As a father, I have come to appreciate Shakespeare’s Henry IV more and more; particularly more than I did when I was only a son. Part of the play deals with how Henry IV got his crown, by deposing Richard II and the battles he had to fight to keep it. But a large part of the play deals with his riotous son, Hal, drinking and philandering with Falstaff before he grew into the great monarch Henry V. With that in mind, we continue our exploration of the Six Principles of an Adequate Procedures compliance defense with a look at Principle IV – Due Diligence.
Principle IV of the Six Principles of an Adequate Procedures compliance program states, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of Principle IV is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company, whether on the sales and distribution side or in the supply chain, from bribing on their behalf. The Guidance recognizes that Due Diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The Guidance believes that Due Diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”
II. Who is an Associated Person?
Who is an Associated Person? The Guidance intones that a company is liable if a person ‘associated’ with it bribes another person intending to obtain, retain or a gain an advantage for the business. The definition is quite broad and is applicable to basically anyone who ‘performs services’ for or on behalf of the business. This can be an individual, an incorporated entity or unincorporated body. The capacity in which the services are provided is not dispositive, so employees, agents and subsidiaries are included. This also means that a supplier can properly be said to be performing services for a company rather than simply acting as the seller of goods, it may also be an ‘associated’ person. Taken further, if a supply chain involves several entities, or a project is to be performed by a prime contractor with a series of sub-contractors, a business is likely to only exercise control over its relationship with its contractual counterpart and this means a company could have responsibility for those acting on its behalf in a wide range of arenas, with a wide range of titles. This could include all of the following: agent, sales agent, reseller, distributor, partner, joint ventures, consortium partner, contractor, subcontractor, vendor, supplier, affiliate, subsidiary or any other similar moniker.
III. Joint Ventures
As for joint ventures (JV), these come in many different forms, sometimes operating through a separate legal entity, but at other times through contractual arrangements. In the case of a JV operating through a separate legal entity, a bribe paid by the JV may lead to liability for a member of the JV if the JV is performing services for the member and the bribe is paid with the intention of benefiting that member. However, the existence of a JV entity will not of itself mean that it is ‘associated’ with any of its members. A bribe paid on behalf of the JV entity by one of its employees or agents will therefore not trigger liability for members of the JV simply by virtue of them benefiting indirectly from the bribe through their investment in or ownership of the JV.
The situation will be different where the JV is conducted through a contractual arrangement. The degree of control that a participant has over that arrangement is likely to be one of the ‘relevant circumstances’ that would be taken into account in deciding whether a person who paid a bribe in the conduct of the JV business was ‘performing services for or on behalf of’ a participant in that arrangement. It may be, for example, that an employee of such a participant who has paid a bribe in order to benefit his employer is not to be regarded as a person ‘associated’ with all the other participants in the JV. Ordinarily, the employee of a participant will be presumed to be a person performing services for and on behalf of his employer. Likewise, an agent engaged by a participant in a contractual JV is likely to be regarded as a person associated with that participant in the absence of evidence that the agent is acting on behalf of the contractual JV as a whole.
Maintaining a consistent theme throughout this Guidance on the Six Principles of an Adequate Procedures anti-bribery program, it is incumbent that a company’s Due Diligence procedures should be proportionate to the identified risk. Due diligence should be conducted using a risk-based approach. For example, in lower risk situations, companies may decide that there is no need to conduct much in the way of due diligence. In higher risk situations, due diligence may include conducting direct interrogative enquiries, indirect investigations, or general research on proposed associated persons.
However, the appropriate level of Due Diligence to prevent bribery will vary enormously depending on the risks arising from the particular relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology (IT) services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering into the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.
One company I know, The Risk Advisory Group, has put together a handy chart of its Level One, Two and Three approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence.
|Level||Issues Addressed||Scope of Investigation|
|Two||As above with the following additions:
||As above with the following additions:
|Three||As above with the following additions:
||As above with the following additions:
The Guidance suggests that more information is likely to be required from companies than from individuals because on a basic level more individuals are likely to be involved in the performance of services by a company and the exact nature of the roles of such individuals or other connected bodies may not be immediately obvious. Therefore a business seeking to retain another company as a business partner should engage in greater Due Diligence such as through direct requests for details on the background, expertise and business experience, of relevant individuals. Continued monitoring is also suggested, rather than simply annually or bi-annually.
So what’s the message from Henry IV? It is to soldier on, keep the faith that your son will eventually grow up and the keep your head about you. Principle IV of Adequate Procedures would seem to call for the same patient work. You should identify those parties that you need to investigate from an anti-bribery perspective, risk rank them and then perform the appropriate level of due diligence. If you need help determining what the appropriate level of due diligence is, you can always give the folks at The Risk Advisory Group a call.
Ed. Note-an earlier version of this post incorrectly identified its source of the chart as The Control Risk Group. The chart was provided to the author by The Risk Advisory, who consented to its inclusion in the is blog post.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2012