, this isn't a brown envelope, Alexa. It's tennis. Everyone does it.

Tuesday, 5:10 PM

Back at your desk

You pull up the details. The picture is worse than you thought.

Detail	Value
Event	Masters Tournament — Augusta National Patron Badge Hospitality
Date	Saturday, 5 July
Host	Haldane Infrastructure (client)
Estimated value per person	~$3,200 (hospitality package incl. champagne, lunch, afternoon tea)
Meridian attendees	David Mercer (BD Director) + Jenny Ashworth (Proposals Manager)
Total estimated value	$6,500
Haldane contract renewal decision	Wednesday, 9 July — 4 days after the event
Pre-approval obtained?	No
Gifts register entry?	None
Policy threshold (active contract period)	$300 — exceeded by 20×

The hospitality exceeds your policy threshold by a factor of twenty. Accepted during an active contract renewal. No pre-approval, no register entry.

Your phone buzzes. Helen Carr: "David mentioned the Masters thing. Come see me first thing tomorrow."

Portrait of Alexa Reeves, Compliance Manager

Tuesday, 5:25 PM. The facts: $6,500 of hospitality, ten times the policy threshold, accepted during an active contract renewal with no pre-approval. David sees no problem. Helen wants to talk tomorrow. The next 12 hours decide whether this stays a policy breach or becomes criminal exposure.

What is your first action?

Your choice

Log, notify, and brief Helen

Log the hospitality retrospectively, have David disclose to Haldane's compliance team, and brief Helen fully. Under FCPA §78m, an effective compliance program demands at least this much.

Your choice

Log it and have a quiet word with David

Log it retrospectively in the gifts register and have a private chat with David about pre-approval. No need to involve the client or escalate. Proportionate response to a paperwork failure.

Your choice

No action needed — it's corporate hospitality

Corporate hospitality is normal BD. The FCPA doesn't prohibit reasonable hospitality. David is right. Escalating would damage his trust and risk the client relationship.

Wednesday, 8:15 AM — Helen's Office +3

You

Helen, I've logged the Masters hospitality — $6,500, contract renewal window, no pre-approval. I've drafted a disclosure letter for David to send to Haldane's compliance team.

Helen Carr

A letter to their compliance team? That's a bit much, isn't it? We don't want Haldane thinking we're accusing them of anything.

You

It's transparency, not accusation. We received hospitality, we logged it, and it doesn't influence the deal. If we stay silent and someone asks later, silence looks worse than the hospitality.

Helen Carr

And if David pushes back?

You

He will. But this is exactly what our procedures are for. FCPA §78m holds the company liable for David's conduct regardless — an effective compliance program won't bar liability, but it's the decisive factor in how the DOJ resolves it. We have a policy — we just need to enforce it.

Why This Was Defensible

Logging, requiring client-side disclosure, and briefing your CFO creates the trail FCPA §78m demands. An effective compliance program is an enforced one. Under DOJ ECCP ‘Risk-Based Compliance Program’ hallmark, the response must match the risk — $6,500 three days before a $5.2M decision is material.

Wednesday, 8:15 AM — Helen's Office +1

You

Helen, I've logged the Masters event in the gifts register. $6,500 total, no pre-approval. I've spoken to David about the pre-approval requirement.

Helen Carr

Good. And David?

You

He understands. Says it won't happen again.

Helen Carr

Fine. Let's move on.

The Gap in This Approach

You've created a register entry, which is better than nothing. But a retrospective log without disclosure to the client leaves a gap. If Haldane's own compliance team later discovers the hospitality during their audit, Meridian will be asked: "You knew about this and said nothing?" Under DOJ ECCP ‘Continuous Improvement, Periodic Testing, and Review’ hallmark, an effective compliance program requires not just recording but reviewing and acting on hospitality that exceeds thresholds. A verbal warning with no documented follow-up means, if this happens again, you have no evidence that David was told — which weakens the compliance-program credit the DOJ would weigh under the FCPA §78m internal-controls framework.

Wednesday, 8:15 AM — Helen's Office −2

Helen Carr

Alexa, what's your assessment on the Masters thing?

You

Honestly, Helen — standard corporate hospitality. David's done this for years. The FCPA doesn't prohibit reasonable hospitality.

Helen Carr

That's reassuring. I didn't want to overreact.

Narrator

The FCPA doesn't prohibit hospitality. But you've missed the word: reasonable. $6,500 three days before a procurement decision isn't reasonable. And by not logging it, you've ensured no record exists that Meridian knew — exactly the gap the books-and-records and internal-controls provisions were built to close.

The "Everyone Does It" Trap

15 USC §78dd-1(a) makes it an offence to give anything of value to induce improper performance — hospitality counts. The DOJ/SEC FCPA Resource Guide flags value and timing as the strongest indicators. This event scores high on both. Under FCPA §78m: you knew, and did nothing.

Wednesday, 11:30 AM

Pattern in the register

You're reviewing the gifts register when you find something you didn't expect.

Three months ago, Meridian hosted Haldane's procurement team at a Cowboys-Giants NFL game at AT&T Stadium — corporate tickets worth $2,300. Logged by David as 'client relationship event', pre-approved by his line manager (not compliance). The same Rob Langley from Haldane attended.

This isn't a one-off. It's a pattern. Two hospitality events, same client, same procurement contact, within a single contract cycle. Combined value: $8,800.

Your policy says hospitality above $650 during an active contract renewal requires board notification. Helen has already asked you to keep this 'proportionate' — she doesn't want it going to the board.

Activity — Listen & Decide

David follows up after the meeting. Listen to his pitch before deciding what to do.

David Mercer — follow-up call

Press play to listen

Listen to the audio to unlock your choices.

Your choice

Accept, but first get Helen to authorise it in writing so there’s a paper trail.

Your choice

Decline, and log David’s approach in the gifts register as an offered (not accepted) item.

Your choice

Decline and self-report the offer to the DOJ as a precaution.

Your choice

Accept and attend — you’ll log it in the register the next day to keep records clean.

Activity — Gifts & Hospitality Register

Log the Criterion Restaurant dinner accurately. Every field matters — a wrong value here could mean this entry doesn’t trigger the compliance flag it should, or that a defensible event gets escalated unnecessarily.

Received from

Description

Estimated value

Active tender / renewal?

Pre-approval obtained?

Helen calls you in. "Alexa, I appreciate the thoroughness. But taking this to the board turns a manageable situation into a crisis. They'll panic. David will feel ambushed. We could lose the contract over optics." She pauses. "I'm not asking you to bury it. I'm asking you to be proportionate."

How do you handle the escalation?

Your choice

Follow the policy — notify the board

Policy is clear: hospitality above $650 during an active contract triggers board notification. $8,800 across two events with the same procurement contact isn't borderline. Selective enforcement is worse than no policy.

Your choice

Propose a documented compromise

Don't escalate if David sends written disclosure to Haldane's compliance team, both events get a documented review note, and David signs an acknowledgement of pre-approval policy. Defensible trail without board alarm.

Your choice

Defer to Helen — she's the CFO

Helen hired you and she's saying this is proportionate. She knows the board and the commercial relationship better. Going over her head damages the relationship you need to do this job.

Thursday, 10:00 AM — Boardroom +3

Helen Carr

For the record, I think this is disproportionate. But Alexa has a point about the policy.

You

The combined hospitality with Haldane totals $8,800 during an active contract renewal. Our policy requires board notification above $650. I'm not suggesting anyone acted in bad faith — I'm asking the board to note the disclosure and confirm next steps.

Helen is unhappy, but she hasn't overruled you. The board receives the disclosure professionally. One non-executive director — a former regulator — notes that this is exactly how an effective compliance program should work.

Why Enforcement Matters More Than Policy

The FCPA §78m internal-controls provisions require an effective compliance program. Courts and the DOJ look at whether procedures were followed in practice, not just whether they existed on paper. Selectively ignoring your own escalation threshold — even at the CFO's request — creates a precedent that undermines every policy you've written. Under DOJ ECCP ‘Continuous Improvement, Periodic Testing, and Review’ hallmark, monitoring and review means the policy is enforced when triggered, not just when convenient.

Wednesday, 3:30 PM — Helen's Office +1

You

Helen, I won't take it to the board — yet. But I need three things: David sends a written disclosure to Haldane's compliance team, both events get a full compliance review note on file, and David signs a written acknowledgement of the pre-approval policy.

Helen Carr

That sounds reasonable. I'll talk to David.

You

One more thing. If anything similar happens again — with any client — it goes to the board automatically. I need that commitment from you.

Helen Carr

Agreed. Let's close this out.

The Proportionality Judgment

DOJ ECCP ‘Risk-Based Compliance Program’ hallmark says procedures must be 'proportionate to the bribery risks faced.' Your compromise creates documentation, which is positive. But bypassing your own board notification threshold means a future auditor or prosecutor may ask: 'What was the real threshold?' The documented safeguards partially mitigate this — but they don't fully replace the governance step your policy requires. You've created a precedent that the board notification rule is negotiable.

Wednesday, 3:30 PM — Helen's Office −1

You

You're right, Helen. I'll keep this at our level. The register entry is there, David knows the policy. I don't think we need to escalate further.

Helen Carr

Good call. Sometimes proportionate means knowing when not to make a mountain out of a molehill.

Narrator

Helen is relieved. The board never learns that $8,800 of hospitality was exchanged with a client during a live $5.2M contract renewal. Your policy says board notification is required above $650. You've now created a documented case where the policy wasn't followed — and the reason was your boss told you not to.

Independence of the Compliance Function

If the Compliance Manager doesn't follow the compliance policy, the policy has no credibility. Under DOJ ECCP ‘Training & Communications’ hallmark, staff must believe the company's anti-bribery procedures are real. When the compliance function makes exceptions on request, the message to the organisation is clear: the rules are optional. The credit a company gets for an effective compliance program — the decisive factor in how the DOJ charges or resolves an FCPA §78m matter — is significantly weakened when the program existed only on paper.

Thursday, 3:00 PM

David Mercer

David is in your office. He's not hostile — but he's not happy.

"Alexa, I've been at Meridian for twelve years. I've built relationships that keep 600 people employed. I've never taken a bribe, I've never offered one, and I resent the implication that a weekend at Augusta makes me corrupt."

"If compliance is going to question every client dinner, every event invitation — good luck getting anyone in BD to tell you anything in future. They'll just stop reporting."

He's not wrong about the reporting risk. If people stop telling you about hospitality because they're afraid of the consequences, you'll have no visibility at all. The question now: what do you put in place so this doesn't happen again?

Friday, 10:00 AM. The immediate situation is contained. Now: what do you recommend to the CFO — and the board — to stop this recurring? David's warning about people 'stopping reporting' is genuine. Whatever you propose has to feel like a business enabler, not policing.

What do you recommend?

Your choice

Mandatory pre-approval, training, and board reporting

(1) Mandatory pre-approval above $300 via a 90-second form, (2) annual scenario-based training, (3) quarterly hospitality reporting to the board. Implements the DOJ ECCP risk-based, training, and continuous-improvement hallmarks as one system.

Your choice

Update the register and send a policy reminder

Update the register to require pre-approval above $650, send a company-wide reminder, and cover the policy at the next all-hands. Raises awareness without creating bureaucracy.

Your choice

Note David's file and move on

The policy covers this — David just didn't follow it. Note the breach on his personnel file. If it happens again, there's a documented pattern. No need to change a policy that works on paper.

The following Monday, 9:00 AM +3

Helen Carr

Walk me through this proposal.

You

Three components. A 90-second pre-approval form, auto-routed to compliance, 24-hour turnaround — checkpoint, not barrier. Annual scenario training. Quarterly board reporting on aggregate data and anything above threshold.

Helen Carr

David's going to hate the form.

You

He'll use it if it's 90 seconds with 24-hour turnaround. Had David called me before the Masters, we'd have approved with conditions — log it, document the rationale. He goes to the golf, we have a clean file. Cost: roughly zero. Cost of not doing it: a FCPA §78m prosecution we can't defend.

The Three Pillars of an Effective Compliance Program

Risk-Based: pre-approval is calibrated to Meridian's risk. Training: scenario-based means staff learn the why. Monitoring: quarterly board reporting makes it self-correcting. Compliance that's easy to use gets used.

Friday, 2:00 PM +1

You

I've updated the register to require pre-approval above $650 and drafted a company-wide reminder. I'll present the policy at the next all-hands.

Helen Carr

Sensible. Not too heavy-handed.

Narrator

The email goes out on Monday. 73% of staff open it. By Friday it's forgotten. Eight months later, another BD manager accepts an invitation to the Emirates Stadium from a contractor bidding on a subcontract. He doesn't pre-approve it — because he didn't read the email either.

Communication vs. Training

DOJ ECCP ‘Training & Communications’ hallmark distinguishes between 'communication' (telling people the policy exists) and 'training' (ensuring they understand and can apply it). An email achieves the first but not the second. If a similar breach occurs after the email, a prosecutor will ask: 'What did you do beyond sending an email?' If the answer is 'nothing,' the compliance-program credit the DOJ would weigh at charging (there is no statutory FCPA §78m defence) is weaker than before — because now you knew the system wasn't working and still didn't fix it.

Friday, 2:00 PM −2

You

I've drafted a note for David's personnel file documenting the policy breach. The policy already covers this — he just didn't follow it.

Helen Carr

Fair enough. These things happen.

Narrator

The note goes into David's file. David never sees it. No one else in the business learns anything from the incident. The pre-approval process remains a paragraph on page 7 of the employee handbook. The gifts register remains a spreadsheet that compliance reviews annually — retroactively, after the events have already happened.

Individual vs. Systemic Failure

FCPA §78m holds the commercial organisation liable, not the individual employee. Even if David is personally at fault, Meridian's exposure depends on whether the company's procedures were adequate to prevent the conduct. A file note on one employee's record does not constitute monitoring, review, training, or procedural improvement. Under DOJ ECCP ‘Continuous Improvement, Periodic Testing, and Review’ hallmark, the company must show it reviews and updates its procedures in light of experience. This incident is experience — and nothing changed.

Six Months Later

The Reckoning

The Haldane contract was renewed — the hospitality didn't influence the outcome. But what happens next depends on the system you built.

Module complete. Continue when you're ready.

Your Result

/ 9

Your Decisions

Key Lessons

1. Hospitality isn't automatically a bribe. Value, timing, and proximity to a commercial decision are what the DOJ looks at first.

2. FCPA credit turns on an effective compliance program that is enforced, not just written. A policy nobody follows isn't a control.

3. Easy systems get used. A 90-second pre-approval form enables business. A 30-page manual is a filing exercise.

4. The DOJ ECCP hallmarks work as a system: proportionate controls + training that explains the why + monitoring that catches patterns before prosecution.

Key Legal References

15 USC §78dd-1(a)

Bribing another person

FCPA §78m

Books-and-records & internal controls

DOJ ECCP ‘Risk-Based Compliance Program’ hallmark

Proportionate procedures

DOJ ECCP ‘Training & Communications’ hallmark

Communication & training

DOJ ECCP ‘Continuous Improvement, Periodic Testing, and Review’ hallmark

Monitoring & review

DOJ/SEC FCPA Resource Guide

Hospitality approach

Ready to complete this module?

Take the 5-question knowledge check to record your completion.

Take the Module Quiz →

Module 2 of 4

Next: Grease

Equipment stuck at Accra port. Liquidated damages ticking at $10,500/day. The customs official wants $2,000 to clear it.

Complete the quiz above, then launch Module 2 from your course menu.