How to Influence FPCA Compliance as a Minority JV Partner

How does a company work towards achieving compliance with the Foreign Corrupt Practices Act (FCPA) in a Joint Venture (JV) or other business relationship where it holds less that 50% of the control? That question is often faced by US companies when they enter into a JV in many countries which require a majority of local ownership or even a 50-50 split in ownership. Some tactics that the compliance practitioner might employ were discussed in an article in the June issue of the Harvard Business Review, entitled, “The Perils of Partnering in Developing Markets”, in which Johns Hopkins (Hopkins) Medicine International Chief Executive Officer (CEO) Steven J. Thompson wrote about his company’s experience in partnering with a charity in Turkey to build and operate a “state-of-the-art medical facility.”

While not directly discussed in the article it is certainly worth noting that in partnering to create hospitals overseas, Hopkins is always dealing with the FCPA as health care services generally and hospitals particularly are run by the foreign government in which the hospital is located. However, the problems Hopkins encountered and some of the solutions provide excellent insight into compliance challenges that a company might well face when it moves into a developing market. Thompson began by noting that as a non-profit Hopkins always takes a minority interest or none at all. This requires Hopkins to operate not as typical JV or other type of partner but “more like consultants with a broad range of responsibility and high level of authority.” The other thing that I found quite interesting was that as a non-profit, the most important thing to Hopkins is its good name; in other words it is far more concerned about reputational damage than financial loss. Some of the key lessons learned were as follows.

Filling the Local Talent Gap

Even if the country’s laws do not require that local persons be the entity’s managers, most local partners insist upon it. Thompson has learned that fighting this “rarely pays out.” Instead Hopkins seeks to team its advisors with the local executives, so that the advisors will have the ability to influence both “process and culture.” Overtime, Hopkins has found that the top local managers cannot push as hard or as strongly for innovation and culture change so that the Hopkins team can begin to take over the top management functions.

A key component for long term success is training. This includes local training in all aspects of hospital management and financial operations. Additionally, Hopkins establishes a strong recruiting pipeline for bringing back to Baltimore, the home of Hopkins, so that they can be trained at and see how the facilities are run in the US.

When Best Practices Collide with Culture

In most medical treatment outside the US, the culture is such that a Doctors judgment is never questioned. This is quite different from the Hopkins experience in the US, where other providers of health care are empowered to challenge the decisions of senior physicians where a patient’s health may be at risk. The Hopkins approach when “confronted with a culture clash is to determine whether we really need to challenge the culture.” With this approach, Hopkins found that it could accomplish its goals, “within the cultural constraints” in which it operated. When it could not do so, it “seeded the staff with professionals who could lead by example” so that in the case of the culture of deference to Doctors whose authority was not challenged, senior nurses were brought in from countries where such a tradition did not exist. Once others saw that patient outcomes were steadily improved, “they began to come around and the culture of deference receded.”

Mitigating Risk

In many ways, I found the Hopkins experience in mitigating risk to be the most interesting. Here Thompson said that the pre-agreement due diligence process, which he termed “choosing the right partner and learning to read the signs from up-front negotiations are critical”, were two of the most critical factors. He identified factors such as foreign institutions which only desired short-term profit or were trying to capitalize on the Hopkins name as “anathema to success.” He wrote that these factors can be ascertained through long conversations with potential partners about goals such as sustainable quality and commitment rather than on financial returns alone. Mimicking the requirements under the US Department of Justice’s (DOJ’s) minimum best practices compliance program, Hopkins requires strong contract language regarding the commitments made by any foreign partner. Lastly, if a relationship begins to sour or otherwise have problems, Hopkins is not afraid to rethink its position or even end the relationship after appropriate consideration. To help facilitate this from the legal perspective, Hopkins requires a “termination for convenience clause” in its contracts.

Project Checklist

Another interesting aspect of the Hopkins approach was in the implicit use of risk assessment. Thompson included the below chart to illustrate “How Johns Hopkins Sizes Up International Risk”. I found that these concepts speak to an on-going approach to risk assessment so that the process is continuous and therefore allows for continuous improvement.

Evaluating the Opportunity	Getting up to Speed	Operating Over Time
Assess the potential partner’s willingness to commit resources.	Engage experts to hire key personnel and to design processes.	Stabilize processes and create feedback loops.
Assess regional constraints.	Establish training and mentoring programs for local managers and professionals.	Transfer more responsibilities to local managers.
Work with your local partner on a project plan and a business plan.	Set up clinical, operations and financial performance metrics.	Establish local education and recruitment pipelines.
Ensure that your local partner has a clear understanding of, and realistic expectations for the project.	Establish quality, safety and efficiency processes.	Establish regional marketing programs.
	Set up a time for accreditation.	Consider new initiatives and expansion.

If Trouble Arises

Thompson concluded is article with a list of action items that you can perform if there are signs of trouble. So, following McNulty’s Maxim No. 3 of “What did you do to remedy it?”, I list the following actions steps your company can take at three different stages of a JV relationship.

1. In the Evaluation Phase

• If your concerns are modest, propose a smaller, several months-long pilot consulting project.
• If your concerns are serious, you would walk away from the deal.

2. In the Start-Up Phase

• Engage experts to hire the Key JV personnel and to design the appropriate processes.
• Increase the number of ex-pat professionals involved in the JV.
• Expand your support to local managers.
• If warranted, revise strategic plans and consider replacing the onsite management.
• If severe problems arise, consider scaling back or terminating the JV

3. As the Relationship Matures

• Strengthen your training and mentorship.
• Bring in subject matter experts (SMEs) to help solve defined problems.
• Retool processes that may be falling short.
• If required, reinstate key managers from your corporate headquarters or home office.
• Freeze or reduce the scope of the JV’s activities until problems are solved.
• Set up problems solving forums with partners in other countries.

Many US companies have struggled with how influence partners to comply with the FCPA in JV relationships. The Hopkins experience has some excellent steps that your company can take in the pre-formation stage, during contract negotiation, in post-execution contract management and then as the relationship matures. The process that Hopkins follows is one that clearly allows you to use influence, rather than the brute force of the majority right of control. It is a very good road map for you to consider and one that management should take a close look at when managing any overseas relationship.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2012

Kroll Annual Global Fraud Report

One of the ways to increase market share is to build a mousetrap and it increasingly appears that one of the fastest ways to increase market share is to pilfer a company’s plans for a better mousetrap. As reported in the October 18, 2010 online edition of the Kansas City Star, according to the latest edition of the Kroll Annual Global Fraud Report, theft of information and electronic data at global companies has overtaken physical theft of property and goods for the first time. As noted by Kroll, “If fraud were a virus, almost everyone would be slightly ill” with its finding that of the respondents, 88% reported that they had been hit by at least one type of fraud in the past year, a figure broadly similar in every region and consistent with those of previous years. However we were struck by the finding that soft theft has overtaken hard theft as a key concern for companies in the area of fraud.   

This year’s study shows that the amount lost by businesses to fraud rose from $1.4m to $1.7m per billion dollars of sales in the past 12 months – an increase of more than 20%. While physical theft of cash, assets and inventory has been the most widespread fraud, by a considerable margin in previous Global Fraud Reports, this year’s findings reveal that theft of information or assets was reported by 27.3% of companies over the past 12 months, up from 18% in 2009. In contrast, reported incidences of theft of physical assets or stock declined slightly from 28% in 2009 to 27.2% in 2010. 

According to the 2010 survey, 88% of companies said they had been the victim of at least one type of fraud during the past year. Of the specific countries analyzed China is the top market in which companies suffered fraud with 98% of businesses operating there affected, Colombia ranked second with a 94% incidence of fraud, followed by Brazil with 90%. Information-based industries reported the highest incidence of theft of information and electronic data over the past 12 months; these include financial services (42% in 2010 versus 24% in 2009), professional services (40% in 2010 versus 27% in 2009) and technology, media and telecoms (37% in 2010 versus 29% in 2009). 

The Kroll annual survey came on the heels of a notice we recently received about the upcoming release of the Open Source Security Testing Methodology Manual (OSSTMM) v3, which is the first comprehensive security testing methodology manual to gain any ground. The OSSTMM is a peer-reviewed methodology for performing security tests and metrics; test cases are divided into five channels (sections) which collectively test  information and data controls, personnel security awareness levels, fraud and social engineering control levels, computer and telecommunications networks, wireless devices, mobile devices, physical security access controls, security processes, and physical locations such as buildings, perimeters and military bases. Anthony Freed, Managing Director of InfosecIsland called the OSSTMM “a strikingly authoritative outline of security best practices, and will most certainly have an effect on security standards and best practices.” 

The OSSTMM is made available at no cost through the Institute for Security and Open Methodologies (ISECOM) a non-profit collaborative community. It is dedicated to providing practical security awareness, research, certification and business integrity. ISECOM provides certification, training support and project support services for non-partisan and vendor-neutral funding of projects and infrastructure and assures you their training programs, standards, and best practices are truly neutral of national or commercial influence. 

The example of this theft of business information was made real today by a client who told me that an account had been opened in the company’s name, using fraudulent means, and someone was purchasing big screen televisions. The client only found about the fraud when the company received its first invoice for these fraudulent purchases. This reinforces the fact that compliance encompasses a wide range of areas in a company and the Kroll Annual Survey makes clear that information security should be included. 

For more information on the OSSTMM, visit the ISECOM website, here. 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2010