Real Estate, Trial Lawyers and FCPA Compliance

What do real estate, trial lawyers and Foreign Corrupt Practice Act (FCPA) compliance have in common? One of the maxims you hear about the real estate business, even in the depressed market over the past 18 months, is that the three most important things are: (1) location, (2) location and (3) location. This commentator was a trial lawyer, on the civil side, for about 18 years of his legal career and it was drilled into him that the three most important things a trial lawyer brings to a lawsuit are: (1) venue, (2) venue and (3) venue. 

It was then with some interest that this commentator saw a video on the Project Counsel website (a great resource—they not only blog with summaries of speakers at significant legal conferences but also present interviews with conference speakers on its website), where Project Counsel Managing Director Greg Bufithis, interviewed Tim Parkman, Managing Director of Lessons Learned Ltd, a UK entity which assists companies in implementing compliance and ethics programs. In response to a query by Mr. Bufithis on what was the single most important item for a business which is implementing a compliance and ethics program, Mr. Parkman responded that there were three: “(1) senior management, (2) senior management and (3) senior management.” 

Parkman explained his logic behind this statement of triumviratism because employees will pick up on the differences between what senior management says versus the actions that they might take with regard to compliance and ethics. He cited that a prime example of this is what policy does a company take to punish those employees who may engage in unethical and non-compliant behavior in order to meet company revenue targets versus what rewards are handed out to those employees who integrate such ethical and compliant behavior into their individual work practices going forward? 

A clear example of this is in the area of annual bonuses. Does your company have, as a component of its bonus compensation plan, a part dedicated to compliance and ethics? If so, how is this component measured and then administered? There is very little in the corporate world that an employee notices more than what goes into the calculation of their bonuses. If a company sets expectations early in the year and then follows through when annual bonuses are released, it can send a powerful message to employees regarding the seriousness with which compliance is taken at the company. There is nothing like putting your money where your mouth is for people to stand up and take notice. 

Parkman goes on to say that if you have an employee who meets, or exceeds all his sales targets, but does so in a manner which is opposite to the company’s stated compliance and ethics values, employees will watch and see how that employee is treated. Is that employee rewarded with a large bonus? Is that employee promoted or are the employee’s violations of the company’s compliance and ethics policies swept under the carpet? If the employee is rewarded, or in any way not sanctioned for unethical or non-compliant behavior, it will be noticed and other employees will act accordingly.

In the energy industry, (and probably lots of other industries) there is the following archetypal story. It usually is told about a Regional Manager in the Far East or the Middle East who is alleged to have said some along the following lines, “If I violate the Code of Conduct I may or may not get caught. If I get caught I may or may not be disciplined. But if don’t make my revenue numbers for two quarters I will be fired”. If such a story is allowed to percolate throughout the company, employees will feel that all that matters is hitting their revenue targets, not acting in an ethical and compliant manner. Only senior management can directly speak to this issue and senior management must make clear that “hitting the numbers” in a manner which is antithetical to the company’s compliance and ethics program is not acceptable. But this must be done in both words and actions.

So does your company only “talk the talk” or does it also “walk the walk?”

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com. 

  

© Thomas R. Fox, 2010

Internal Review of a Proposed Foreign Business Partner

In prior blogs, we explored how to rank Foreign Business Partners so that you can begin an appropriate due diligence process. We also explored what you might wish to investigate during the due diligence process. A Foreign Business Partner Review Committee should be established which is tasked with reviewing all the investigative due diligence and the Business Unit’s case for partnering with the person or entity. The next area of review should of the proposed Foreign Business Partner’s ethics and compliance program. Such a program should have, at a minimum, the following elements of a Foreign Corrupt Practices Act (FCPA)-style compliance program in place.

• Your Foreign Business Partner should…
o have a restriction on facilitation payments, gifts, entertainment and travel;
o require proper accounting and invoicing;
o have policies that flow down to any sub-vendors under the Foreign Business Partner

If the Foreign Business Partner’s program does not meet your Company’s, or the FCPA, standards you should require the implementation of a program that will meet those suggested in the US Sentencing Guidelines so that it will meet Department of Justice (DOJ) approval.

The next area of review by the Foreign Business Partner Review Committee is the proposed contract with the Foreign Business Partner. The contract must have compliance obligations stated in the formation documents, whether it is a simple agency or consulting agreement or a joint venture with several formation documents. All formation agreements should include representations that in all undertakings the Foreign Business Partner will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, or candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the Company is a participant.

In addition to the above affirmative statement regarding conduct, you should have the following contractual clauses in your Foreign Business Partner contract.

• Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
• Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of Foreign Business Partner emails and bank accounts relating to your Company’s use of the Foreign Business Partner.
• Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further such a finding will be the grounds for immediate cessation of all payments.
• No Sub-Vendors (without approval): The Foreign Business Partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
• Audit Rights: An additional key element of a contract between a US Company and a Foreign Business Partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
• Acknowledgment: The Foreign Business Partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws which apply to either the Foreign Business Partner or business relationship.
• On-going Training: Require that the top management of the Foreign Business Partner and all persons performing services on your behalf shall receive FCPA compliance training.
• Annual Certification: Require an annual certification stating that the Foreign Business Partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
• Re-qualification: Require the Foreign Business Partner re-qualify as a business partner at a regular interval of no greater than every three years.

Engaging in due diligence of a proposed Foreign Business Partner is but one of the many steps required to approve a person or entity who will represent your Company overseas, thereby creating a FCPA exposure. However, there are additional steps which you should employ internally in the Foreign Business Partner review process, some of which have been discussed above. Strong compliance terms and conditions are critical for the management of the relationship going forward. The Foreign Business Partner Review Committee must certify that the appropriate terms and conditions are in place to protect against a FCPA compliance violation and, should one occur, your Company can extricate itself immediately from doing business with such a a Foreign Business Partner instead of vendor.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

RISK-BASED COMPLIANCE

A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. The findings revealed the following: 53% of companies do not disseminate their internal codes of conduct to third parties; only 26% require third parties to certify to their own codes; and just 17% of the respondents have any third party codes of conduct.

For those companies which now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how, and perhaps where, do they begin? The approach that appears to be gaining the most traction both with regulators and learned commentators is to develop a risk based approach to FCPA compliance. There is no specific Department of Justice (DOJ) guidance on any one specific process for a risk based compliance system. However, there is sufficient guidance in other FCPA and analogous compliance areas, such that direction can be provided to US and foreign companies in this area.

Writing in the FCPABlog, Scott Moritz of Daylight Forensic & Advisory suggested that a risk-based approach based upon the regulatory programs in Anti-Money Laundering (AML) governance. In the AML areas, the concept is that certain parties, including vendors, represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment and dollar volume – are all risk indicators.

This risk-based approach was commented upon, favorably by the DOJ, in Release Opinion 08-02. In this Release Opinion the DOJ reviewed and approved Halliburton’s proposed acquisition of the UK entity Expro. The DOJ spoke directly to a risk based approach by that Halliburton had agreed to provide the following:

. . . a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which will address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. Such work plan will organize the due diligence effort into high risk, medium risk, and lowest risk elements.

This risk-based approach has also been accepted by UK’s Financial Services Authority (FSA) in its settlement of the enforcement action against the insurance giant AON earlier this year. As a part of the settlement AON agreed to the following:

AON…designed and implemented a global anti-corruption policy … limiting the use of third parties … whose only service to AON is assisting it in the obtaining and retaining of business solely through client introductions in countries where the risk of corrupt practices is anything other than low. These jurisdictions are defined by reference to an internationally accepted corruption perceptions index. Any use of third parties not prohibited by the policy must be reviewed and approved in accordance with global anti-corruption protocols.

How does a company implement this guidance? Scott Moritz suggests that key to any risk-based approach is “the strategic use of information technology, tracking and sorting the critical elements — including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.”

The uses of a risk based compliance system can be myriad. The Release Opinion 08-02 system was in response to an international acquisition. Such systems can also be used to rank and assist in the evaluation of business partners or supply chain vendors. But, however such a system is used, the clear import from the DOJ, FSA and learned commentators is that some type of rational system should be put in place and followed.

What is your compliance relationship with your business partners?

Most companies understand that certain business relationship present more risk than others. This situation is also present under the FCPA. In its 2008 Anti-Bribery and Anti-Corruption Survey, KPMG noted that 76% of the respondents reported that assessing FCPA risk was “challenging”. Further 82% of respondents reported that performing effective due diligence on third parties was noted to be “challenging”. This information was reported from a survey of 103 business executives who have direct responsibility for FCPA compliance within their organizations.

This is in contrast to some companies such as GE and HP which make clear upfront that they demand robust compliance business practices from the third parties with which they do business; including vendors, suppliers and channel operations business partners. GE states in its Integrity Guide for Suppliers, Contractors and Consultants, “Suppliers that transact business with GE are also expected to comply …and adhere to the standards of business conduct consistent with GE’s obligations as set forth in the ‘GE Compliance Obligations…”. In October, 2009, HP sent an announcement out to its over 155,000 channel partners that they had to complete compliance training (and pay for it) by the end of October or risk losing their status with HP.

What is your compliance relationship with business partners?