Distributors under the FCPA – Post Game Wrap Up

This week we have focused on distributors and how a company might think through ranking the risk, performing due diligence on and, finally, how to manage distributors going forward. This was spurred on by a discussion that David Simon and I had engaged in previously on LinkedIn. In today’s post I will try and wrap up and wrap together our approaches so that you might decide which works best for you and your organization.

But first I must note the passing of one of the most famous Texans of the 20th Century, Van Cliburn, the pianist who won the first-place award at the 1958 Tchaikovsky International Competition in Moscow. His gold medal in the inaugural year of the Tchaikovsky competition, won in Moscow, was viewed at the time as an American triumph over the Soviet Union at the height of the cold war. He became a cultural celebrity of pop-star dimensions and brought overdue attention to the musical assets of his native land. But he gave back as well, starting his own piano competition which also became world famous.

While I had been initially skeptical of David’s approach, as I read his White Paper on the subject and his guest post this week, I became convinced that his approach has merit because it follows what is set out in the recently released Department of Justice (DOJ)/Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Guidance, which I quote from the introductory section of the Ten Hallmarks of an Effective Compliance Program:

Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffec­tive. Because each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corpo­rate compliance program most appropriate for that particu­lar business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.[emphasis supplied]

Based upon this language, I believe that if a company takes a carefully designed and  reasoned approach to assessing the risk of its distributors and then manages that risk, it is something that meets the above prescription from the FCPA Guidance. While I believe that distributors should be considered the same as agents under the FCPA, I am persuaded that David’s approach meets the cited recommendation from the FCPA Guidance.

I.                   Fox Approach – The Full Monty Approach

While I wish I had thought of that name I have to credit it to Simon. In 2012, there were three enforcement actions which I believe made clear that there were no distinctions between agents and distributors. They were, the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations. I reviewed the enforcement actions and based upon the deficiencies noted by both the DOJ and SEC, that these enforcement agencies were classing distributors the same as agents or other similar entities in the sales chain.

In the S&N enforcement action, it was clear that S&N had not performed sufficient due diligence on these distributors nor did they document any due diligence that they may have engaged in. In the Lilly case, the policies and procedures in place to flag unusual distributor discounts were deficient as the enforcement action “noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” In the Oracle enforcement action it demonstrated that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account and that Oracle needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. What I gleaned from these enforcement actions was that the full five steps suggested for agents and other third parties in the sales chain was needed for distributors. They are (1) Business Justification; (2) Due diligence, the level being based on your risk assessment; (3) Evaluation of due diligence; (4) Written contract with compliance terms and conditions; and (5) Management of the relationship going forward.

II.                Simon Approach – The Agency Approach

Simon advocated that a risk analysis should more appropriately based on the nature of a company’s relationships with their distributors. The goal should be to determine which distributors are the most likely to qualify as agents; for whose acts the company would likely to be held responsible.  He argues that it is a continuum of risk; that is, on the low-risk end are distributors that are really nothing more than re-sellers with little actual affiliation with the supplier company. On the high-risk end are distributors who are very closely tied to the supplier company, who effectively represent the company in the market and end up looking more like a quasi-subsidiary than a customer.

Simon looks at agency principles to guide his analysis of whether a distributor qualifies as an agent for FCPA purposes. He argues that factors to consider include:

• The volume of sales made to the distributor;
• The percentage of total sales of the distributor’s total business the principal’s product represents;
• Whether the distributor represents the principal in the market, including whether it can (and does) use the company trademarks and logos in its business; and
• Whether the principal company is involved in the running of the distributor’s business (such as by training the distributor’s sales agents, imposing performance goals and objectives, or providing reimbursement for sales activity).

Once a company segregates out the high-risk distributors that likely qualify as agents and potentially subject the company to FCPA liability from those that are mere resellers and pose less FCPA risk, FCPA compliance procedures can be tailored appropriately. For those distributors that qualify as “agents” and also pose FCPA risk, full FCPA due diligence, certifications, training and contract language are imperative. For those that do not, more limited compliance measures that reflect the risk-adjusted potential liability are perfectly appropriate.

III.              Athanas Approach – Management of the Relationship

I often say that once you have a business justification, perform and evaluate due diligence on an agent and then ink a contract; your real work now begins as you have to manage that relationship going forward. Athanas set out a plan to assist in that management component under which he provides a framework to help provide a business justification, assess/manage and document any discount offered to a distributor; all of which he calls the ‘Discount Authorization Request’ (DAR) and states as follows:

1.         Capturing and Memorializing Discount Authorization Requests

 Athanas says that it all begins with a DAR. This is so important that he argues a DAR template should be prepared, which is designed to capture the particulars of a given request and allow for an informed decision about whether it should be granted. Because the specifics of a particular DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated as well as an explanation in the business justification for the elevated discount. In addition, the DAR template should be designed so as to identify gaps in compliance that may otherwise go undetected.

2.         Evaluation and Authorization of DARs

The next step is that channels should be created to evaluate DARs. The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval. Athanas believes that three levels of approval are sufficient, but can be expanded or contracted as necessary. The key is the greater the discount contemplated, the more scrutiny the DAR should receive. The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently.

3.         Tracking of DARs

Lastly comes the Document, Document, Document component. Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied. The documentation of the total number of DARs allows companies to more accurately determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company. This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.

IV.              Bringing It All Home

You do not have to dream like Van Cliburn did but you can try other or new approaches. Whether you use the Fox ‘Full Monty’ approach or the Simon ‘Agency’ approach will depend on many different factors unique to your organization. You are only limited by your imagination. There may well be other approaches you can take if they are carefully thought out and well-reasoned.

But whatever approach you take on risk ranking and performing due diligence on your distributors, I would urge you to use Athanas’ DAR system or something similar to it. While it is of the utmost importance that you do so from the compliance perspective, the business reason is even more compelling. A company really does need to know what discounts it is giving to distributors and why they are receiving said discounts.

I hope that you have enjoyed our discussion and dialogue on distributors this week. I wanted to thank, once again, David Simon and Bill Athanas for their most excellent and timely posts. I certainly have learned quite a bit.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

What Enforcement Actions Based On Distributor Conduct Teach About Improving FCPA Compliance Programs

Ed. Note-today we have a guest post by our colleague, William C. Athanas, a partner in the law firm of Waller Lansden Dortch & Davis, LLP. In the prior two posts, David Simon and myself posited different approaches to analyzing the risks that distributors present under the FCPA. In this post, Bill suggests an approach for managing the risks that distributors present under the FCPA. 

———————————————————————————————————————————————————————-

In a recent post, Distributors Under the FCPA, Tom Fox detailed three enforcement actions filed in 2012 which show that the actions of distributors can create FCPA liability for the companies that hire them.  The Smith & Nephew, Oracle and Lilly actions summarized in Tom’s post demonstrate the continuing viability of distributor conduct as the basis for FCPA enforcement actions by aligning with previous cases (such as GE InVision and AGA Medical) also grounded on that theory.  Together, those cases make plain that the government perceives no distinction between distributors and any other kind of intermediary used as a conduit for bribe payments.  Tom’s post offers a useful jumping-off point an equally significant and far less apparent lesson:  just because distributors’ actions can give rise to FCPA exposure does not mean that companies are best served by relying on traditional compliance measures to mitigate the risk they present.

FCPA exposure arises when companies pay money – either directly or indirectly – to fund bribe payments.  In the traditional intermediary scenario, the company funnels money to the agent or consultant, who then passes on some or all of it to the bribe recipient.  Often, the payment is disguised as compensation to the intermediary, and some portion is redirected for corrupt purposes.

But distributors are an atypical intermediary, at least where compensation is concerned.  Unlike the standard intermediary relationship, companies generally do not transfer funds to distributors as payment for services rendered.  Rather, as Fox explained in a prior post, What’s in a Name: Agents, Resellers and Distributors under the FCPA, distributors make money by buying goods for one price and selling them for a higher amount.  As a result, the greater the discount provided to the distributor, the more money available to pay bribes.

When companies grant distributors uncommonly steep discounts, bribes can result either: 1) because the distributor is instructed by the company to use the excess amounts to fund corrupt payments; or 2) because the distributor pays bribes on its own, without the express direction or implicit suggestion from the company to do so, in an effort to gain some business advantage.  (Note on this issue the reference in the Resource Guide to the U.S. Foreign Corrupt Practices Act  recently released by the DOJ and SEC, which notes that common red flags associated with third parties include “unreasonably large discounts to third-party distributors”).  The distributor enforcement cases offer lessons to combat the second scenario, which is where legitimate companies require assistance.

Assuming that the company’s desire is not to use its distributors as a conduit for paying bribes, how can it manage the FCPA risk that distributors present?  By installing a distributor discount policy and monitoring system tailored to the company’s operational structure.  In virtually every business, there exists a range of standard discounts granted to distributors.  Under the approach recommended here, discounts within that range may be granted without the need for further investigation, explanation or authorization (absent, of course, some glaring evidence that the distributor intends use even the standard cost/price delta to fund corrupt payments).

Where the distributor requests a discount above the standard range, however, the policy should require a legitimate justification.  Evaluating and endorsing that justification requires three steps:  (1) relevant information about the contemplated elevated discount must be captured and memorialized; (2) requests for elevated discounts should be evaluated in a streamlined fashion, with tiered levels of approval (higher discounts require higher ranking official approval); and (3) elevated discounts are then tracked, along with their requests and authorizations, in order to facilitate auditing, testing and benchmarking.  The basics concepts underlying each step are discussed below.

1.         Capturing and Memorializing Discount Authorization Requests

Through whatever means are most efficient, a discount authorization request (“DAR”) template should be prepared.  While remaining mindful of the need to strike a balance between the creation of unnecessary red tape and the need to mitigate risk, the DAR template should be designed to capture the particulars of a given request and allow for an informed decision about whether it should be granted.  Because the specifics of a particular DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated (e.g., whether as a request from the distributor or a contemplated offer by the company) as well as explain the legitimate justification for the elevated discount (e.g, volume-based incentive).  In addition, the DAR template should be designed so as to identify gaps in compliance that may otherwise go undetected (e.g., confirmation that the distributor has executed a certification of FCPA compliance).

2.         Evaluation and Authorization of DARs

Channels should be created to evaluate DARs submitted.  The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval.  Usually, three levels of approval are sufficient, but this can expanded or contracted as necessary.  Ultimately, the greater the discount contemplated, the more scrutiny the DAR should receive.  Factors to be considered in constructing the approval framework include the expected volume of DARs and the current organizational structure.  The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently.

3.         Tracking of DARs

Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied.  This captured data can provide invaluable insight into FCPA compliance and beyond.  By tracking the total number of DARs, companies will find themselves better able to determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company (e.g., confirming the existence of a completed and approved DAR is an excellent objective measure for internal audit to perform as part of its evaluation of the company’s FCPA compliance measures).  This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.

Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions and FCPA Guidance have provided insight into how the government interprets and enforces the FCPA.  This information, in turn, allows companies to get smarter about FCPA compliance.  With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations.  Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, which can be invaluable in responding to a government inquiry.

———————————————————————————————————————————————————————-

Bill Athanas served as a member of the Justice Department’s Fraud Section and later as an Assistant U.S. Attorney in the Northern District of Alabama.  Currently, he is a partner based out of the Birmingham, Alabama office of Waller Lansden Dortch & Davis, LLP.  His practice focuses on white collar criminal defense, including providing FCPA advice and counsel to privately held and publicly traded companies operating in a wide range of industries and geographic regions. He can reached at Bill.Athanas@wallerlaw.com. 

============================================================================================

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.

Analyzing the Risk of Distributors Under the FCPA-the Simon Approach

Ed. Note-we continue are series on the risk analysis and assessment of distributors under the FCPA and management of that risk. Today, David Simon contributes a guest post where he articulates another approach to the risk analysis of distributors. 

============================================================================================

Tom and I have been engaged in an interesting discussion (interesting to us, as FCPA geeks, anyway) about the FCPA risk posed by distributors and the most appropriate compliance response to that risk.  Tom correctly focuses on the risk posed by distributors and recommends that companies apply “Full Monty” third-party due diligence procedures to distributors to minimize that risk.  Based some work counseling mid-sized companies with limited compliance resources, I have focused on the practical challenges that approach presents, and have proposed an analytical framework for conducting a risk-based approach to assessing FCPA exposure, which can be used to sensibly and reasonably allocate compliance resources.

It seems that everyone agrees on a couple of key points.  First, it is clear that distributors do pose FCPA risk.  Indeed, the majority of enforcement actions over the past several years have involved at least some alleged violations by third parties, including some involving distributors.  Second, there is no question that a company will be held responsible for improper payments made by a distributor if the company actually knows about or participates in the improper payments.

My focus is on FCPA liability for acts of distributors that is premised on “willful blindness.”  A significant benefit from third-party due diligence is protection against a “willful blindness” FCPA charge if a distributor makes an improper payment on the company’s behalf.

Here’s the problem:  Some companies employ vast distributor networks, sometimes including hundreds, if not thousands, of distributors around the world.  Many distributors are more like customers than agents – they merely purchase a product and resell it to others, often in conjunction with other products purchased from other manufacturers.  Is it really practical and  necessary to conduct full FCPA due diligence on every one of those distributors?  Do the U.S. companies in these situations even have the leverage to insist on FCPA representations and warranties in the written agreements, to demand audit rights, and to require certifications by and training of these distributors?  The question thus arises whether U.S. companies are faced with a difficult choice either to accept substantial FCPA risk or to devote disproportionate resources to running an FCPA compliance program that fully vets all distributors.

I think the answer to this question is “no,” and that there is a practical way to minimize the FCPA risk associated with a global distributor network without devoting an unreasonable and disproportionate amount of resources to compliance.  The key, in my view, is to employ a risk-based approach to distributor compliance, focusing on those relationships that pose the greatest FCPA risk.  The U.S. government has endorsed the use of a risk-based approach to FCPA compliance – and the agencies emphasized this point in the recent FCPA Resource Guide — and I see no reason why those principles should not apply equally in this context.

The first step in a risk-based approach is to identify those parts of the distribution network that pose the greatest FCPA risk.  Companies should look at the countries of operation, including their respective reputations for corruption, the end-user base (are there government contacts or state-owned enterprise customers?), the level of government regulation and the amount of interaction with the government, the industry, and other factors that would help assess FCPA risk generally.  Those parts of the world and parts of the company’s operation that pose the greatest risk should get the greatest attention.  Distributors in Norway who sell to private commercial customers will require less scrutiny than those in India who bid on government contracts.

But companies following a risk-based approach should take this risk analysis a step further and focus on the nature of their relationships with their distributors.  The goal should be to determine which distributors are the most likely to qualify as agents, for whose acts the company is likely to be held responsible.  Think about this as a continuum of risk.  On the low-risk end are distributors that are nothing more than re-sellers with little actual affiliation with the supplier company.  On the high-risk end are distributors who are very closely tied to the supplier company, who effectively represent the company in the market and end up looking more like a quasi-subsidiary than a customer.

In order to determine where a distributor falls on this continuum of risk basic principles of agency law are instructive.    The Restatement (Third) of Agency defines agency as “the fiduciary relationship that arises when one person (a ‘principal’) manifests assent to another person (an ‘agent’) that the agent shall act on the principal’s behalf and subject to the principal’s control, and the agent manifests assent or otherwise consents so to act.”  It is this relationship that gives rise to potential FCPA liability for the actions of distributors.

As with liability for a principal in any agency relationship, whether a distributor qualifies as an agent for FCPA purposes should turn on the amount of control a principal exerts over the distributor and whether the distributor is seen to be acting under the authority of the principal.  Factors to consider include:

• The volume of sales made to the distributor;

• The percentage of total sales of the distributor’s total business the principal’s product represents;

• Whether the distributor represents the principal in the market, including whether it can (and does) use the company trademarks and logos in its business; and

• Whether the principal company is involved in the running of the distributor’s business (such as by training the distributor’s sales agents, imposing performance goals and objectives, or providing reimbursement for sales activity).

Once a company segregates out the high-risk distributors that likely qualify as agents and potentially subject the company to FCPA liability from those that are mere resellers and pose less FCPA risk, FCPA compliance procedures can be tailored appropriately.  For those distributors that qualify as “agents” and also pose FCPA risk, full FCPA due diligence, certifications, training and contract language are imperative.  For those that do not, more limited compliance measures that reflect the risk-adjusted potential liability are perfectly appropriate.

———————————————————————————————————————————————————————-

David Simon, a partner at Foley & Lardner, defends corporations in government enforcement actions, conducts internal investigations, and provides compliance advice and counseling.  He specializes in the FCPA and other anti-corruption laws. He can be reached at DSimon@foley.com

———————————————————————————————————————————————————————-

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. 

Distributors Should Be Analyzed As Any Other Third Party Representative in the Sales Chain

Ed. Note-David Simon is a partner at Foley and Lardner and Bill Athanas is a partner at Waller Lansden Dortch & Davis, LLP. Both have practices which include FCPA compliance.  After my recent post on distributors under the FCPA, David and I had a dialogue on how distributors should be reviewed and analyzed under the FCPA. Bill also had some thoughts on the subject. I asked them if they would contribute guest posts with their ideas.

As this is the first time that I have had a dialogue with two other FCPA practitioners based on a post, this week we will have 3 days of discussion and dialogue on distributors. Today, I provide my suggestions on how to risk rank and the manage distributors. Tomorrow, Daivd will contribute his thoughts on a different approach. On Wednesday, Bill will lay out his ideas on the topic. Finally on Thursday I will try to wrap up and weave together our three articles. I hope that you will find this series instructive and useful. I know I certainly have in my dialogues with these two other excellent FCPA compliance practitioners.

In today’s post, I advocate that distributors should be treated as any other third party representative in the sales chain; IE., agents and resellers.

============================================================================================

In 2012, there were three enforcement actions which I believe made clear that there were no distinctions between agents and distributors. They were, the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations.

These enforcement actions involved three separate bribery schemes which I believe call for three different but overlapping responses. In the case with Lilly, the SEC Complaint noted the following “Lilly-Brazil’s pricing committee approved the discounts without further inquiry. The policies and procedures in place to flag unusual distributor discounts were deficient.” Lastly, as stated by Matt Ellis, the enforcement action “noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.”

The Lilly enforcement action also makes clear the need for internal audit to follow up with ongoing monitoring and auditing. Internal audit can be used to help determine the reasonableness of a commission rate outside the accepted corporate norm. As stated by Jon Rydberg, of Orchid Advisors, in an article entitled “Eli Lilly’s Remedial Efforts for FCPA Compliance – After the Fact”, the company should be “implementing compliance monitoring and corporate auditing specifically tailored to anti-corruption” for the distributor sales model.

The Oracle enforcement action demonstrates that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account. The Company needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. Oracle should have sought to either (1) seek transparency in its dealing with the distributor or (2) audit third party payments made by the distributors on Oracle’s behalf, both of which would have enabled the Company to check that payments were made to appropriate recipients.

What are some of the factors that demonstrate the distributors used by S&N were fraudulent and did not have a legitimate business purpose? It was clear that S&N did not perform sufficient due diligence on these distributors nor did they document any. I would note that the distributor was domiciled in a location separate and apart, the UK, from the sole location it was designed to deliver products or services into, Greece. This clearly demonstrated that the entities were used for a purpose that the company wished to hide from Greek authorities. While it is true that a distributor might sell products into a country different than its domicile, if the products are going into a single country, this should have raised several Red Flags.

However, the biggest indicium of corruption was the amount of the commission paid. The traditional sales model for a distributor has been to purchase a product, take the title, and therefore the risk, and then sell it to an end user. Based upon this sales model, there has been a commission structure more generous than those usually accorded a reseller or sales agent, who is usually only a negotiator between the Original Equipment Manufacturer (OEM) and the end user. This difference in taking title, and risk of loss, have led to a cost structure which has provided a deeper discount of pricing for distributors than commission rates paid to resellers or sales agents. The sales structure used by S&N had pricing discounts of between 26-40% off the list price. Further, this money was used precisely to pay bribes to Greek Doctors to use S&N products.

These three enforcement actions make clear that distributors will be treated like any other representative in the sales chain. This means that distributors need to go through the same rigorous due diligence and review, contracts and management going forward as agents or resellers.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2013

What’s in a Name: Agents, Resellers and Distributors under the FCPA

What is in a name? The terms agent, reseller and distributor are sometimes used interchangeably in the business world. However in the legal world they usually have distinct definitions. An agent can be generally defined as is a person who is authorized to act on behalf of another to create a legal relationship with a Third Party. An agent can also be a person who makes introductions and generally facilitates relationships between the seller of goods or services and end-using buyer. Such an agent usually receives some type of percentage of the final sale as his commission. An in-country national agent is often required in most Middle East and Far East countries. A reseller can be generally defined as a company or individual that sells goods to an end-using buyer. A reseller does not take title and thereby own the goods; the reseller is usually a conduit from the seller to the end-using buyer. A reseller usually receives a flat commission for his services, usually between 5-10% of the final purchase price. This format is often used in the software and hardware industries. A distributor can be generally defined as a company or individual which purchases a product from an original equipment manufacturer (OEM) and then independently sells that product to an end user. A distributor takes title, physical possession and owns the products. The distributor then sells the product again to an end-using purchaser. The distributor usually receives the product at some discount from the OEM and then is free to set his price at any amount above what he paid for the product. A distributor is often used by the US manufacturing industry to act as a sales force outside the US. 

The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases involving both agents and resellers are they are the most clearly acting as representatives of the companies whose goods or services they sell for in foreign countries. However many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. They believe that as the distributor takes title and physical possession of the product, the legal risk of ownership has shifted to the distributor. If the goods are damaged or destroyed, the loss will be the distributor’s not the US business which manufactured the product. Under this same analysis, many US companies believe that the FCPA risk has also shifted from the US company to the foreign distributor. However such belief is sorely miss-placed. 

As almost everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. But many US companies view distributors as different from other types of sales representatives such as company sales representatives, agents, resellers or even joint venture partners, for the purposes of FCPA liability. However the Department of Justice (DOJ) takes the position that a US company’s FCPA responsibilities extend to the conduct of a wide range of third parties, including the aforementioned company sales representatives, agents, resellers, joint venture partners but also distributors. No U.S. company can ignore signs that its distributors may be violating the FCPA. Company management cannot engage in conscious avoidance to the activities of a distributor that the company has put into a business position favorable to engaging in FCPA violations. Court interpretation of the FCPA has held that it is applicable where conduct violative of the Act is used to “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. 

This scenario played out in China from 1997 to 2005 through AGA Medical Corporation. The Minnesota-based firm manufactured products used to treat congenital heart defects. To boost is China sales, AGA worked through its Chinese distributor. AGA sold products at a discounted rate to its Chinese distributor. This distributor then took some of the difference between his price from the equipment manufacturer AGA and the price he sold the equipment to Chinese hospitals to and paid corrupt payments to Chinese doctors to have them direct their government-owned hospitals to purchase AGA’s products. Its sales in China for the period were about $13.5 million. The Chinese distributor was found to have paid bribes in China of at least $460,000 to doctors in government-owned hospitals and patent-office officials. In 2008, AGA agreed to pay a $2 million criminal penalty and enter into a deferred prosecution agreement with the Department of Justice to settle Foreign Corrupt Practices Act violations. 

The same game was played by a Volvo subsidiary, Volvo Construction Equipment International (“VCEI”) when it used a Tunisian distributor to facilitate additional sales of its products to Iraq. VCEI reduced its prices to enable the distributor to make the illegal payments based on bogus after-sales service fees. Volvo’s 2008 settlement with the SEC included an agreement permanently enjoining it from future violations of Sections, ordering it to disgorge $7,299,208 in profits plus $1,303,441 in pre-judgment interest, and to pay a civil penalty of $4,000,000. In addition to this fine imposed by the SEC, Volvo also paid a $7,000,000 penalty pursuant to a deferred prosecution agreement with the DOJ. 

So what is in a name? Do we simply look to Shakespeare and his immortal words, “”What’s in a name? That which we call a rose; By any other name would smell as sweet.” Unfortunately I do not think the answer is quite so ethereal. It is more down to earth. If it walks like a duck and quacks like a duck, it probably is a duck. If you have a distributor, it must be subjected to the same FCPA scrutiny and management as an agent, reseller or joint venture partner. 

                                    *                      *                      * 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com. 

© Thomas R. Fox, 2010

Maintaining a Relationship with a Foreign Business Partner under the FCPA after the Contract is Signed – Monitor, Monitor, and then, Monitor

In previous blogs postings, we have shared our thoughts on other aspect of the Foreign Business Partner (foreign agents, reseller, distributors or any person/entity representing the company overseas) relationship including how to evaluate the Foreign Corrupt Practices Act (FCPA) compliance risk; how to perform due diligence on prospective Foreign Business Partners; how to internally evaluate the information obtained through such due diligence; and what compliance contract terms and conditions you should set for the Foreign Business Partners. In this posting, we will discuss the steps a US company must follow to implement a procedure to monitor the actions of a Foreign Business Partner going forward.

DPA Guidance

In its Deferred Prosecution Agreement (DPA) with the Monsanto Company for their FCPA violations, the Department of Justice (DOJ) provided some guidance on the continuing obligation to monitor Foreign Business Partners. In the Monsanto DPA, the DOJ agreed, after the initial due diligence and appropriate review were completed on Foreign Business Partners, for Monsanto to implement certain post contract procedures. These requirements to Monsanto can be used as guidelines as to what the DOJ will look for from other US companies who have entered into relationships with Foreign Business Partners; especially in the area of monitoring the foreign business partner.

A US company should, on a periodic basis of not less than every three years, conduct rigorous compliance audits of its operations with the foreign business partners. This monitoring would include, but not be limited to, detailed audits of the foreign business partner unit’s books and records, with specific attention to payments and commissions to agents, consultants, contractors, and subcontractors with responsibilities that include interactions with foreign officials and contributions to joint ventures. The compliance audit should include interviews with employees, consultants, agents, contractors, subcontractors and joint venture partners. Lastly, a review of the FCPA compliance training provided to the foreign business partner should be included.

Ongoing Oversight

In addition to the DOJ guidance provided in the Monsanto DPA, it is recommended that there be substantial involvement not only by the business unit most closely involved with the Foreign Business Partner, but also by Legal; Compliance and other departments which would assist in completing the functions as outlined by the Monsanto DPA. The most significant reason for maintaining a post-contract relationship is to ensure the business units remain engaged in the Foreign Business Partner process. This involvement can also include some of the following participation, the senior business Vice President for the region where the Foreign Business Partner operates should annually call upon the Foreign Business Partner, in-person, to review all of the prospective business proposals and concluded business transactions that the Foreign Business Partner has engaged in. This annual VP review must not take the place of a legal or compliance review but should focus on the relationship from the business perspective.

Managing the risk of a relationship with a foreign business partner is one of the most critical aspects of a FCPA compliance program. The documented risk for the potential violation of the FCPA by a foreign business partner to a US company is quite high. To engage a foreign business partner, in a manner that properly assesses and manages the risk to, and for, a US company, requires a committee of time, money and substantial effort. However, with a compliance based risk management procedure in place, the risk can be properly managed and a foreign business relationship can be successful for all parties.

This publication contains general information only and is based on the experiences and research of the Author. The Author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The Author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the Author. The Author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

RISK-BASED COMPLIANCE

A recent benchmarking survey of Third Party Codes of Conduct was conducted by the Society of Corporate Compliance and Ethics (SCCE) and reported on by Rebecca Walker. The findings indicated that a majority of companies with an otherwise robust compliance program do not extend this to third parties with which they conduct business. The findings revealed the following: 53% of companies do not disseminate their internal codes of conduct to third parties; only 26% require third parties to certify to their own codes; and just 17% of the respondents have any third party codes of conduct.

For those companies which now desire to evaluate their third party business partners for Foreign Corrupt Practices Act (FCPA) compliance, how, and perhaps where, do they begin? The approach that appears to be gaining the most traction both with regulators and learned commentators is to develop a risk based approach to FCPA compliance. There is no specific Department of Justice (DOJ) guidance on any one specific process for a risk based compliance system. However, there is sufficient guidance in other FCPA and analogous compliance areas, such that direction can be provided to US and foreign companies in this area.

Writing in the FCPABlog, Scott Moritz of Daylight Forensic & Advisory suggested that a risk-based approach based upon the regulatory programs in Anti-Money Laundering (AML) governance. In the AML areas, the concept is that certain parties, including vendors, represent a higher compliance risk than others. Geography, nexus to government officials, business type, method of payment and dollar volume – are all risk indicators.

This risk-based approach was commented upon, favorably by the DOJ, in Release Opinion 08-02. In this Release Opinion the DOJ reviewed and approved Halliburton’s proposed acquisition of the UK entity Expro. The DOJ spoke directly to a risk based approach by that Halliburton had agreed to provide the following:

. . . a comprehensive, risk-based FCPA and anti-corruption due diligence work plan which will address, among other things, the use of agents and other third parties; commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangements; customs and immigration matters; tax matters; and any government licenses and permits. Such work plan will organize the due diligence effort into high risk, medium risk, and lowest risk elements.

This risk-based approach has also been accepted by UK’s Financial Services Authority (FSA) in its settlement of the enforcement action against the insurance giant AON earlier this year. As a part of the settlement AON agreed to the following:

AON…designed and implemented a global anti-corruption policy … limiting the use of third parties … whose only service to AON is assisting it in the obtaining and retaining of business solely through client introductions in countries where the risk of corrupt practices is anything other than low. These jurisdictions are defined by reference to an internationally accepted corruption perceptions index. Any use of third parties not prohibited by the policy must be reviewed and approved in accordance with global anti-corruption protocols.

How does a company implement this guidance? Scott Moritz suggests that key to any risk-based approach is “the strategic use of information technology, tracking and sorting the critical elements — including risk-ranking, as well as enhanced due diligence and ongoing monitoring of high-risk parties proportionate to their risk profiles.”

The uses of a risk based compliance system can be myriad. The Release Opinion 08-02 system was in response to an international acquisition. Such systems can also be used to rank and assist in the evaluation of business partners or supply chain vendors. But, however such a system is used, the clear import from the DOJ, FSA and learned commentators is that some type of rational system should be put in place and followed.

Establishing Relationships with Foreign Business Partners—Due Diligence, Due Diligence and then Due Diligence

There are several critical components in the selection, use and retention of any Foreign Business Partner, such as agents, resellers, joint venture partners or distributors. In view of the critical risks a US Company must manage when entering into a relationship with a Foreign Business Partner, the US Company should, prior to establishing the relationship, kick off the risk management process by initiating thorough due diligence on the proposed Foreign Business Partner. The due diligence process should contain, at a minimum, inquiries into the following areas:

• Need for the relationship with a Foreign Business Partner: The Company Business Team or Business Person should articulate the business case for the proposed Foreign Business Partner relationship. This must be approved by management before it goes to legal or compliance for review.

• Credentials: List the critical reasons for selection of the proposed Foreign Business Partner. This should include a discussion of the business partner’s background and experience.

• Ownership Structure: Describe whether the proposed Foreign Business Partner is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials?

• Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed Foreign Business Partner. Obtain financial records, audited for 3 to 5 years, if available.

• Personnel: Determine whether the Foreign Business Partner will be providing personnel, particularly whether any of the employees are government officials. Obtain the names and titles of those who will provide services to the US Company.

• Physical Facilities: Describe what physical facilities will be provided by the Foreign Business Partner. Who will provide the necessary capital for their upkeep?

• Reputation: Describe the business reputation of the proposed Foreign Business Partner in its geographic and industry-sector markets.

These due diligence inquiries are required under the Federal Sentencing Guidelines and the guidance offered by the Department of Justice (DOJ) Opinion Releases and the publicly released Plea Agreements and Deferred Prosecution Agreements (DPA) entered into by US companies who admit to violating the Foreign Corrupt Practices Act (FCPA). This due diligence should be recorded and maintained by the US Company for review, if required, by a governmental agency. Some of the due diligence can be handled by the US Company’s in-house legal and/or compliance groups. However, it is recommended that for any high risk Foreign Business Partner, an outside forensic auditing firm and outside legal counsel be retained to conduct the due diligence investigations. This brings a level of expertise usually not available within a corporation plus an outside perspective less susceptible to in-company business pressures.

After this initial inquiry is concluded the US Company should move forward to perform a background check on a prospective Foreign Business Partner by using the following resources:

• References: Obtain and contact a list of business references.

• Embassy Check: Obtain information regarding the intended business partner from the local US Embassy, including an International Company Profile Report.

• Compliance Verification: Determine if the Foreign Business Partner, and those person within the Foreign Business Partner who will be providing services to the US Company, have reviewed or received FCPA training.

• Foreign Country Check: Have an independent third party, such as a law firm; investigate the business partner in its home country to determine compliance with its home country’s laws, licensing requirements and regulations.

• Cooperation and Attitude: One of the most important inquiries is not legal but based upon the response and cooperation of the Foreign Business Partner. Did the business partner object to any portion of the due diligence process? Did it object to the scope, coverage or purpose of the FCPA? In short, is the business partner a person or entity that the US Company is willing to stand up with under the FCPA?

After a company completes these due diligence steps, there should be a thorough review by the Board, or other dedicated Management Committee, on the qualifications of the proposed foreign business relationship partner. It is critical that the reviewing Committee is not subordinate to the US company’s business unit which is responsible for the business transactions with the Foreign Business Partner. This review should examine the adequacy of due diligence performed in connection with the selection of overseas partners, as well as the Foreign Business Partner’s selection of agents, subcontractors and consultants which will be used for business development on behalf of the US Company.

The steps listed herein do not include the use of, or continued management of, a Foreign Business Partner. These steps need to be taken by all US Companies entering into, or already engaged in, a relationship with Foreign Business Partners as the FCPA applies to all US Companies, whether public or private. Remember, due diligence, due diligence and once that has been completed; more due diligence.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2010

What’s in a Name: Agents, Resellers and Distributors under the FCPA

What is in a name? The terms agent, reseller and distributor are sometimes used interchangeably in the business world. However in the legal world they usually have distinct definitions. An agent can be generally defined as is a person who is authorized to act on behalf of another to create a legal relationship with a Third Party. An agent can also be a person who makes introductions and generally facilitates relationships between the seller of goods or services and end-using buyer. Such an agent usually receives some type of percentage of the final sale as his commission. An in-country national agent is often required in most Middle East and Far East countries. A reseller can be generally defined as a company or individual that sells goods to an end-using buyer. A reseller does not take title and thereby own the goods; the reseller is usually a conduit from the seller to the end-using buyer. A reseller usually receives a flat commission for his services, usually between 5-10% of the final purchase price. This format is often used in the software and hardware industries. A distributor can be generally defined as a company or individual which purchases a product from an original equipment manufacturer (OEM) and then independently sells that product to an end user. A distributor takes title, physical possession and owns the products. The distributor then sells the product again to an end-using purchaser. The distributor usually receives the product at some discount from the OEM and then is free to set his price at any amount above what he paid for the product. A distributor is often used by the US manufacturing industry to act as a sales force outside the US.

The landscape of the Foreign Corrupt Practices Act (FCPA) is littered with cases involving both agents and resellers are they are the most clearly acting as representatives of the companies whose goods or services they sell for in foreign countries. However many US businesses believe that the legal differences between agents/resellers and distributors insulate them from FCPA liability should the conduct of the distributor violate the Act. They believe that as the distributor takes title and physical possession of the product, the legal risk of ownership has shifted to the distributor. If the goods are damaged or destroyed, the loss will be the distributor’s not the US business which manufactured the product. Under this same analysis, many US companies believe that the FCPA risk has also shifted from the US company to the foreign distributor. However such belief is sorely miss-placed.

As almost everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. But many US companies view distributors as different from other types of sales representatives such as company sales representatives, agents, resellers or even joint venture partners, for the purposes of FCPA liability. However the Department of Justice (DOJ) takes the position that a US company’s FCPA responsibilities extend to the conduct of a wide range of third parties, including the aforementioned company sales representatives, agents, resellers, joint venture partners but also distributors. No U.S. company can ignore signs that its distributors may be violating the FCPA. Company management cannot engage in conscious avoidance to the activities of a distributor that the company has put into a business position favorable to engaging in FCPA violations. Court interpretation of the FCPA has held that it is applicable where conduct violative of the Act is used to “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage.

This scenario played out in China from 1997 to 2005 through AGA Medical Corporation. The Minnesota-based firm manufactured products used to treat congenital heart defects. To boost is China sales, AGA worked through its Chinese distributor. AGA sold products at a discounted rate to its Chinese distributor. This distributor then took some of the difference between his price from the equipment manufacturer AGA and the price he sold the equipment to Chinese hospitals to and paid corrupt payments to Chinese doctors to have them direct their government-owned hospitals to purchase AGA’s products. Its sales in China for the period were about $13.5 million. The Chinese distributor was found to have paid bribes in China of at least $460,000 to doctors in government-owned hospitals and patent-office officials. In 2008, AGA agreed to pay a $2 million criminal penalty and enter into a deferred prosecution agreement with the Department of Justice to settle Foreign Corrupt Practices Act violations.

The same game was played by a Volvo subsidiary, Volvo Construction Equipment International (“VCEI”) when it used a Tunisian distributor to facilitate additional sales of its products to Iraq. VCEI reduced its prices to enable the distributor to make the illegal payments based on bogus after-sales service fees. Volvo’s 2008 settlement with the SEC included an agreement permanently enjoining it from future violations of Sections, ordering it to disgorge $7,299,208 in profits plus $1,303,441 in pre-judgment interest, and to pay a civil penalty of $4,000,000. In addition to this fine imposed by the SEC, Volvo also paid a $7,000,000 penalty pursuant to a deferred prosecution agreement with the DOJ.

So what is in a name? Do we simply look to Shakespeare and his immortal words, “”What’s in a name? That which we call a rose; By any other name would smell as sweet.” Unfortunately I do not think the answer is quite so ethereal. It is more down to earth. If it walks like a duck and quacks like a duck, it probably is a duck. If you have a distributor, it must be subjected to the same FCPA scrutiny and management as an agent, reseller or joint venture partner.

                                    *                      *                      *

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author can be reached at tfox@tfoxlaw.com.

 

© Thomas R. Fox, 2010