FCPA Compliance and Ethics Blog

February 28, 2011

After the Contract is Signed: How Frequently Should You Perform (FCPA) Due Diligence

Yesterday we participated in a workshop at the 2011 SCCE Utilities & Energy Compliance and Ethics Conference with Scott Lane, President of the Red Flag Group. In his presentation, he discussed a White Paper that he and his colleague James Walton recently released entitled, “Best Practices in Conducting FCPA /Anti-bribery Due Diligence”. We went back and read the article and found it to be an excellent resource for many questions relating to due diligence as required by the Foreign Corrupt Practices Act (FCPA) or any best practices anti-bribery and anti-corruption program. Today we will focus on the question of how often should a company perform due diligence on its foreign business relationships.

Lane and Walton begin by noting that due diligence is very hard to keep consistent as no two are ever the same. They believe it is important to keep a close watch on information sources, to search for improved providers, and ensure that the information you are looking at is useful for the business needs. The specific time frame for ongoing due diligence depends on the risk profile of a company’s foreign business relationship. They provide three benchmarks: (1) annually; (2) biennially; or (3) at contract renewal.

In making this determination, the authors suggest several risk factors which a company should evaluate in making this determination regarding the frequency of due diligence. these include:

Physical allocation of the partner: The authors define this risk as whether the foreign business partner is located in, or providing services to your company in a geographic area recognized as a high risk country. Reference can be made to the Transparency International Corruption Perceptions Index or another recognized country risk rating such as Country-Check.

Findings of the original due diligence: The authors define this factor as one based upon prior due diligence investigation. The key issues here are (1) were any Red Flags identified and (2) how were these Red Flags cleared?  It is assumed that if a Red Flag was raised in prior due diligence, then the Red Flag was cleared to enable the business relationship to come into existence. This also brings up an important point about Red Flags that is often overlooked. A Red Flag should not automatically mean that a foreign company cannot become a foreign business partner of your company. It does mean that the Red Flag must be investigated and cleared before such a foreign business relationship is created.

Type of partner: There are a side variety of foreign business relationship which require due diligence under the FCPA. As noted in several recent Deferred Prosecution Agreements, Alcatel-Lucent, Maxwell Technologies and the Panalpina settlements,  these can include resellers, agents, intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia and joint venture partners. Those foreign business partners which are actively promoting your company in the market place put your company at the greatest risk and should therefore require more due diligence.

Type of customers the partner sells to: Most companies understand the motto  “Know Your Customer” but under FPCA, and other anti-bribery best practices, your company must also know the customers that your foreign business partner sells to or, in any other manner, interacts with. The more interaction with foreign governmental officials that your foreign business partner engages in, the more due diligence scrutiny is appropriate.

Amount of business being transacted by the partner: The authors point to this risk factor by noting that a company should keep a close watch on the dollar volume of business that it may engage in with a foreign business representative. We would suggest that a company should also review the relevant percentages of services or goods sold or services rendered for each foreign business partner. A company should certainly desire to know if a certain vendor provided a very high percentage of raw materials or any services critical to the delivery of products. Additionally if most, or all, of a company’s products are sold by or through one foreign business partner, this may call for greater due diligence scrutiny.

The authors end by noting that they believe the ideal solution for renewal of due diligence is a mixed approach based on risk. In most cases, renewals should be done annually or at least every two years. However, best practice also requires regularly checking whether the partner, or its directors, shareholders or senior executives are listed on any watch lists. This should be completed periodically – at least monthly.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

 

1 Comment »

  1. Tom,

    Dead on. And you know how seldom I say that.

    Let me add two points. First, I worry that three standards—annually, biennially, and at contract renewal—presents too much of a challenge administratively for all but the most advanced programs. And potentially unnecessary. I would suggest, just to make life easier, one standard: contract renewal. But as part of the diligence process, higher risk third parties get their contacts renewed annually. This makes messaging infinitely easier, while removing a significant administrative burden and enhancing the diligence process.

    I would also suggest that the factors listed above are more relevant to the initial assessment. It seems to me that the subsequent re-assessments should be based entirely on the initial assessment. Does this third party still deserve the initial rating? The review should identify any delta from the first one: has ownership changed? Usually things like customer segmentation and industry are constants. I would ensure that the performance metrics which you should have set up were monitored and are in line with expectations. Has there been any negative news since the last review. You want to, in my opinion, keep subsequent reviews as easy to conduct, as simple, as possible. Someone is going to have to actually conduct these, which means they’ve just given up part of their resources for you. If you make it too much, they’ll go around you. And as I always say, I would rather have 2 controls that are religiously followed than 5 that are sporadic.

    Just one man’s opinion.

    Comment by Howard@OpenAir — February 28, 2011 @ 10:11 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: