Distributors | FCPA Compliance and Ethics Blog

December 12, 2014

Seamus Heaney and Compliance With a Seat at the Table

I have long been fascinated with the Irish poet Seamus Heaney. I came to know him thought his 1999 translation of Beowulf. While I was aware that he had been awarded the 1995 Nobel Prize for Literature, I did not know his work as an Irish poet. However, this was rectified in a piece in the Times Literary Supplement (TLS), entitled “A stay against confusion – Seamus Heaney and the Ireland of his time”, by Roy Foster. In this piece he reviewed the evolution of Heaney’s poetry through the 1960s and 1990s. Foster believed that Heaney’s work in many ways mimicked the growth that “Irish intellectual as well as social and economic life”. Heaney began as a ‘nuts and bolts’ type of poet and moved to become a Yeatsian figure as the national poet of Ireland.

I thought about that growth and Foster’s article when I considered the question of what happens if you seek for something and then actually get it? For instance, you may have wanted a seat at the C-Suite table as a Chief Compliance Officer (CCO) and now you have one. What happens now, for instance in the situation where you find out that your company has decided to enter a new overseas market with a new product offering? The Chief Executive Officer (CEO) who championed you coming onboard with the big boys (or perhaps big girls) team looks down and says, “We need an analysis from the compliance perspective by the end of the week?” Where do you begin?

Obviously there are some preconditions for success such as your company should have a product that you can make and sell overseas for a profit. Further, you should have the time, money and sophistication to develop an international distribution network and you have the home office infrastructure to support a truly international business. Finally, you should have a senior management with at least an appreciation of compliance challenges in the target, with the personnel, technological solutions and internal training to address and meet these challenges. As you begin to think through this assignment you fall back on the four basic questions of (1) Who will we sell to? (2) What are we going to sell? (3) Where will we sell? (4) How will we sell?

Who will we sell to?

For any anti-corruption analysis you need to begin here as the Foreign Corrupt Practices Act (FCPA) applies to commercial relationships with foreign governments or instrumentalities such as state owned enterprises. Will your end using-direct customers be foreign governments or privately owned companies? What if your customers are distributors or other middlemen who will then sell to foreign governments or state owned enterprises? What about licenses; will you need special permits to sell to a foreign government or state owned enterprise or will you need some type of basic permit simply to transact business? If your company is subject to the UK Bribery Act this public/private distinction does not exist.

What are we going to sell?

What is the product or service you wish to take internationally? I will assume your company has done the market studies to ascertain it is a viable commercial concept. If it a product, is it a complete or partial product? Will you manufacture here in the US and only sell internationally or will you manufacture abroad as well? If it is here in the US, what about spare parts and accessories, will you need to obtain any licenses overseas? What about your technology, will that component require any licenses? If you will manufacture outside the corporate offices in the US, how will you assure quality in your supply chain? Conversely, if you manufacture in the US, do your supplier agreements allow you to resell outside the US?

Where will we sell?

This question may seem more important for export control issues; however it is also important in the anti-corruption world. Obviously this is because certain geographic areas are more prone to corruption than others. A starting place might be the Transparency International-Corruption Perception Index but you can also use tools such as the recently released TRACE Matrix which provides a much broader assessment of corruption indices and give you additional insight into a fuller panoply of corruption risks in a country. In addition to the basic corruption analysis you need to ascertain whether you can even sell your products in a new country, either because of US export regulations or the end using jurisdictions laws. You should also focus on the business culture of a country and whether it is compatible in doing business in compliance with relevant anti-corruption legislation. This will also help you in your search to find any local business partners.

How are you going to sell?

This is one of the most important questions you can ask under a FCPA analysis. It is because well over 90% of all FCPA enforcement actions involve third parties. If this is your first international sales effort, your company probably does not have an international based employee sales force. This means you will most probably need in-country partners for your target markets. Some of the most basic sales arrangements for third parties are as follows:

Agent/Sales Representative – This person or entity is an independent third party from the company. Compensation is usually commission based or combined with a periodic fee plus commission. It is generally viewed as the highest risk from the anti-corruption perspective but you will have a direct relationship with the end-using customer.
Distributor/Retailer – This person or entity is an independent third party from the company. Your company will sell to the distributor/retailer who then resells your product. You will have less visibility into the end user and hence a greater export control risk. Consignment is a variation on this model but if you are warehousing you will need to be aware of other US rules such as revenue recognition under US GAAP or local, indigenous rules on storage and warehousing.
Consultant – This is also an independent third party who is paid a periodic fee. The fee can be more easily assessed for an hourly or service based rather than simply a commission based fee structure.

There are some other sales arrangements that you may whish to consider. You can acquire a local business and run it as your own company. Of course if you do so, you may buy all of these liabilities, both known and unknown. You can joint venture with another local company. Here you may have the dual problems of less actual control yet the same amount of potential exposure, particularly under the FCPA if you fail to perform the requisite pre-acquisition due diligence and allow any illegal conduct to continue going forward. You can issue a manufacturing license to an in-country manufacturer and allow them to make and then sell your product using your technology. Finally, you can issue a brand license where you license an existing company to put your brand name on your product manufactured by another entity. Of course if you use any of these types of arrangements you will need to go through a full third party management cycle; consisting of a business justification, questionnaire, due diligence, contract and management thereafter.

From the internal control perspective you will need to make sure you have several key compliance related controls in place. This will include the aforementioned vetting of all customers and third parties; appropriate controls over each transaction, including both quotes and contracts; empowered and non-conflicted employees; and finally training and self-auditing. You will need separate controls over payment terms and payment mechanisms and controls to align shipping and export controls. Finally, do not forget the omnipresent segregation of duties and control over the vendor master file.

Lastly, you should focus on your high-risk points in any of the above. These include your full vetting and management of third parties. You should pay attention as to how you became aware of these third party sales representatives. You will also need to pay attention to your freight forwarders and other export control representatives. You will need to be vigilant going forward for outright bribes paid in either cash or other values such as free products, lavish travel, gifts and entertainment, especially if the travel has no business purpose.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Leave a Comment

February 27, 2014

Alfred the Great, GE and the Management of Third Party Risk

Filed under: Agents,Best Practices,compliance programs,Culture,Department of Justice,Distributors,Due Diligence,Ethical Leadership,Ethics,FCPA,FCPA Guidance,Foeign Business Partner,Third parties — tfoxlaw @ 12:01 am
Tags: best practices, compliance, compliance programs, Department of Justice, DOJ, FCPA

I am currently studying Medieval England including the reign of Alfred the Great. As you might expect with someone monikered as ‘The Great’ he is certainly considered right up there with the greatest Kings of England. Not only did he largely drive out the Viking invaders from his country but he also set the stage for the unification of England under one crown, for the first time since the days of Roman Britain under the Caesars. One of the innovations he developed was fortified towns, called burgs, from which to resist Viking raids and incursion. But more than simply walled cities for defense, within these fortified towns was a wide road running down the middle of the town called the ‘High Street’ and a street situated next to the town’s walls appropriately called ‘Wall Street’. These streets were wider than the others in the town to facilitate the movement of troops in the time of crisis, such as a Viking raid. In other words, Alfred evaluated the risk to his kingdom and put multiple layers of steps into place to manage those risks.

In the Foreign Corrupt Practices Act (FCPA) compliance world, one of the key components that the Department of Justice (DOJ) wants to see is a risk assessment and a company managing its risks, based upon said risk assessment. One company’s response to a risk or set of risks does not necessarily mean that another company must follow it. The DOJ’s Ten Hallmarks of an Effective Compliance Program are broad enough to allow companies to manage their own risks, hopefully effectively. I thought about this concept when I was listening to a presentation by Flora Francis and Andrew Baird of GE Oil & Gas at the 2014 SCCE Utility and Energy Conference in Houston this week on GE’s third party risk management. First of all, if you have the chance to hear a couple of nuts and bolts compliance practitioners from GE like these two speak, run, don’t walk, to their presentation. GE’s commitment to compliance is well known but also the company’s willingness to share about their compliance program is a great boon to the compliance community. Lastly, is the gold-standard nature of the GE compliance program and while it may be more than your company needs to manage their own risks, the GE compliance regime does shine a light that we can all aspire to in our own compliance programs.

Both speakers made clear that GE’s program was the company’s response to its assessed risks. Further, the compliance program has evolved, not only as the company’s risks have evolved but also as the company has determined what works and does not work as well. Within the realm of third parties’ the prescient question from compliance to the business unit would be ‘What is your “Go To Market Strategy” and how will your use of third parties assist you in carrying out that strategy?’ Some of the factors the speakers cited could include your company’s market coverage strategy, product segmentation, pricing and margin expectation, an added capability which your company may not possess such as technology, and finally there could be local legal requirements for a local content third party in certain countries.

Some of the factors which GE considers, when evaluating a third party, include the following:

Business Model: Do we need third parties to reach our customers or can we build the organization ourselves?
In-house Capabilities: Do we already have the organization in place to handle these capabilities?
Overlap: Do we already have a third party in the region/country that can handle our needs?
Volume of Business: How much business will this third party bring to the company?
Compliance Risk: Where is the third party located? Will they interact with government officials? Do they have same commitment to compliance?
Regulatory Environment: Is it simple or strict? What are the chances of regulatory violations?
Reputation: What is the third party’s reputation in the market?

I was also intrigued to learn about the risk analysis process that GE uses with its third parties. Initially the process breaks the risks down into low risk and high risk. A low risk received a limited review and analysis, while a high risk receives an escalated review and analysis consisting of the following reviews: compliance, legal, business leadership and finance.

But more than simply the level of review, I was interested in the ‘Risk Score Drivers’ that GE has developed. Once again, the speakers emphasized that these are GE’s risk score drivers and have been developed over time through the company’s internal analysis and processes. Nevertheless I found them to be a very useful way to think about third party risk. The risk score drivers listed were:

Country channel where the third party is located in or where it sells into;
Experience by the third party with the sales channel;
Type of third party involved; agent, reseller, distributor;
Commission rate, is it standard v. non-standard;
Will any sub-third party relationships be involved;
Will the third party sell to government entity or instrumentality;
Do any of the third party’s principals, Officers or Agents work for a foreign government, state owned enterprise or political party;
Was the third party mandated by customer or the end user;
What is the third party’s contract duration;
Is the third party involved in more than one project;
Does the third party have any historical compliance issues;
What is the percent of sales with products or services; and
What is GE’s annual revenue with the third party?

GE compliance then takes these scoring factors and puts them into an evaluation matrix when determining the amount of risk involved and whether or not the company should move forward with a proposed third party. If the decision is made to move forward and create a commercial relationship, the third part must agree to commit to the compliance standards of GE; stay current with and obey all applicable legal and regulatory provisions; comply with all contractual provisions; grant to GE audit rights; agree to report any compliance violations; certify to all compliance requirements on a regular basis; receive and complete compliance training and to allow regular site visits. GE also requires each third party to have a relationship manager assigned to it who is there to establish ongoing communication, provide ongoing training and to provide a platform for business improvement. Internally GE has processes in place to refresh due diligence; review, renew and update as appropriate contracts; conduct regular site visits and periodic audits.

Flora and Andrew ended their presentation with the following quote from the US Sentencing Guidelines about the question – ‘When is Enough, Enough?’ When you can show the government agency asking that you have taken appropriate steps to design, implement, and enforce a compliance program that is generally effective in preventing and detecting criminal conduct.

Their presentation was an excellent mechanism for the compliance practitioner to assess their third party management program. Although they made clear that this program was not for all companies, there is enough meat present for anyone to use in evaluating where you might be and where you might need to go in management of your third parties. And just as Alfred the Great constructed a defense-in-depth in his fortified towns, so the GE program for the management of third party risk has several layers of protection so that when the crisis does arise, they can adequately respond when the government comes knocking.

© Thomas R. Fox, 2014

Comments (1)

December 4, 2013

The Weatherford FCPA Settlement, Part III

Yesterday, I reviewed the conduct which Weatherford International Limited (Weatherford) engaged in over a period from 2002-2011 in connection with its Foreign Corrupt Practices Act (FCPA) investigation, noted the deficiencies in its compliance program and its internal controls and even how the company intentionally impeded the investigations of both the Department of Justice (DOJ) and Securities and Exchange Commission (SEC). Today, I want to look at how the company changed course in mid-stream during the investigation, brought in a top-notch and well respected lawyer as its Chief Compliance Officer (CCO), created a best-in-class compliance program; all of which saved the company millions of dollars in potential fines and penalties.

I. DOJ Fine Calculation

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ. There was also another $65.6 million paid to the SEC. However the figure paid to the DOJ was at the very bottom range of a potential criminal penalty. The range listed in the DPA was from $87.2 to $174.3 million. In coming up with this range under the Federal Sentencing Guidelines, it is significant for the actions that Weatherford did not receive credit for during the pendency of the investigation. The company did not receive a credit for self-reporting. The company only received a -2 for its cooperation because prior to 2008 the company engaged in activities to impede the regulators’ investigation.

So the fine range could have been more favorable to the company. But the key is that Weatherford received the low end of the range. How did they do this?

A. New Sheriff in Town

One of the key things Weatherford did was bring in Billy Jacobson as its CCO and give him a seat at the table of the company’s Executive Board. He was a Federal Prosecutor in the Fraud Section, Criminal Division, US Department of Justice. He also served as an Assistant Chief for FCPA Enforcement Department so we can assume he understood the FCPA and how prosecutors think through issues. (Jacobson also worked as a State Prosecutor in New York City, with my former This Week in FCPA co-host Howard Sklar, so shout out to Howard.) Jacobson was not hired directly from the DOJ but after he had left the DOJ and had gone into private practice. There is nothing that shows credibility like bringing in a respected subject matter expert and giving that person the tools and resources to turn things around.

But more than simply bringing in a new sheriff, Weatherford turned this talk into action by substantially increasing its cooperation with the government, thoroughly investigating all issues, turning over the results to the DOJ and SEC and providing literally millions of pages of documents to the regulators. The company also cleaned house by terminating officers and employees who were responsible for the illegal conduct.

B. Increase in Compliance Function

In addition to establishing Jacobson in the high level CCO position, the company significantly increased the size of its compliance department by hiring 38 compliance professionals and conducted 30 anti-corruption compliance reviews in the countries in which Weatherford operates. This included the hiring of outside consultants to assess and review the company’s compliance program and beefing up due diligence on all third parties, including those in the sales and supply chain, joint venture (JV) partners and merger or acquisition (M&A) candidates. The company also agreed to continue to enhance its internal controls and books and records to prevent and/or detect future suspect conduct.

If you have ever heard any of the current Weatherford compliance professionals speak at FCPA conferences, you can appreciate that they are first rate; that they know their stuff and the company supports their efforts on an ongoing basis.

C. Best in Class Compliance Program

During the pendency of the investigation, Weatherford moved to create a best practices compliance program. They appear to have done so and agreed in the DPA to continue to maintain such a compliance program. Under Schedule C to the DPA, it set out the compliance program which the company had implemented and continued to keep in place, at least during the length of the DPA. It included the following components.

High level commitment from company officials and senior management to do business in compliance with the FCPA.
A substantive written anti-corruption compliance code of conduct.
Written policies and procedures to implement this code of conduct.
A robust system of internal controls, including accounting and financial controls.
Risk assessments and risk reviews of its ongoing business.
No less than annual assessments of its overall compliance program.
Appropriate oversight and responsibility of a Chief Compliance Officer.
Effective training for all employees and relevant third parties.
An effective compliance function which can provide guidance to company employees.
A robust internal reporting system.
Effective investigations of any reported compliance issue.
Appropriate incentives for employees to do business ethically and in compliance.
Enforced discipline for any employee who violates the company’s compliance program.
Suitable due diligence and management of third parties and business partners.
A correct level of pre-acquisition due diligence for any merger or acquisition candidate, including a risk assessment and reporting to the DOJ if the company uncovers and FCPA-violative conduct during this pre-acquisition phase.
As soon as practicable, Weatherford will integrate any newly acquired entity into its compliance regime, including training of all relevant new employees, a FCPA forensic audit and reporting of any ongoing violations.
Ongoing monitoring, testing and auditing of the company’s compliance function, taking into account any “relevant developments in the field and the evolving international and industry standards.”

D. Monitor

Weatherford also agreed to an external monitor. However, the term of the monitor is not the entire length of the three-year DPA; the term of the monitor is only 18 months. The monitor’s primary function is to assess the company’s compliance with the terms of the DPA and report the results to the DOJ at least twice during the terms of the monitorship. After this 18 month term the DOJ will allow the company to self-report to the regulators. It should be noted that the term of the external monitor can be extended by the DOJ.

II. Conclusion

It certainly has been a long, strange journey for Weatherford. I should note that I have not discussed at all the Oil-For-Food aspect of this settlement, which was an additional $100MM penalty to the company. However, with regard to the FCPA aspects of the matter, there are some very solid and telling lessons to be drawn from this case. First and foremost is that cooperation is always the key. But more than simply cooperating in the investigation is that a company should take a pro-active approach to putting a best-in-class compliance program in place during, rather than after the investigation concludes. Also, a company cannot simply ‘talk-the-talk’ but must come through and do the work to gain the credit. The bribery schemes that the company had engaged in and the systemic failures of its compliance program and internal controls, should serve as a good set of examples for the compliance practitioner to use in assessing a compliance program.

The settlement also sends a clear message from both the DOJ and SEC on not only what type of conduct will be rewarded under the US Sentencing Guidelines, but what they expect as a compliance program. One does not have read tea leaves or attempt to divine what might be an appropriate commitment to compliance to see what the regulators expect these day.

© Thomas R. Fox, 2013

Leave a Comment

December 3, 2013

The Weatherford FCPA Settlement, Part II

Yesterday, I reviewed the Weatherford International Limited (Weatherford) Foreign Corrupt Practices Act (FCPA) settlement. Today I will take a more focused look at the bribery schemes involved and the failure of the company to bring internal controls up to standard or even follow its own compliance program. Weatherford’s compliance program was a joke but worse was its conduct, which many in the company knew was illegal and reported internally but the company did not stop the conduct. The company also, early on in the investigation, actively impeded regulators access to personnel and documents. However, and this is one of the key messages from the Weatherford FCPA enforcement action, the company truly ‘turned it around’. Tomorrow we will explore how the company made this dramatic turnaround.

The bribery schemes had four basic scenarios and, for those of you keeping score at home, I have summarized them below.

I. Corrupt Conduct

Weatherford Bribery Box Score

Country	Bribery Scheme	Government or SOE Official Involved	Amount of Bribe Paid
Angola	Payments through 3^rd parties	Sonagol Drilling Manager	$250K
Angola	JV Partners	Government Ministers, wives and other relatives	$810K
Congo	Payments thru 3^rd parties	SOE officials	$500K
Middle East Countries	Unauthorized distributor discounts	SOE officials	$11.8MM
Algeria	Improper travel and entertainment	SOE officials	$35K
Albania	Misappropriation of company funds	Tax Auditors	$41K

Angola

In Angola two separate bribery schemes were used. The first involved payment of a $250,000 bribe to the Sonagol Drilling Manager. To funnel the bribe the company retained a Swiss agent who paid the money. This Swiss agent billed Weatherford for non-existent and fraudulent services. He would retain a percentage of the total he billed as a commission and would pass the remainder to the Sonagol Drilling Manager. The bribery of the Drilling Manager also included a week long, all-expenses paid trip to Italy and Portugal, where only one of the days was business related.

The company continued this further creativity when it set up a joint venture (JV) which had two local JV partners, JV Partner A and JV Partner B. Partner A consisted of Sonagol government officials, their wives and other relatives and held a 45% stake in the overall JV. JV Partner B’s principals included the relative of an Angolan Minister, the relative’s spouse, and another Angolan official. It held 10% of the overall JV interest. Neither of these JV Partners contributed capital, expertise or labor to the JV. In addition to the straight quid pro quo of awarding Weatherford 100% of the Angolan well screens market, these JV Partners had contracts which were awarded to Weatherford competitors, revoked after the initial award and then awarded them to Weatherford.

Congo

In the Congo, Weatherford made over $500,000 in commercial bribe payments through the same Swiss Agent they had utilized in the initial Angolan bribery scheme to employees of a commercial customer, a wholly-owned subsidiary of an Italian energy company, between March 2002 and December 2008. The Swiss Agent’s role in the scheme included submitting false invoices and sending payments to individuals as directed by Weatherford Services Limited (WSL) employees and others. WSL employees created and sent false work orders to the Swiss Agent. The Swiss Agent, WSL employees and others knew the services would not be performed and that the work orders were a pretext to funnel money to the Swiss Agent. The Swiss Agent forwarded the money, less a commission, once again based on fraudulent invoices for non-existent services.

The Middle East

In certain un-named Middle Eastern countries between the years of 2005 and 2011 another Weatherford subsidiary employed another bribery scheme to funnel payments to officials of state owned National Oil Company (NOC). This bribery scheme entailed the awarding of improper “volume discounts” to a company that served as an agent, distributor and reseller which supplied Weatherford products to a state-owned and controlled NOC, believing that those discounts were being used to create a slush fund with which to make bribe payments to decision makers at the NOC.

The Securities and Exchange Commission (SEC) Complaint noted that as early as 2001, officials at the un-named national oil company directed Weatherford to sell goods to the company through a particular distributor. Prior to entering into the contract with the distributor, Weatherford did not conduct any due diligence on the distributor, despite: (a) the fact that the distributor would be furnishing Weatherford goods directly to an instrumentality of a foreign government; (b) the fact that a foreign official had specifically directed the company to contract with that particular distributor; and (c) the fact that Weatherford executives knew that a member of the country’s royal family had an ownership interest in the distributor. In late 2001, the company entered into a representation agreement with the distributor to sell its Completion and Production Systems products to the NOC.

Thereafter, the distributor created a slush fund by providing the distributor with unauthorized volume and pricing discounts, in addition to the agent’s 5% commission. Company employees intended that the slush fund would be used to pay officials at the un-named NOC. The “volume discounts” to the distributor were typically between 5-l0% of the contact price. The discounts allowed the distributor to accumulate funds which were used to pay bribes to the NOC officials.

Algeria

Weatherford also provided improper travel and entertainment to officials of the Algerian NOC, Sonatrach, which did not have any legitimate business purpose. The SEC Complaint detailed the following improper travel and entertainment provided to Sonatrach officials:

June 2006 trip by two Sonatrach officials to the FIFA World Cup soccer tournament in Hanover, Germany;
July 2006 honeymoon trip of the daughter of a Sonatrach official; and
October 2005 trip by a Sonatrach employee and his family to Jeddah, Saudi Arabia, for religious reasons that were improperly booked as a donation.

In addition, on at least two other occasions, Weatherford provided Sonatrach officials with cash sums while they were visiting Houston. For example, in May 2007, Weatherford paid for four Sonatrach officials, including a tender committee official, to attend a conference in Houston. Further, the company provided an approximate $24,000 cash advance for the trip where there was no evidence of any legitimate business purpose or promotional expenses.

Albania

In Albania, Weatherford had a tax evaluation problem. To deal with this issue the general manager and financial manager of the company’s Italian subsidiary misappropriated over $200,000 of company funds, to fund a bribery scheme involving Albanian tax auditors. The general manager, financial manager and the Albania country manager made $41,000 in payments to Albanian tax auditors who questioned details of the company’s accounts and demanded payment to close out the audit or speed up the certification process in 2001, 2002 and 2004.

The general manager and financial manager misappropriated the funds by taking advantage of Weatherford’s inadequate system of internal accounting controls. They misreported cash advances, diverted payments on previously paid invoices, misappropriated government rebate checks and received reimbursement of expenses that did not relate to business activities. A memo drafted by the general manager and financial manager in the months after their co-worker confronted them discussed the misappropriated funds and indicated that funds were paid to tax auditors in Albania and others for the benefit of Weatherford. This was the bribery scheme which was reported to the company and the internal whistle-blower employee was terminated.

II. Program Deficiencies Lack of Cooperation

The DPA laid out in equally stark terms the complete and utter disregard, non-existence of and/or complete failure of any systemic compliance program, prior to 2008. These deficiencies included:

Failure to establish internal accounting controls to prevent bribery and corruption;
Failure to perform due diligence on any prospective third parties, including who they were, ultimate beneficial ownership and business justifications;
Failure to perform due diligence or in any meaningful manage joint venture partners;
Failure to have any meaningful internal controls for gifts, travel and entertainment;
No effective internal reporting system for FCPA violations or issues; and
(Most amazingly) No Chief Compliance Officer or even compliance professionals in a multi-billion dollar, multi-national company in the energy industry.

In addition to all of the above, Weatherford engaged in active conduct to impede the investigations of both the SEC and DOJ. In one instance, the company told investigators that a key witness was dead when he was not only still alive and well but working for Weatherford. In other instances, the company, emails were deleted by employees prior to the imaging of their computers. It was also noted that Weatherford failed to secure important computers and documents and allowed potentially complicit employees to collect documents subpoenaed by the staff.

Tomorrow, the Weatherford compliance comeback.

© Thomas R. Fox, 2013

Comments (2)

December 2, 2013

The Weatherford FCPA Settlement, Part I

Last week Weatherford International Limited (Weatherford) concluded one of the longest running open Foreign Corrupt Practices Act (FCPA) investigations when it agreed to the ninth largest FCPA fine of all-time and one of its subsidiaries, Weatherford Services Limited (WSL), agreed to plead guilty to violating the anti-bribery provisions of the FCPA. The total amount of fines and penalties for the FCPA violations was $152.6 million. The company was also hit with another $100 million in fines and penalties for trade sanctions bringing its total amount paid to $252.6 million.

The bribery schemes that Weatherford used were varied but stunning in their brazen nature. Further, early on in the investigation, the company thumbed its nose at the Department of Justice (DOJ) by refusing to cooperate in any meaningful way and actually destroying documents and computer hard drives rather than turn over relevant documents. There were also examples of internal company whistleblowers, who were either ignored or, worse, terminated when they internally reported illegal conduct which violated the FCPA. Lastly, the company did not self-disclose their conduct so things started out badly, badly, did I say badly, for the company. But in spite of how things began, Weatherford was able to make a turnaround and substantially improve its position by reversing this initial nose-thumbing at US regulators. Over the next three blog posts I will explore the bribery schemes involved, how the company’s new-found attitude led to lower fines that might otherwise have been expected and what the lessons are for the compliance practitioner going forward.

DOJ Criminal Information and Deferred Prosecution Agreement

To resolve the criminal aspects of this case, Weatherford agreed to pay an $87.2 million criminal penalty as part of a Deferred Prosecution Agreement (DPA) with the DOJ.

In the Information filed as a part of the resolution reveals that company employees established and operated a joint venture (JV) in Africa with two local entities controlled by foreign officials and their relatives from 2004 through at least 2008. These foreign officials selected the entities with which WSL would partner and the company knew that the members of the local entities included foreign officials’ relatives and associates. The sole purpose of those local entities was to serve as conduits through which WSL pay bribes to the foreign officials controlling them as neither of the JV partners contributed capital, expertise or labor to the JV. In exchange for the illegal payments they received, through the JV, lucrative contracts, gave WSL inside information about competitors’ pricing, and took contracts away from WSL’s competitors and awarded them to the JV.

The Information also noted that Weatherford knowingly failed to establish an effective system of internal accounting controls designed to detect and prevent corruption, including FCPA violations. The company failed to implement these internal controls despite operating in an industry with a substantial corruption risk profile and despite growing its global footprint in large part by purchasing existing companies, often themselves in countries with high corruption risks. As a result, a permissive and uncontrolled environment existed within which employees of certain Weatherford’s wholly owned subsidiaries in Africa and the Middle East were able to engage in corrupt conduct over the course of many years, including the bribery of foreign officials.

In yet another scheme detailed in the Information, a Weatherford employee in the Middle East, gave improper “volume discounts” to a distributor who supplied company products to a government-owned National Oil Company (NOC), believing that those discounts were being used to create a slush fund with which to make bribe payments to decision-makers at the NOC. Between 2005 and 2011, Weatherford Oil Tools Middle East Limited (WOTME) paid approximately $15 million in “volume discounts” to the distributor.

In its Press Release the DOJ also spoke to the nefarious conduct of the company. Acting Assistant Attorney General Raman was quoted as saying “This case demonstrates how loose controls and an anemic compliance environment can foster foreign bribery and fraud by a company’s subsidiaries around the globe. Although Weatherford’s extensive remediation and its efforts to improve its compliance functions are positive signs, the corrupt conduct of Weatherford International’s subsidiaries allowed it to earn millions of dollars in illicit profits, for which it is now paying a significant price.” He also said that “Effective internal accounting controls are not only good policy, they are required by law for publicly traded companies – and for good reason.” The Federal Bureau of Investigation (FBI) chimed in when Assistant Director in Charge Parlave said that “The FBI is committed to investigating corrupt backroom deals that influence contract procurement and threaten our global commerce.”

SEC Compliant

In its civil Complaint, the Securities and Exchange Commission (SEC) alleged that Weatherford and its subsidiaries falsified its books and records to conceal not only these illicit payments, but also commercial transactions with Cuba, Iran, Syria, and Sudan that violated US sanctions and export control laws. Further, the company failed to establish an effective system of internal accounting controls to monitor risks of improper payments and prevent or detect misconduct. The company obtained more than $59.3 million in profits from business obtained through improper payments, and more than $30 million in profits from its improper sales to sanctioned countries. This conduct lasted from 2002 up until 2011 and included the lack of internal controls plus the affirmative falsification of its books and records to facilitate the bribe payments. The payment of disgorgement, prejudgment interest, and civil penalties to the SEC was in the amount of $65,612,360.34.

As you would expect, the SEC focused on the company’s books and records violations. Andrew Ceresney, co-director of the SEC’s Enforcement Division, was quoted in the SEC’s Press Release that “The nonexistence of internal controls at Weatherford fostered an environment where employees across the globe engaged in bribery and failed to maintain accurate books and records,” said “They used code names like ‘Dubai across the water’ to conceal references to Iran in internal correspondence, placed key transaction documents in mislabeled binders, and created whatever bogus accounting and inventory records were necessary to hide illegal transactions.” Kara Brockmeyer, Chief of the SEC Enforcement Division’s FCPA Unit, said, “Whether the money went to tax auditors in Albania or officials at the state-owned oil company in Angola, bribes and improper payments were an accustomed way for Weatherford to conduct business. While the profits may have seemed bountiful at the time, the costs far outweigh the benefits in the end as coordinated law enforcement efforts have unraveled the widespread schemes and heavily sanctioned the misconduct.”

All of the settlement documents are chocked full of information about bribery schemes Weatherford engaged in for many years. For the compliance practitioner, they provide a list that can be used a check and balance to see if your company may be engaging in any of these practices. Additionally, both the DOJ and SEC listed out the internal controls and books and records failures of the company. Tomorrow, I will review the specific bribery scheme and failures of the Weatherford compliance program.

For a copy of the DOJ Information, click here.

For a copy of the DOJ Deferred Prosecution Agreement, click here.

For a copy of the SEC Civil Compliant, click here.

For a copy of the Plea Agreement, click here.

For a copy of the DOJ Press Release, click here.

For a copy of the SEC Press Release, click here.

© Thomas R. Fox, 2013

Leave a Comment

May 1, 2013

From the Compact Model to the Luxury Model – Managing Your Third Party Risk

Filed under: Agents,Best Practices,compliance programs,Department of Justice,Distributors,Due Diligence,FCPA,FCPA Guidance,Foeign Business Partner,Hanson Wade,Risk Assessment,SEC — tfoxlaw @ 5:12 am
Tags: best practices, compliance programs, DOJ, FCPA, Foreign Corrupt Practices Act, SEC

I am currently attending the Hanson Wade Oil and Gas Supply Chain Compliance conference in Houston. The event is excellent and the presentations have been ‘spot on’ for the nuts and bolts of how to do compliance. As the conference is in Houston, a number of the speakers and attendees are from energy companies but the concepts that are being discussed apply to all companies which have an anti-corruption or anti-bribery compliance program. One of the things that came through each of the presentations was that as compliance programs mature, many companies are developing programs which are more tailored towards the risks that companies face, which are ascertained through more sophisticated risk assessments and management of those risks.

This pattern is certainly consistent with the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) FCPA Guidance which says that a company should assess its risks and manage its risks. From this starting position, a company can then put together a well thought out and reasoned approach to Foreign Corrupt Practices Act (FCPA) compliance. Many of the presentations dealt with third parties and the differing responses and approaches companies have developed for the specific risks that they have uncovered.

Clearly third party risk mitigation through due diligence is key. How much due diligence is enough? One speaker said that it is a balancing call to determine the right amount. There were several presentations which spoke about the increasing use of technology to assist companies in this process. One speaker, a former federal prosecutor, said that one of the things that she looked for when a prosecutor was the ‘thoughtful analysis’ that the FCPA Guidance speaks about. To this end she believes that the human element will always be important because prosecutors want to see the thought process of not only how your program is designed but how you have crafted your risk mitigation based upon the information that you have assessed.

One of the speakers listed some of the factors to begin the review of your third parties. Recognizing that there is no one all-encompassing list, she suggested the following:

How many third parties do you have?
Where are these third parties located?
Industry or sector do you conduct business?
What is the relationship of the third party to a foreign government or state owned enterprise?
Are the owners of the third party related at all to government employees?
Is the use of the third party a business necessity or not? Why do you need to use sales representatives?
What are the reputations and qualifications of the third parties? Can they do what you need them to do from a commercial perspective?
How much control will you have over the third parties? Contrast the control that you have over sales agents with the lesser amount of control that you have over distributors and joint ventures.

From the answers to some of these questions you can begin to craft your third party due diligence inquiries. I was intrigued by one speaker who speech contrasted the steps that you might take with a lower risk third party with that of a higher risk third party. She likened the lower risk approach to that of a compact car and set out the following suggestions:

Rank each third party by the risk you have assessed;
Perform an Internet search on the third party;
Perform reference checks on the third party;
Interview control persons involved with the third party;
Agreement to abide by anti-bribery and anti-corruption laws;
Insert appropriate compliance terms and conditions in your third party contracts.

She contrasted the Compact model with what she termed the ‘Luxury model’ requirements of a third party program:

Prioritize your third parties by risk;
Appoint a Business Unit sponsor for each third party;
Develop a detailed third party application;
Perform an electronic records search on each third party;
Also perform independent screening of each third party;
Perform reference checks on each third party;
Perform site visits and interviews of each third party;
Have each third party acknowledgement your company’s Code of Conduct;
Require each third party to go through ethics training;
Create a company committee, consisting of internal business, legal and compliance representatives to review your high risk third parties;
Insert compliance terms and conditions into each third party contract;
Require both internal and external audits of each third party;
Perform annual updates on your third parties; and
Perform quarterly electronic database rescreening.

There was also a discussion of some common Red Flags that you should be on the outlook for. They included:

Excessive commissions paid to third parties;
Unreasonable discounts given to third parties such as distributors;
Vaguely described services in a third party contract or invoice back to your company;
A third party which is in a different line of business than the one you want to hire to assist your company;
Close association by the third party with a Foreign Official;
Retention of the third party is required by a Foreign Official;
The third party is a shell company located offshore; and
Payments made to the third party are in a country different from the location where the third party’s services are delivered.

The concepts I derived from this presentation is that you should assess and manage your risks. If you determine them to be low, the Compact Model may work for you. If your third party risks are high, then the Luxury Model may be more appropriate. If you use a thoughtful and reasoned approach, you can navigate this area. But always Document, Document and then Document what you have done and why.

© Thomas R. Fox, 2013

Leave a Comment

February 28, 2013

Distributors under the FCPA – Post Game Wrap Up

Filed under: Best Practices,compliance programs,Department of Justice,Distributors,Due Diligence,FCPA,FCPA Guidance,Risk Assessment,Risk Management,SEC — tfoxlaw @ 1:01 am
Tags: compliance, compliance programs, Department of Justice, Distributors, DOJ, FCPA, Foreign Corrupt Practices Act, SEC

This week we have focused on distributors and how a company might think through ranking the risk, performing due diligence on and, finally, how to manage distributors going forward. This was spurred on by a discussion that David Simon and I had engaged in previously on LinkedIn. In today’s post I will try and wrap up and wrap together our approaches so that you might decide which works best for you and your organization.

But first I must note the passing of one of the most famous Texans of the 20th Century, Van Cliburn, the pianist who won the first-place award at the 1958 Tchaikovsky International Competition in Moscow. His gold medal in the inaugural year of the Tchaikovsky competition, won in Moscow, was viewed at the time as an American triumph over the Soviet Union at the height of the cold war. He became a cultural celebrity of pop-star dimensions and brought overdue attention to the musical assets of his native land. But he gave back as well, starting his own piano competition which also became world famous.

While I had been initially skeptical of David’s approach, as I read his White Paper on the subject and his guest post this week, I became convinced that his approach has merit because it follows what is set out in the recently released Department of Justice (DOJ)/Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Guidance, which I quote from the introductory section of the Ten Hallmarks of an Effective Compliance Program:

Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffective. Because each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corporate compliance program most appropriate for that particular business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.[emphasis supplied]

Based upon this language, I believe that if a company takes a carefully designed and reasoned approach to assessing the risk of its distributors and then manages that risk, it is something that meets the above prescription from the FCPA Guidance. While I believe that distributors should be considered the same as agents under the FCPA, I am persuaded that David’s approach meets the cited recommendation from the FCPA Guidance.

I. Fox Approach – The Full Monty Approach

While I wish I had thought of that name I have to credit it to Simon. In 2012, there were three enforcement actions which I believe made clear that there were no distinctions between agents and distributors. They were, the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations. I reviewed the enforcement actions and based upon the deficiencies noted by both the DOJ and SEC, that these enforcement agencies were classing distributors the same as agents or other similar entities in the sales chain.

In the S&N enforcement action, it was clear that S&N had not performed sufficient due diligence on these distributors nor did they document any due diligence that they may have engaged in. In the Lilly case, the policies and procedures in place to flag unusual distributor discounts were deficient as the enforcement action “noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” In the Oracle enforcement action it demonstrated that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account and that Oracle needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. What I gleaned from these enforcement actions was that the full five steps suggested for agents and other third parties in the sales chain was needed for distributors. They are (1) Business Justification; (2) Due diligence, the level being based on your risk assessment; (3) Evaluation of due diligence; (4) Written contract with compliance terms and conditions; and (5) Management of the relationship going forward.

II. Simon Approach – The Agency Approach

Simon advocated that a risk analysis should more appropriately based on the nature of a company’s relationships with their distributors. The goal should be to determine which distributors are the most likely to qualify as agents; for whose acts the company would likely to be held responsible. He argues that it is a continuum of risk; that is, on the low-risk end are distributors that are really nothing more than re-sellers with little actual affiliation with the supplier company. On the high-risk end are distributors who are very closely tied to the supplier company, who effectively represent the company in the market and end up looking more like a quasi-subsidiary than a customer.

Simon looks at agency principles to guide his analysis of whether a distributor qualifies as an agent for FCPA purposes. He argues that factors to consider include:

The volume of sales made to the distributor;
The percentage of total sales of the distributor’s total business the principal’s product represents;
Whether the distributor represents the principal in the market, including whether it can (and does) use the company trademarks and logos in its business; and
Whether the principal company is involved in the running of the distributor’s business (such as by training the distributor’s sales agents, imposing performance goals and objectives, or providing reimbursement for sales activity).

Once a company segregates out the high-risk distributors that likely qualify as agents and potentially subject the company to FCPA liability from those that are mere resellers and pose less FCPA risk, FCPA compliance procedures can be tailored appropriately. For those distributors that qualify as “agents” and also pose FCPA risk, full FCPA due diligence, certifications, training and contract language are imperative. For those that do not, more limited compliance measures that reflect the risk-adjusted potential liability are perfectly appropriate.

III. Athanas Approach – Management of the Relationship

I often say that once you have a business justification, perform and evaluate due diligence on an agent and then ink a contract; your real work now begins as you have to manage that relationship going forward. Athanas set out a plan to assist in that management component under which he provides a framework to help provide a business justification, assess/manage and document any discount offered to a distributor; all of which he calls the ‘Discount Authorization Request’ (DAR) and states as follows:

1. Capturing and Memorializing Discount Authorization Requests

Athanas says that it all begins with a DAR. This is so important that he argues a DAR template should be prepared, which is designed to capture the particulars of a given request and allow for an informed decision about whether it should be granted. Because the specifics of a particular DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated as well as an explanation in the business justification for the elevated discount. In addition, the DAR template should be designed so as to identify gaps in compliance that may otherwise go undetected.

2. Evaluation and Authorization of DARs

The next step is that channels should be created to evaluate DARs. The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval. Athanas believes that three levels of approval are sufficient, but can be expanded or contracted as necessary. The key is the greater the discount contemplated, the more scrutiny the DAR should receive. The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently.

3. Tracking of DARs

Lastly comes the Document, Document, Document component. Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied. The documentation of the total number of DARs allows companies to more accurately determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company. This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.

IV. Bringing It All Home

You do not have to dream like Van Cliburn did but you can try other or new approaches. Whether you use the Fox ‘Full Monty’ approach or the Simon ‘Agency’ approach will depend on many different factors unique to your organization. You are only limited by your imagination. There may well be other approaches you can take if they are carefully thought out and well-reasoned.

But whatever approach you take on risk ranking and performing due diligence on your distributors, I would urge you to use Athanas’ DAR system or something similar to it. While it is of the utmost importance that you do so from the compliance perspective, the business reason is even more compelling. A company really does need to know what discounts it is giving to distributors and why they are receiving said discounts.

I hope that you have enjoyed our discussion and dialogue on distributors this week. I wanted to thank, once again, David Simon and Bill Athanas for their most excellent and timely posts. I certainly have learned quite a bit.

Leave a Comment

February 27, 2013

What Enforcement Actions Based On Distributor Conduct Teach About Improving FCPA Compliance Programs

Filed under: Best Practices,compliance programs,Department of Justice,Distributors,FCPA,FCPA Guidance — tfoxlaw @ 1:01 am
Tags: Bill Athanas, Distributors

Ed. Note-today we have a guest post by our colleague, William C. Athanas, a partner in the law firm of Waller Lansden Dortch & Davis, LLP. In the prior two posts, David Simon and myself posited different approaches to analyzing the risks that distributors present under the FCPA. In this post, Bill suggests an approach for managing the risks that distributors present under the FCPA.

———————————————————————————————————————————————————————-

In a recent post, Distributors Under the FCPA, Tom Fox detailed three enforcement actions filed in 2012 which show that the actions of distributors can create FCPA liability for the companies that hire them. The Smith & Nephew, Oracle and Lilly actions summarized in Tom’s post demonstrate the continuing viability of distributor conduct as the basis for FCPA enforcement actions by aligning with previous cases (such as GE InVision and AGA Medical) also grounded on that theory. Together, those cases make plain that the government perceives no distinction between distributors and any other kind of intermediary used as a conduit for bribe payments. Tom’s post offers a useful jumping-off point an equally significant and far less apparent lesson: just because distributors’ actions can give rise to FCPA exposure does not mean that companies are best served by relying on traditional compliance measures to mitigate the risk they present.

FCPA exposure arises when companies pay money – either directly or indirectly – to fund bribe payments. In the traditional intermediary scenario, the company funnels money to the agent or consultant, who then passes on some or all of it to the bribe recipient. Often, the payment is disguised as compensation to the intermediary, and some portion is redirected for corrupt purposes.

But distributors are an atypical intermediary, at least where compensation is concerned. Unlike the standard intermediary relationship, companies generally do not transfer funds to distributors as payment for services rendered. Rather, as Fox explained in a prior post, What’s in a Name: Agents, Resellers and Distributors under the FCPA, distributors make money by buying goods for one price and selling them for a higher amount. As a result, the greater the discount provided to the distributor, the more money available to pay bribes.

When companies grant distributors uncommonly steep discounts, bribes can result either: 1) because the distributor is instructed by the company to use the excess amounts to fund corrupt payments; or 2) because the distributor pays bribes on its own, without the express direction or implicit suggestion from the company to do so, in an effort to gain some business advantage. (Note on this issue the reference in the Resource Guide to the U.S. Foreign Corrupt Practices Act recently released by the DOJ and SEC, which notes that common red flags associated with third parties include “unreasonably large discounts to third-party distributors”). The distributor enforcement cases offer lessons to combat the second scenario, which is where legitimate companies require assistance.

Assuming that the company’s desire is not to use its distributors as a conduit for paying bribes, how can it manage the FCPA risk that distributors present? By installing a distributor discount policy and monitoring system tailored to the company’s operational structure. In virtually every business, there exists a range of standard discounts granted to distributors. Under the approach recommended here, discounts within that range may be granted without the need for further investigation, explanation or authorization (absent, of course, some glaring evidence that the distributor intends use even the standard cost/price delta to fund corrupt payments).

Where the distributor requests a discount above the standard range, however, the policy should require a legitimate justification. Evaluating and endorsing that justification requires three steps: (1) relevant information about the contemplated elevated discount must be captured and memorialized; (2) requests for elevated discounts should be evaluated in a streamlined fashion, with tiered levels of approval (higher discounts require higher ranking official approval); and (3) elevated discounts are then tracked, along with their requests and authorizations, in order to facilitate auditing, testing and benchmarking. The basics concepts underlying each step are discussed below.

1. Capturing and Memorializing Discount Authorization Requests

Through whatever means are most efficient, a discount authorization request (“DAR”) template should be prepared. While remaining mindful of the need to strike a balance between the creation of unnecessary red tape and the need to mitigate risk, the DAR template should be designed to capture the particulars of a given request and allow for an informed decision about whether it should be granted. Because the specifics of a particular DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated (e.g., whether as a request from the distributor or a contemplated offer by the company) as well as explain the legitimate justification for the elevated discount (e.g, volume-based incentive). In addition, the DAR template should be designed so as to identify gaps in compliance that may otherwise go undetected (e.g., confirmation that the distributor has executed a certification of FCPA compliance).

2. Evaluation and Authorization of DARs

Channels should be created to evaluate DARs submitted. The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval. Usually, three levels of approval are sufficient, but this can expanded or contracted as necessary. Ultimately, the greater the discount contemplated, the more scrutiny the DAR should receive. Factors to be considered in constructing the approval framework include the expected volume of DARs and the current organizational structure. The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently.

3. Tracking of DARs

Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied. This captured data can provide invaluable insight into FCPA compliance and beyond. By tracking the total number of DARs, companies will find themselves better able to determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company (e.g., confirming the existence of a completed and approved DAR is an excellent objective measure for internal audit to perform as part of its evaluation of the company’s FCPA compliance measures). This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.

Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions and FCPA Guidance have provided insight into how the government interprets and enforces the FCPA. This information, in turn, allows companies to get smarter about FCPA compliance. With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations. Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, which can be invaluable in responding to a government inquiry.

———————————————————————————————————————————————————————-

Bill Athanas served as a member of the Justice Department’s Fraud Section and later as an Assistant U.S. Attorney in the Northern District of Alabama. Currently, he is a partner based out of the Birmingham, Alabama office of Waller Lansden Dortch & Davis, LLP. His practice focuses on white collar criminal defense, including providing FCPA advice and counsel to privately held and publicly traded companies operating in a wide range of industries and geographic regions. He can reached at Bill.Athanas@wallerlaw.com.

============================================================================================

Leave a Comment

February 26, 2013

Analyzing the Risk of Distributors Under the FCPA-the Simon Approach

Filed under: Best Practices,compliance programs,Distributors,FCPA,Risk Assessment — tfoxlaw @ 7:01 am
Tags: best practices, compliance programs, Distributors, FCPA, Risk Assessment

Ed. Note-we continue are series on the risk analysis and assessment of distributors under the FCPA and management of that risk. Today, David Simon contributes a guest post where he articulates another approach to the risk analysis of distributors.

============================================================================================

Tom and I have been engaged in an interesting discussion (interesting to us, as FCPA geeks, anyway) about the FCPA risk posed by distributors and the most appropriate compliance response to that risk. Tom correctly focuses on the risk posed by distributors and recommends that companies apply “Full Monty” third-party due diligence procedures to distributors to minimize that risk. Based some work counseling mid-sized companies with limited compliance resources, I have focused on the practical challenges that approach presents, and have proposed an analytical framework for conducting a risk-based approach to assessing FCPA exposure, which can be used to sensibly and reasonably allocate compliance resources.

It seems that everyone agrees on a couple of key points. First, it is clear that distributors do pose FCPA risk. Indeed, the majority of enforcement actions over the past several years have involved at least some alleged violations by third parties, including some involving distributors. Second, there is no question that a company will be held responsible for improper payments made by a distributor if the company actually knows about or participates in the improper payments.

My focus is on FCPA liability for acts of distributors that is premised on “willful blindness.” A significant benefit from third-party due diligence is protection against a “willful blindness” FCPA charge if a distributor makes an improper payment on the company’s behalf.

Here’s the problem: Some companies employ vast distributor networks, sometimes including hundreds, if not thousands, of distributors around the world. Many distributors are more like customers than agents – they merely purchase a product and resell it to others, often in conjunction with other products purchased from other manufacturers. Is it really practical and necessary to conduct full FCPA due diligence on every one of those distributors? Do the U.S. companies in these situations even have the leverage to insist on FCPA representations and warranties in the written agreements, to demand audit rights, and to require certifications by and training of these distributors? The question thus arises whether U.S. companies are faced with a difficult choice either to accept substantial FCPA risk or to devote disproportionate resources to running an FCPA compliance program that fully vets all distributors.

I think the answer to this question is “no,” and that there is a practical way to minimize the FCPA risk associated with a global distributor network without devoting an unreasonable and disproportionate amount of resources to compliance. The key, in my view, is to employ a risk-based approach to distributor compliance, focusing on those relationships that pose the greatest FCPA risk. The U.S. government has endorsed the use of a risk-based approach to FCPA compliance – and the agencies emphasized this point in the recent FCPA Resource Guide — and I see no reason why those principles should not apply equally in this context.

The first step in a risk-based approach is to identify those parts of the distribution network that pose the greatest FCPA risk. Companies should look at the countries of operation, including their respective reputations for corruption, the end-user base (are there government contacts or state-owned enterprise customers?), the level of government regulation and the amount of interaction with the government, the industry, and other factors that would help assess FCPA risk generally. Those parts of the world and parts of the company’s operation that pose the greatest risk should get the greatest attention. Distributors in Norway who sell to private commercial customers will require less scrutiny than those in India who bid on government contracts.

But companies following a risk-based approach should take this risk analysis a step further and focus on the nature of their relationships with their distributors. The goal should be to determine which distributors are the most likely to qualify as agents, for whose acts the company is likely to be held responsible. Think about this as a continuum of risk. On the low-risk end are distributors that are nothing more than re-sellers with little actual affiliation with the supplier company. On the high-risk end are distributors who are very closely tied to the supplier company, who effectively represent the company in the market and end up looking more like a quasi-subsidiary than a customer.

In order to determine where a distributor falls on this continuum of risk basic principles of agency law are instructive. The Restatement (Third) of Agency defines agency as “the fiduciary relationship that arises when one person (a ‘principal’) manifests assent to another person (an ‘agent’) that the agent shall act on the principal’s behalf and subject to the principal’s control, and the agent manifests assent or otherwise consents so to act.” It is this relationship that gives rise to potential FCPA liability for the actions of distributors.

As with liability for a principal in any agency relationship, whether a distributor qualifies as an agent for FCPA purposes should turn on the amount of control a principal exerts over the distributor and whether the distributor is seen to be acting under the authority of the principal. Factors to consider include:

The volume of sales made to the distributor;

The percentage of total sales of the distributor’s total business the principal’s product represents;

Whether the distributor represents the principal in the market, including whether it can (and does) use the company trademarks and logos in its business; and

Whether the principal company is involved in the running of the distributor’s business (such as by training the distributor’s sales agents, imposing performance goals and objectives, or providing reimbursement for sales activity).

———————————————————————————————————————————————————————-

David Simon, a partner at Foley & Lardner, defends corporations in government enforcement actions, conducts internal investigations, and provides compliance advice and counseling. He specializes in the FCPA and other anti-corruption laws. He can be reached at DSimon@foley.com

———————————————————————————————————————————————————————-

Leave a Comment

February 25, 2013

Distributors Should Be Analyzed As Any Other Third Party Representative in the Sales Chain

Filed under: Distributors,FCPA,Matt Ellis,Risk Assessment,Risk Management — tfoxlaw @ 1:01 am
Tags: Control Risk, Distributors, FCPA

Ed. Note-David Simon is a partner at Foley and Lardner and Bill Athanas is a partner at Waller Lansden Dortch & Davis, LLP. Both have practices which include FCPA compliance. After my recent post on distributors under the FCPA, David and I had a dialogue on how distributors should be reviewed and analyzed under the FCPA. Bill also had some thoughts on the subject. I asked them if they would contribute guest posts with their ideas.

As this is the first time that I have had a dialogue with two other FCPA practitioners based on a post, this week we will have 3 days of discussion and dialogue on distributors. Today, I provide my suggestions on how to risk rank and the manage distributors. Tomorrow, Daivd will contribute his thoughts on a different approach. On Wednesday, Bill will lay out his ideas on the topic. Finally on Thursday I will try to wrap up and weave together our three articles. I hope that you will find this series instructive and useful. I know I certainly have in my dialogues with these two other excellent FCPA compliance practitioners.

In today’s post, I advocate that distributors should be treated as any other third party representative in the sales chain; IE., agents and resellers.

============================================================================================

In 2012, there were three enforcement actions which I believe made clear that there were no distinctions between agents and distributors. They were, the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations.

These enforcement actions involved three separate bribery schemes which I believe call for three different but overlapping responses. In the case with Lilly, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Matt Ellis, the enforcement action “noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.”

The Lilly enforcement action also makes clear the need for internal audit to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. As stated by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

The Oracle enforcement action demonstrates that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Oracle should have sought to either (1) seek transparency in its dealing with the distributor or (2) audit third party payments made by the distributors on Oracle’s behalf, both of which would have enabled the Company to check that payments were made to appropriate recipients.

What are some of the factors that demonstrate the distributors used by S&N were fraudulent and did not have a legitimate business purpose? It was clear that S&N did not perform sufficient due diligence on these distributors nor did they document any. I would note that the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose that the company wished to hide from Greek authorities. While it is true that a distributor might sell products into a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

However, the biggest indicium of corruption was the amount of the commission paid. The traditional sales model for a distributor has been to purchase a product, take the title, and therefore the risk, and then sell it to an end user. Based upon this sales model, there has been a commission structure more generous than those usually accorded a reseller or sales agent, who is usually only a negotiator between the Original Equipment Manufacturer (OEM) and the end user. This difference in taking title, and risk of loss, have led to a cost structure which has provided a deeper discount of pricing for distributors than commission rates paid to resellers or sales agents. The sales structure used by S&N had pricing discounts of between 26-40% off the list price. Further, this money was used precisely to pay bribes to Greek Doctors to use S&N products.

These three enforcement actions make clear that distributors will be treated like any other representative in the sales chain. This means that distributors need to go through the same rigorous due diligence and review, contracts and management going forward as agents or resellers.

Leave a Comment

FCPA Compliance and Ethics Blog

December 12, 2014

Seamus Heaney and Compliance With a Seat at the Table

February 27, 2014

Alfred the Great, GE and the Management of Third Party Risk

December 4, 2013

The Weatherford FCPA Settlement, Part III

December 3, 2013

The Weatherford FCPA Settlement, Part II

December 2, 2013

The Weatherford FCPA Settlement, Part I

May 1, 2013

From the Compact Model to the Luxury Model – Managing Your Third Party Risk

February 28, 2013

Distributors under the FCPA – Post Game Wrap Up

February 27, 2013

What Enforcement Actions Based On Distributor Conduct Teach About Improving FCPA Compliance Programs

February 26, 2013

Analyzing the Risk of Distributors Under the FCPA-the Simon Approach

February 25, 2013

Distributors Should Be Analyzed As Any Other Third Party Representative in the Sales Chain

January

Blogroll

Pages

Admin

Read by Email

Recent Posts from FCPA Compliance and Ethics Report: FCPA Compliance and Ethics Report

Episode 240-Bill Coffin on Compliance Week 2016

Episode 239-Jonathan Armstong On EU Privacy Shield

Episode 238-John Allen on HR Touch Points in Compliance

Episode 237-Steve McCalmont on the Avior Risk Management Platform

Episode 236-Adam Turteltaub and SCCE CCO Survey