Yesterday we participated in a workshop at the 2011 SCCE Utilities & Energy Compliance and Ethics Conference with Scott Lane, President of the Red Flag Group. In his presentation, he discussed a White Paper that he and his colleague James Walton recently released entitled, “Best Practices in Conducting FCPA /Anti-bribery Due Diligence”. We went back and read the article and found it to be an excellent resource for many questions relating to due diligence as required by the Foreign Corrupt Practices Act (FCPA) or any best practices anti-bribery and anti-corruption program. Today we will focus on the question of how often should a company perform due diligence on its foreign business relationships.
Lane and Walton begin by noting that due diligence is very hard to keep consistent as no two are ever the same. They believe it is important to keep a close watch on information sources, to search for improved providers, and ensure that the information you are looking at is useful for the business needs. The specific time frame for ongoing due diligence depends on the risk profile of a company’s foreign business relationship. They provide three benchmarks: (1) annually; (2) biennially; or (3) at contract renewal.
In making this determination, the authors suggest several risk factors which a company should evaluate in making this determination regarding the frequency of due diligence. these include:
Physical allocation of the partner: The authors define this risk as whether the foreign business partner is located in, or providing services to your company in a geographic area recognized as a high risk country. Reference can be made to the Transparency International Corruption Perceptions Index or another recognized country risk rating such as Country-Check.
Findings of the original due diligence: The authors define this factor as one based upon prior due diligence investigation. The key issues here are (1) were any Red Flags identified and (2) how were these Red Flags cleared? It is assumed that if a Red Flag was raised in prior due diligence, then the Red Flag was cleared to enable the business relationship to come into existence. This also brings up an important point about Red Flags that is often overlooked. A Red Flag should not automatically mean that a foreign company cannot become a foreign business partner of your company. It does mean that the Red Flag must be investigated and cleared before such a foreign business relationship is created.
Type of partner: There are a side variety of foreign business relationship which require due diligence under the FCPA. As noted in several recent Deferred Prosecution Agreements, Alcatel-Lucent, Maxwell Technologies and the Panalpina settlements, these can include resellers, agents, intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia and joint venture partners. Those foreign business partners which are actively promoting your company in the market place put your company at the greatest risk and should therefore require more due diligence.
Type of customers the partner sells to: Most companies understand the motto “Know Your Customer” but under FPCA, and other anti-bribery best practices, your company must also know the customers that your foreign business partner sells to or, in any other manner, interacts with. The more interaction with foreign governmental officials that your foreign business partner engages in, the more due diligence scrutiny is appropriate.
Amount of business being transacted by the partner: The authors point to this risk factor by noting that a company should keep a close watch on the dollar volume of business that it may engage in with a foreign business representative. We would suggest that a company should also review the relevant percentages of services or goods sold or services rendered for each foreign business partner. A company should certainly desire to know if a certain vendor provided a very high percentage of raw materials or any services critical to the delivery of products. Additionally if most, or all, of a company’s products are sold by or through one foreign business partner, this may call for greater due diligence scrutiny.
The authors end by noting that they believe the ideal solution for renewal of due diligence is a mixed approach based on risk. In most cases, renewals should be done annually or at least every two years. However, best practice also requires regularly checking whether the partner, or its directors, shareholders or senior executives are listed on any watch lists. This should be completed periodically – at least monthly.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2011
FCPA Compliance and Ethics Blog 