a hand holding a guitar



Adapting U.S. compliance programs to incorporate Canada’s foreign corruption law

This article outlines some of the key differences between the U.S. Foreign Corrupt Practices Act (FCPA) and the Canadian Corruption of Foreign Public Officials Act (CFPOA).

U.S. companies with a Canadian footprint tend to focus almost exclusively on the FCPA when assessing their foreign corruption law risk. While Canada’s foreign corruption law, the CFPOA, is similar to the FCPA in many respects, there are critical differences that these companies should take into account.

CFPOA jurisdiction is much narrower than FCPA jurisdiction so companies should carefully analyse whether Canadian authorities will consider their operations to fall under the Canadian law. For companies that do fall within CFPOA jurisdiction, it is important to adapt existing FCPA compliance programs and transactional due diligence practices to take into account the CFPOA’s much broader liability provisions and more severe public procurement consequences.

Enforcement jurisdiction is narrower

The CFPOA provides for nationality jurisdiction that covers companies incorporated, formed, or otherwise organised under Canadian or provincial law. This is roughly equivalent to the FCPA’s jurisdiction over “domestic concerns”.

But the CFPOA’s territorial jurisdiction is much narrower than its U.S. counterpart. While FCPA territorial jurisdiction exists over companies that have taken any act in furtherance of a corrupt payment while in U.S. territory, CFPOA territorial jurisdiction extends only to violations that have a “real and substantial connection” to Canada. In considering whether territorial jurisdiction exists under this narrower standard, Canadian courts examine additional factors such as where the benefits to the violative conduct accrued, where the documentary evidence is located, and where the witnesses reside.

Unlike the FCPA, the CFPOA does not provide for issuer jurisdiction over companies with securities listed on a Canadian exchange or quoted in the over-the-counter market in Canada. Because of these jurisdictional differences, U.S. companies operating in Canada will be subject to CFPOA jurisdiction only if they have some kind of “real and substantial connection” with Canada beyond their issuer status.

Violations are only enforced criminally

The CFPOA is a criminal statute that is enforced only by way of investigation by the Royal Canadian Mounted Police (RCMP) and prosecution in the criminal courts. Therefore, enforcement authorities in Canada are held to the higher criminal standard of proof beyond a reasonable doubt when bringing CFPOA charges.

The lack of a civil enforcement mechanism in the CFPOA is often cited as a key reason there is less foreign corruption enforcement activity in Canada, but that could soon change with the Supreme Court of Canada having cleared the way for a Canadian national securities regulator. If efforts to launch such a national securities regulator are successful, there could be renewed debate about amending the CFPOA to include a civil enforcement mechanism (similar to the U.S. SEC’s civil enforcement responsibility for the FCPA).

In the meantime, there is some indication that Canada’s provincial securities regulators may be willing to use the civil securities laws to pursue suspected foreign corruption. In December 2018, the Ontario Securities Commission (Canada’s largest securities regulator) settled civil charges with a mining issuer for failing to adequately disclose the risk that foreign corrupt activity posed to its business.

For U.S. companies with a Canadian footprint, these are certainly issues to watch, as civil enforcement of foreign corruption would significantly increase Canadian regulatory scrutiny of their operations.

There is no whistleblower program

Under the U.S. Securities and Exchange Commission’s (SEC) enormously successful whistleblower program, individuals who report tips of FCPA misconduct that lead to an SEC civil enforcement action can receive an award of 10 to 30 per cent of the sanctions collected. Although the SEC does not separately identify FCPA-related awards, the SEC has made staggering awards under the whistleblower program in recent years, including its largest award ever of $114 million in October 2020. The SEC whistleblower program also includes strong protections for individuals who choose to report potential FCPA violations to the SEC.

By contrast, there is no equivalent whistleblower program associated with the CFPOA, which significantly diminishes the incentive for whistleblowers with knowledge of a CFPOA violation to report their concerns to the RCMP. The lack of such a program provides an opportunity for U.S. companies operating in Canada to thoroughly investigate and remediate CFPOA violations before they come to the attention of the government (through self-disclosure or otherwise). These companies often benefit from the government turning its focus to the prosecution of individuals instead of the company which, recently occurred when the RCMP charged a former executive of a Canadian software company that self-reported allegations of misconduct.

There is no statute of limitations

While a five-year statute of limitations generally applies to criminal and civil actions for FCPA violations (with some exceptions, including for tolling agreements and allegations of conspiracy), the CFPOA is not subject to any statute of limitations. Canadian enforcement authorities can therefore prosecute a company for violations that occurred as early as 1999 (the year the CFPOA came into force).

The lack of a statute of limitations in the CFPOA has important consequences for how a company with Canadian operations should deal with evidence of historical misconduct. Companies cannot assume that the government will not investigate potential CFPOA violations from 15 or 20 years ago. Moreover, past violations often indicate serious controls issues that may have failed to detect recent misconduct. For these reasons, companies that are doing due diligence on high-risk counterparties in corporate transactions should consider extending their diligence further back in time – possibly even as far back as 1999 in extreme cases.

Facilitation payments are prohibited

Companies operating abroad sometimes make small payments to government officials to provide routine non-discretionary services. For example, a company may make a nominal payment to a government immigration official at a port of entry who demands the payment to process a visa application. While the FCPA generally permits such “facilitation payments” (also known as “grease payments”), the CFPOA does not.

Companies that are designing CFPOA compliance programs must therefore ensure that any existing FCPA compliance programs that they adapt to the Canadian context include controls for even de minimis payments to government officials for routine action. In addition, companies that encounter evidence of such payments during due diligence of counterparties in corporate transactions must carefully evaluate the level of CFPOA risk they are prepared to assume.

The public procurement consequences of a violation are more severe

A conviction under the CFPOA results in automatic debarment from contracting with the Canadian government (with limited exceptions) for 10 years. This stands in stark contrast to the FCPA under which companies that violate the statute are subject to debarment from U.S. federal government contracts at the discretion of the government.

Companies subject to CFPOA jurisdiction that transact with the Canadian government should always keep the risk of automatic debarment in mind. However, recent amendments to the Canadian Criminal Code may provide relief from automatic debarment. Prosecutors investigating a CFPOA violation may now resolve it with a remediation agreement (similar to a deferred prosecution agreement), whereby charges against the subject company are stayed as long as the company complies with the terms of the agreement.

By entering into a remediation agreement, companies can avoid a CFPOA conviction that results in automatic debarment. However, to take advantage of this option, a company will have to agree to a statement of facts, admit responsibility for the CFPOA violation, and cooperate with prosecutors. As with deferred prosecution agreements, prosecutors may also require that the company commit to implementing compliance measures and agree to the appointment of an independent monitor.

The following chart compares the differences between the FCPA and the CFPOA as highlighted in this article.




Enforcement Jurisdiction


Companies incorporated, formed or otherwise organized under Canadian or provincial law



Acts that comprise the violation have a “real and substantial connection” to Canada


Legal entities that are organized under U.S. or state law

Legal entities with their principal place of business in the U.S.



Any act in furtherance of a violation that took place in U.S. territory


Companies that have a class of securities listed on a U.S. national exchange

Companies that have a class of securities quoted in the U.S. OTC market and are required to file periodic reports with the SEC

Method of Enforcement

Criminal Only

Investigations by the RCMP

Prosecutions by Public Prosecution Service of Canada


Investigations by the FBI

Prosecutions by the DOJ



Investigations and enforcement actions by the SEC

Whistleblower Bounty Program


SEC Whistleblower Bounty Program

Individuals who report tips of FCPA misconduct that lead to an SEC enforcement action can receive an award of 10 to 30 per cent of the sanctions collected. They are also protected from retaliation and from actions taken to impede reporting.

Statute of Limitations


Criminal: Five Year

Statute of limitations begins when the criminal act or conspiracy ends

Extended by tolling agreement

Suspended for up to three years by prosecutor requesting evidence from a foreign country


Civil: Five Year

Statute of limitations begins when the claim “accrues”

Extended by tolling agreement

Does not apply to certain equitable remedies

Facilitation Payments

Not Permitted


Explicit savings provision for payments made to expedite or secure the performance of routine non-discretionary governmental action

Public Procurement Consequences of Violation

Automatic Debarment

From all federal government procurement for ten years (with limited exceptions)

Discretionary Debarment

At the discretion of the relevant government entity

Key Contacts