Panasonic Avionics Corp., a U.S. subsidiary of Panasonic that makes in-flight entertainment systems, settled charges with U.S. regulators on April 30 that it violated the Foreign Corrupt Practices Act for years in the 2000s.

The case offers almost every lesson a compliance officer might want to discuss about anti-bribery programs. And Panasonic settled its charges with $280 million in penalties, a two-year deferred-prosecution agreement, and a compliance monitor. Clearly the lessons are worth learning.

First, due diligence matters all the time, and matters all the way down. As often happens with criminal violations of the FCPA, bribes were relayed to government officials through intermediaries and sales agents. In this case, multiple agents working for Panasonic failed the company’s internal due diligence checks and parted ways with the company — and were then hired back as subcontractors, with a sales agent that had passed due diligence.

That scenario underlines the point of what due diligence truly is: an effort to expel corrupt third parties from the enterprise permanently, rather than a simple background check to be performed at one moment in time.

If the mantra is, “Companies don’t commit crime; people working for companies do,” then due diligence programs should flag specific high-risk people and ensure they don’t work on behalf of the organization. That can require language in contracts with other third parties (to avoid subcontractor risk), follow-up audits, and similar measures.

Second, accounting controls also matter. Panasonic engaged in considerable books-and-records violations both to mask the improper payments (a civil FCPA violation) and to inflate revenue and pre-tax income by recognizing revenue early (accounting fraud). Panasonic ultimately paid more than $1.75 million to supposed sales agents who provided few (if any) actual services. None of that was properly recorded in the company’s books.

Moreover, Panasonic employees knew about, and concealed, the scheme to sub-contract the sales agents who had been terminated. The third party that employed those sub-contractors was paid from a Panasonic budget line under the sole control of a senior Panasonic Avionics executive, with no oversight from anyone else at the company.

Proper accounting controls are crucial to effective FCPA compliance, since they can choke off the supply of money necessary for criminal violations. For example, a company could require multiple executives to counter-sign any payment above, say, $50,000; and require documentation that the party receiving that money has delivered the services promised. Compliance with the civil side of the FCPA (implement strong accounting controls) supports compliance with the criminal side (do not pay bribes).

Third, leadership matters if a company wants the first two issues to matter. Large organizations are always porous collections of people and business practices. Even the most exhaustive controls, policies, and procedures still leave some crack for misconduct to sprout. Strong ethical leadership is the sealant that tries to fill those cracks. The absence of strong leadership does the company no favors.

In Panasonic’s case, an internal audit in 2010 flagged potential problems with high-risk agents, and that report was circulated among senior executives. No follow-up happened for years.

It is worth noting that the company did not disclose the misconduct voluntarily. Only when the Securities and Exchange Commission began requesting documents did Panasonic admit potential problems and begin cooperating. That said, after the investigation began Panasonic did cooperate fully, including a thorough internal investigation and providing foreign employees for interviews with the Justice Department.

For that effort, Panasonic received a 20 percent discount on its penalties, per the new FCPA Corporate Enforcement Policy announced last November by the Justice Department.

Better late than never, even for ethical leadership. And the details of the Panasonic Avionics case will provide useful reminders to the corporate compliance community for quite some time.