FCPA Compliance and Ethics Blog

August 31, 2011

Due Diligence, Due Diligence and More Due Diligence

In an article published in the August 30, 2011 Wall Street Journal, entitled “Iran’s Hong Kong Shipping Shell Game”, Claudia Rosett reported on efforts by Iran to reflag ships to companies with Hong Kong registries. While the focus of the article seemed to point to the Office of Foreign Assets Control (OFAC) sanctions against US companies doing business with Iran, and other trade sanctions issues, there was one paragraph that spoke to issue of due diligence under the Foreign Corrupt Practices Act (FCPA). The FCPA issue raised is that of continued due diligence of an agent after a contract is signed and the relationship established.

Author Rosett reported on the efforts of the Port of San Antonio (Texas) to increase its shipping and air freight between Asia and the trade corridor connecting San Antonio with the Mexican port of Lazaro Cardenas. Apparently the Port of San Antonio has been working with an agent, referred to in the article as Mr. Mak, of a Hong Kong company named H&T International Transport Limited (H&T). It turns out that Mr. Mak and H&T are also agents for Iranian shipping companies.

As interesting as that might seem, that was not the part which caught my eye, it was the following:

In a recent phone interview, Port San Antonio’s vice president for business development, Jorge Canavati, said the Port San Antonio authorities have continued to work with H&T’s Mr. Mak: “We’re developing projects together.” He said Mr. Mak had not informed him that H&T in Hong Kong has been serving as an agent for 19 ships on Treasury’s Iran sanctions blacklist.”

If there is anyone out there subject to the FCPA who thinks they will be absolved of FCPA liability if their agent does not inform them that they also represent ships owned by Iran’s state shipping company? If so, please do not raise your hand.

I thought that this might be a good lesson learned for the following proposition. Even if you have done all the background due diligence that is appropriate for a foreign agent, it is the responsibility of the US company to perform additional due diligence, at a minimum, every three years. The better practice would be every two years because your agency agreement should only be for two years. Rosett reported in her article that Mr. Mak and H&T had been working with the Port of San Antonio since at least 2008.

I also thought it might be pertinent to assess the steps that a company should take in performing this due diligence. The review process should contain, at a minimum, inquiries into the following areas:

Need for the relationship with an Agent: The Company Business Team or Business Person should articulate the business case for the proposed Agent relationship. This must be approved by management before it goes to legal or compliance for review.

Credentials: List the critical reasons for selection of the proposed Agent. This should include a discussion of the business partner’s background and experience.

Ownership Structure: Describe whether the proposed Agent is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials?

Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed Agent. Obtain financial records, audited for 3 to 5 years, if available.

Personnel: Determine whether the Agent will be providing personnel, particularly whether any of the employees are government officials. Obtain the names and titles of those who will provide services to the US Company.

Physical Facilities: Describe what physical facilities will be provided by the Agent. Who will provide the necessary capital for their upkeep?

Reputation: Describe the business reputation of the proposed Agent in its geographic and industry-sector markets.

These inquiries are required under the US Federal Sentencing Guidelines and the guidance offered by the Department of Justice (DOJ) Opinion Releases and the publicly released Plea Agreements and Deferred Prosecution Agreements (DPA) entered into by US companies who admit to violating the FCPA. This due diligence should be recorded and maintained by the US Company for review, if required, by a governmental agency. Some of the due diligence can be handled by the US Company’s in-house legal and/or compliance groups. However, it is recommended that for any high risk Agent, an outside forensic auditing firm and outside legal counsel be retained to conduct the due diligence investigations. This brings a level of expertise usually not available within a corporation plus an outside perspective less susceptible to in-company business pressures.
After this initial inquiry is concluded the US Company should move forward to perform a background check on a prospective Agent by using the following resources:

References: Obtain and contact a list of business references.

Embassy Check: Obtain information regarding the intended business partner from the local US Embassy or a Commerce Department report such as an International Company Profile Report.

Compliance Verification: Determine if the Agent, and those persons within the Agent who will be providing services to the US Company, have reviewed or received FCPA training.

Foreign Country Check: Have an independent third party, such as a law firm, investigate the business partner in its home country to determine compliance with its home country’s laws, licensing requirements and regulations.

Cooperation and Attitude: One of the most important inquiries is not legal but based upon the response and cooperation of the Agent. Did the business partner object to any portion of the due diligence process? Did it object to the scope, coverage or purpose of the FCPA? In short, is the business partner a person or entity that the US Company is willing to stand up with under the FCPA?

After a company completes these due diligence steps, there should be a thorough review by the Board, or other dedicated Management Committee, on the qualifications of the proposed foreign business relationship partner. It is critical that the reviewing Committee is not subordinate to the US company’s business unit which is responsible for the business transactions with the Agent. This review should examine the adequacy of due diligence performed in connection with the selection of overseas partners, as well as the Agent’s selection of subcontractors and consultants which will be used for business development on behalf of the US Company.

The steps listed herein do not include the use of, or continued management of, an Agent. These steps need to be taken by all US Companies entering into, or already engaged in, a relationship with an Agent as the FCPA applies to all US Companies, whether public or private. Remember, due diligence, due diligence and once that has been completed; more due diligence.

And never, ever, ever rely on the fact that the agent did not tell you and your company that they also represent Iranian shipping lines.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

2 Comments »

  1. Is it legally mandated that an IDD be conducted at least every three years (and if so, where), or is this a professional recommendation?

    Comment by keryder — September 1, 2011 @ 7:31 am | Reply

    • The best practice would be every two years. Three years would be the very outside of reasonable compliance programs. For legal mandates I would suggest you review the US Sentencing Guidelines, various DPAs and NPAs, OCED Good Practices and Bribery Act Adequate Procedures.

      Comment by tfoxlaw — September 1, 2011 @ 9:05 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 4,816 other followers

%d bloggers like this: