[ttul]

This is by far the most effective solution to the problem. The foreign corrupt practices act [1] was highly effective at stopping US businesses from paying bribes in foreign countries, with many other developed nations following suit with similar laws. Such a law for ransomware would no doubt also be effective. Companies pay lawyers specifically to audit their processes around FCPA compliance because the penalties are so severe. No executive wants to go to prison because a salesperson hires some “consultant” in Thailand to win a deal…

[1] https://en.wikipedia.org/wiki/Foreign_Corrupt_Practices_Act

[mcguire]

How do you know it was highly effective? Do the audits enhance compliance or just ensure non-compliance is well concealed? The SEC's enforcement actions page shows a continuous stream of actions against large corporations ("Goldman Sachs Group, Inc. - The firm agreed to pay more than more than $1 billion to settle SEC charges that it violated the anti-bribery, books and records, and internal accounting controls provisions of the FCPA in connection with the 1Malaysia Development Berhad (1MDB) bribe scheme. See related action against Tim Leissner (10/22/20).") since they ramped up enforcement in 2007. How do you know that's not just the tip of the iceberg?

[edit] URL: https://www.sec.gov/enforce/sec-enforcement-actions-fcpa-cas...