There was a time when the U.S. Department of Justice primarily focused its attention on prosecuting companies responsible for bribing foreign officials. Critics of this practice argued that the resulting fines had become just another cost of doing business. So, about eight years ago, the DoJ announced a new strategy of targeting corporate officers and directors for criminal prosecution under the Foreign Corrupt Practices Act (FCPA) in order to more significantly deter global corporations from engaging in corrupt practices.

If the number of convictions is any indication, the strategy may be paying off: since 2005, dozens of corporate executives have been convicted of violating the FCPA, paid hefty fines from their personal assets, and spent years in prison. (Of course, companies are still the subject of federal agencies’ wrath: the most recent case will result in Pfizer paying more than $60 million to settle FCPA charges, according to the Wall Street Journal.)

Last month, law firm Chadbourne & Parke released a study of the 61 FCPA prosecutions involving individual defendants over the past six years. A surprising number, 35%, of the defendants were the president, chief executive officer, or chief operating officer of their firm. In all, 53 of the individuals charged with violating the FCPA during this period were senior officers — a staggering 87% of all defendants.

These findings should be of concern to corporate executives worldwide. Though the U.K. Bribery Act — which went into effect earlier this year — has captured headlines as a force to be reckoned with, in many ways, the 33-year-old FCPA still reigns supreme in its threat to CEOs and CFOs who do business in the United States.

To understand the potential magnitude, one need look no further than the recent News of the World phone-hacking scandal that has consumed Rupert Murdoch and his News Corp. for much of the year. The gravest threat of criminal prosecution facing the Murdochs and other senior executives of News Corp. might come not from British authorities, who would directly oversee the publication, but from the FCPA.

A key aspect of the scandal that has received relatively little attention centers on the sizable payments that were allegedly paid to police officers in exchange for the technical knowledge and access needed to carry out the hacking. However, British authorities will be unable to prosecute senior officials of News Corp. absent some clear and convincing evidence that they actually participated in or approved any illegal payments. The DoJ, on the other hand, has a powerful, proven legal instrument in the FCPA that can support such prosecutions well beyond U.S. borders.

In this context, both the DoJ and the U.S. Securities and Exchange Commission have jurisdiction to determine whether senior officers of News Corp. knew of, or later learned of and failed to address, illegal payments to police officers. Since the FCPA also requires companies with securities traded on a U.S. exchange to keep books and records that accurately reflect business transactions and to maintain effective internal controls, it might be even easier for the SEC to mount a civil enforcement proceeding against News Corp. and any senior official implicated in approving or failing to report the use of corporate funds for the payment of bribes. In this way, executives can be ensnared in an FCPA investigation when an illegal bribe occurred, even if they themselves did not take part in the bribe or benefit personally from a transaction.

Though it’s still unknown which News Corp. executives U.S. regulators may be scrutinizing, Chadbourne & Parke’s study suggests that those most at risk may be their most senior executives. For CFOs in particular, the research shows an interesting anomaly: only four CFOs were charged during the period reviewed. Some may get a break, if they help prosecutors. In the high-profile case involving Miami-based telecommunications company LatiNode, for example, a former CEO was sentenced in September to serve 46 months in prison for paying bribes to Honduras officials. But Manuel Salvoch, the CFO who served under him at that time, has pleaded guilty to only one charge, conspiracy, and has agreed to cooperate fully with the DoJ. He is likely receive a lighter sentence than that of the CEO and two other executives accused of being involved in deals with foreign government officials.

Still, CFOs would be wise not to feel a sense of security. They can take proactive steps, such as the ones below, to protect themselves from personal prosecution.

1. Ensure the firm has a clear and widely understood antibribery program. This includes ongoing training for all staff at risk, controls on all payments, and a regular independent audit of every unusual payment.

2. At the first sign of trouble, remember the old adage that “the cover-up is always worse than the crime.” This is particularly true for CFOs who are responsible for protecting the integrity of their firm’s books and records. If you encounter any hesitancy on the part of senior management, be sure to get the general counsel involved. If the GC hesitates, retain outside counsel.

3. Don’t be tempted to lie or mislead the federal investigators — that represents an entirely new crime.

The FCPA represents a powerful tool for prosecutors, and its penalties have shown that the stakes are high for corporate officers. By taking an informed, proactive approach toward preventing bribery, CFOs can remain focused on doing what they do best inside their companies and in boardrooms, while avoiding the courtroom.

Kevin J. Ford is head of Strategic Solution Advisory for Regulatory Data Corp., a provider of decision-ready intelligence and risk and compliance protection.