Life Cycle Management of Third Parties – Step 4 – The Contract

This post continues to outline what I believe are the five steps in the life cycle of third party management. Today I will look at Step 4, the contract. However, before we get to the contracting stage a word about what to do with Steps 1-3. You cannot simply obtain the information detailed in these first three steps; you must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.

After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 – the contract. Obviously any commercial relationship should be governed by the terms and conditions of a written contract. Clearly your commercial terms should be set out in the contract. In the area of commercial terms the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.

In addition to the above analysis from the compliance perspective, you should incorporate compliance terms and conditions into your contracts with third parties. I would suggest that you begin with some type of compliance terms and conditions template, which can be used as a starting point for your negotiations. The advantages of such a template are several; they include: (1) the contract language is tested against real events; (2) the contract language assists the company in managing its compliance risks; (3) the contract language fits into a series of related contracts; (4) the contract language is straight-forward to administer and (5) the contract language helps to manage the expectations of both contracting parties regarding anti-bribery and anti-corruption.

What are the compliance terms and conditions that you should include in your commercial contracts with third parties? In the Panalpina Deferred Prosecution Agreement (DPA), Attachment C, Section 12 is found the following language, “Where necessary and appropriate, Panalpina will include standard provisions in agreements, contracts, and renewals thereof with all agents and business partners that are reasonably calculated to prevent violations of the anticorruption laws, which may, depending upon the circumstances, include: (a) anticorruption representations and undertakings relating to compliance with the anticorruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and (c) rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.” In the Johnson & Johnson (J&J) DPA, the same language as used in the Panalpina DPA is found in Attachment C, entitled “Corporate Compliance Program”. However, in Attachment D, entitled “Enhanced Compliance Obligations”, the following language is found: “Contracts with such third parties are to include appropriate FCPA compliance terms and conditions including; (i) representatives and undertakings of the third party to compliance; (ii) right to audit; and (iii) right to terminate.”

Mary Jones, in an article in this blog entitled “Panalpina’s World Wide Web”, suggested the following language be present in your compliance terms and conditions:

• payment mechanisms that comply with this Manual, the FCPA [Foreign Corrupt Practices Act], the UKBA [UK Bribery Act] and other applicable anti-corruption and/or anti-bribery laws during the term of such contract;
• the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual;
• the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law;
• the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and
• remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.

Based on the foregoing experts and the research I have engaged in, I believe that compliance terms and conditions should be stated directly in the document, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.

In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it.

• Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
• Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
• Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
• No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
• Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
• Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
• On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
• Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
• Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.

Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simply to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the DOJ will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the DPAs I have discussed. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party as this series has discussed.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

Actions Taken During a FCPA Enforcement Action-Lessons from Parker Drilling and Ralph Lauren

In the two most recent corporate Foreign Corrupt Practices Act (FCPA) enforcement actions, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) to communicate not only what they believe constitutes a best practices compliance program but equally importantly what actions a company can engage in which will significantly reduce a company’s overall fine and penalty. These matters involved Parker Drilling Company (Parker Drilling) and the Ralph Lauren Corporation. Parker Drilling received a Deferred Prosecution Agreement (DPA) and Ralph Lauren sustained a Non-Prosecution Agreement (NPA).

Fines and Penalties

Parker Drilling’s conduct earned it an “approximately 20 percent reduction off the bottom of the fine range” which suggested a fine of between $14.7MM to $29.4MM. The final DOJ fine was  $11,760,000. The company also agreed to pay disgorgement of $3,050MM plus pre-judgment interest of $1,040,818, to the SEC. Ralph Lauren  agreed to pay $882K to the DOJ and $593K in disgorgement and $141K in pre-judgment interest to the SEC.

Self-Disclosure

In the DOJ/SEC FCPA Guidance released last year one of the clear messages was that companies should self-disclose any potential FCPA violations. While this question is debated by the FCPA intelligentsia and in compliance/legal department across the country, one of the key takeaways is that companies should self-disclose. In the section on Declinations, which included stripped out information on six companies which received declinations to prosecute, one of the common factors was that each company self-disclosed its FCPA violation.

In the Ralph Lauren NPA, the DOJ stated that one of the factors which led to the NPA was “the Company’s timely, voluntary, and complete disclosure of the conduct”. This is contrasted with the Parker Drilling DPA, where there was no information listed regarding self-disclosure. In its Press Release announcing the resolution of the Parker Drilling matter, the DOJ stated it “stemmed from the DOJ’s Panalpina-related investigations.”

What Did You Do When You Found Out About It? Prong II – Extensive Cooperation

Both companies provided extensive cooperation to the DOJ and SEC throughout the pendency of their respective investigations. In the Ralph Lauren NPA, the DOJ detailed the company’s conduct by stating that “the Company’s extensive, thorough, and real-time cooperation with the Department, including conducting an internal investigation, voluntarily making employees available for interviews, making voluntary document disclosures, conducting a world-wide risk assessment, and making multiple presentations to the Department on the status and findings of the internal investigation and the risk assessment”. In the Parker Drilling DPA, the DOJ stated that “the Company’s cooperation, including conducting an extensive internal investigation and collecting, analyzing, and organizing voluminous evidence and information for the Department”.

What Did You Do When You Found Out About It? Prong I – Remediation

Implementing one of the prongs of McNulty’s Maxim No. 3, both companies engaged in extensive remediation during the investigations. The Ralph Lauren NPA stated that “the Company’s early and extensive remedial efforts already undertaken – including conducting extensive FCPA training for employees world-wide, enhancing the Company’s existing FCPA policy, implementing an enhanced gift policy as well as other enhanced compliance, control and anti-corruption policies and procedures, enhancing its due diligence protocol for third-party agents, terminating culpable employees and a third-party agent, instituting a whistleblower hotline, and hiring a designated corporate compliance attorney – and to be undertaken, including enhancements to its compliance program as described in Attachment B (Corporate Compliance Program);”.

Parker Drilling also engaged in extensive work to create a gold standard compliance program all the while undergoing its own internal investigation. According to the DPA, “the Company has engaged in extensive remediation, including ending its business relationships with officers, employees, or agents primarily responsible for the corrupt payments, enhancing its due diligence protocol for third-party agents and consultants, increasing training and testing requirements, and instituting heightened review of proposals and other transactional documents for all the Company’s contracts.” Parker Drilling also hired “a fulltime Chief Compliance Officer and Counsel who reports to the Chief Executive Officer and Audit Committee, as well as staff to assist the Chief Compliance Officer and Counsel.” The Company worked to strengthen its internal controls. Lastly, and I hope that you remember this from the Morgan Stanley Declination, Parker Drilling implemented “a compliance-awareness improvement initiative and program that includes issuance of periodic anti-bribery compliance alerts.”

Self-Monitoring and Reporting to the DOJ

In an area that is sometimes overlooked in both DPAs and NPAs, both companies agreed to self-monitor the effectiveness of their compliance programs and make no less than annual reports to the DOJ. In its three-year DPA, Parker Drilling agreed to monitor and “that it will report to the Department periodically, at no less than twelve-month intervals during a three-year term, regarding remediation and implementation of the compliance program and internal controls, policies, and procedures”. In its two year NPA, Ralph Lauren agreed to monitor and “report to the Department periodically, at no less than twelve-month intervals during a two-year term, regarding remediation and implementation of the compliance program and internal controls, policies, and procedures.”

Both the DOJ and SEC continue to communicate to the compliance practitioner what they expect from companies in the way of a best practices compliance program and what a company should do if they discover a potential FCPA violation. These communications, through enforcement actions, DPAs, NPAs and Declinations, are consistent with the information provided by the DOJ/SEC in the FCPA Guidance. Both of these enforcement actions demonstrate that if a company gets ahead of the curve, it can significantly lessen its overall penalty and pain.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

Panalpina’ s “World Wide Web”

Ed. Note-we continue our guests posts from Mary Jones who today looks at the world wide web in the context of one of the most significant companies which have been involved in FCPA enforcement actions-Panalpina

On November 12, 1990, Sir. Tim Berners-Lee with help from Robert Cailiau published a formal proposal for the World Wide Web in Switzerland.   Today, twenty-two years later- we look at a different world wide web, one which ensnarled a Switzerland based company named “Panalpina”.

According to the Department of Justice, Basel, Switzerland based Panalpina World Transport “is one of the world’s leading suppliers of forwarding and logistics services, specializing in global supply chain management solutions and intercontinental air freight and ocean freight shipments and associated supply chain management solutions.” It operates “a close-knit network with some 500 branches in over 80 countries,” does business in a further 80 countries with partner companies, and employs approximately 15,000 individuals.  The criminal information focuses on a “network of local subsidiaries … each of which was responsible for providing the freight forwarding and logistics services to customers and for coordinating with other Panalpina-affiliated companies with respect to the transportation and shipment of cargo from abroad.” In addition, PWT and its subsidiaries “provided customers with importation, customs clearance and ground shipment services once the shipped goods reached their destination jurisdiction.”  The subsidiaries under investigation were from the U.S., Nigeria, Angola, Brazil, Azerbaijan, Kazakhstan, Russia and Turkmenistan (hence my reference to the “world wide web”!)

There have been many blogs, papers and articles written about the facts and settlement the DOJ and SEC entered into with Panalpina and many of the oil service companies utilizing its services.  There is no reason for me to recite the facts of that case again.   More importantly, I have seen first-hand the improvements made by Panalpina in its own compliance program since the investigation began in 2005. This is a company that should be lifted up as a model for others to follow.  I have always been taught that it isn’t the fact that you get knocked down that shows your strength and courage, but the fact that you get back up and learn from your mistakes.    All of us can learn improvements from each and every one of the FCPA reported settlement agreements, including that of Panalpina.

Practical Pointer for today’s blog- once a third party has passed the due diligence process, it is important to include contractual language specifically targeted to the FCPA (and in my opinion the UK Bribery Act). There are several well recognized concepts that should be included in the contractual language, including an overarching statement that the Agent or Partner will not authorize, offer, or pay anything of value to a foreign government official (or private entity if UK Bribery Act is encompassed) for the purpose of obtaining or retaining business or gaining any improper business advantage.  This concept is followed by the promise to submit itemized invoices, with accurate supporting documentation to allow for transparency in the processing of payments.  Along with these two requirements are the rights to audit, to terminate or suspend the contract, and perhaps, the right to recoup any losses and investigation costs for violation of the above.  The final agreements would include the obligation to undertake training, periodic due diligence requalification and annual certifications.

On Friday, we discussed the Due Diligence process and provided some language to assist in the identification of “Red Flags” when considering the use of a third party Agents or Partners.  Today, we provide you with additional language to consider utilizing once an Agent or Partner has been retained:

In addition, unless approved by the Company Compliance Officer or his or her designee, all contracts with Agents or Partners shall contain provisions addressing the following matters:

• payment mechanisms that comply with this Manual, the FCPA, the UKBA and other applicable anti-corruption and/or anti-bribery laws during the term of such contract;
• the counterparty’s obligation to maintain accurate books and records in compliance with the Company’s Policy and Compliance Manual;
• the counterparty’s obligation to certify on an annual basis that: (i) counterparty has not made, offered, or promised any payment or gift of money or anything of value, directly or indirectly, to any Government Official (or any other person or entity if UK Bribery Act applies) for the purpose of obtaining or retaining business or getting any improper business advantage; and (ii) counterparty has not engaged in any conduct or behavior prohibited by the Code of Conduct, Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law;
• the Company’s right to audit the counterparty’s books and records, including, without limitation, any documentation relating to the counterparty’s interaction with any governmental entity  (or any entity if UK Bribery Act applies) on behalf of the Company, and the counterparty’s obligation to cooperate fully with any such audit; and
• remedies (including termination rights) for the failure of the counterparty to comply with the terms of the contract, the Code of Conduct, the Anti-Corruption Policy and Compliance Manual and other applicable anti-corruption and/or anti-bribery law during the term of such contract.

All contracts that provide for the disbursement of funds by the Company to a third party shall be in writing and shall require the other party to submit a written invoice for payment in compliance with the terms of its contract with the Company. All invoices shall be accompanied by accurate and sufficient supporting documentation for all outlays to third parties.  Contracts requiring the disbursement of funds by the Company for such services shall also require that, unless the Company Compliance Officer or his or her designee determines that payment in another jurisdiction does not violate local law and that a valid business reason for payment in another jurisdiction exists, funds shall be transferred only to a bank account owned by the designated recipient and that such account shall be located in the jurisdiction where the relevant business services are to be performed/occurs.

As we discussed last week, companies can be held liable for the acts of third parties acting on their behalf.  The use of the contracting strategies suggested above will clearly communicate to the Agent and/ or Partner the seriousness of your company’s commitment to abiding by the law and spirit of the FCPA and similar anti-corruption laws and regulations.

—————————————————————————————————————————-

Mary Shaddock Jones has practiced law for 25 years in Texas and Louisiana primarily in the international marine and oil service industries.  She was of the first individuals in the United States to earn TRACE Anti-bribery Specialist Accreditation (TASA).  She can be reached at msjones@msjllc.com or 337-513-0335. Her associate, Miller M. Flynt, assisted in the preparation of this series.  He can be reached at mmflynt@msjllc.com.

—————————————————————————————————————————–

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication.