FCPA Compliance and Ethics Blog

October 2, 2014

The Mitford Sisters and the Compliance Audit

Mitford SistersDeborah Cavendish died last week. She was the last surviving member of an extraordinary group of women known as the ‘Mitford Sisters’. They were six daughters of David Freeman-Mitford, the 2nd Baron Redesdale and the former Sydney Bowles. The six had about as varied lives as one could possibly have from six different yet related siblings. Nancy (1904-73) became an author and wrote “The Pursuit of Love” and “Love in a Cold Climate.” Pamela (1907-94), who grew up wanting to be a horse, married a horseman who became a physicist. Diana (1910-2003) married Britain’s fascist leader Oswald Mosley, in the presence of Hitler and Joseph Goebbels. Unity (1914-1948) fell in love with Hitler and was Eva Braun’s rival for his affections; she died a decade after her attempted suicide with the bullet still in her head. Jessica (1917-96) was a communist. This did not prevent her from eloping with Churchill’s nephew and moving to the United States, where she penned “The American Way of Death” and other books. Deborah developed a passion for chickens and later married Andrew Cavendish, who became the Duke of Devonshire, making Deborah, the Duchess of Devonshire.

Deborah’s major accomplishment was to adapt the Duke ancestral home of Chatsworth into self-sustaining family business. She kept up a personal and active involvement in this project for nearly 40 years, until her husband died and she became the Dowager Duchess. Today, Chatsworth is one of the most visited sites in England.

I thought about Deborah, her remaking of Chatsworth and how she and her sisters remade themselves from the fairly-tale princess lives they grew up with when I read a recent article in the Red Flag Group’s Compliance Insider, September-October issue, entitled “Rethinking the typical audit”, by Georgia White. The piece recognized that the standard financial audit clause may be of little use to the compliance practitioner but it can be reworked “to include proactive compliance obligations which can be an effective and valuable way to positively manage relationships with distributors and resellers.” Some of the reasons for typical audit clauses with such parties are disfavored and were identified as “insufficiently tailored and poorly defined” or such audit clauses have some type of “catch-all” provision which allows a company to audit more than simply its relationship with a distributor or reseller. Such audit clauses were noted to “represent little value for both the client and the business partner.”

Compliance Audit Clause

The first focus of the article was that “Compliance audits should be aimed at engaging business partners to participate in compliance initiatives pro-actively, whether by way of interview or discussion, integrity circles or forums, or healthy checks or periodic review” all supplemented by occasional transaction sampling. In other words, you must do the work required in managing the relationship after the contract is signed or Step 5 in the Five Step lifecycle management of third parties. The article suggested the following compliance audit clause, “In addition to maintaining proper records and accounts in relation to Distributor/Reseller’s use of product X, Distributor/Reseller will participate in compliance health checks and periodic reviews, and attend integrity circle and forums on a regular basis as required by Supplier Y. In the event of an allegation of misconduct, upon seven (7) days written notice Supplier Y (or its authorized agent)may conduct an inspection and audit all relevant facilities and records of Distributor/Reseller to verify compliance with obligations under this Agreement. Such audit is to be conducted in business hours at Supplier Y’s own expense and in such a manner as not to unreasonably interfere with Distributor/Reseller’s normal business activity.”

Getting buy-in from business partners

The piece suggests that in this manner of pro-actively engaging your Distributor/Reseller you can help maintain “the integrity of the relationship” and keep “open and transparent lines of communication.” While it may be easier to include such a clause with a new Distributor/Reseller; you may face a challenge with such a relationship which has been long standing. However for an effective Distributor/Reseller to be maintained, the author believes that everyone must be treated equally (the Fair Process Doctrine in play) as “compliance audits should apply to new and existing partners alike.” The key is communication by educating your Distributor/Reseller base “on the value of this kind of proactive exchange on compliance issues during business-planning sessions.” In other words, set expectations by talking to your business partners about why the compliance audit is necessary and, more importantly, have them understand the “risks associated with product diversion and unethical behaviour.”

When should the audit clause be added?

The piece takes on another touchy subject in audit clauses which is timing by stating, “To maintain positive relationships with existing business partners it is important to consider the timing of any proposed changes to existing contractual provisions.” However White provided some timing points for initiating this discussion.

  • Contract renewal cycle. If such a discussion is brought up during the regular renewal cycle you certainly should have good argument about such programs under a Foreign Corrupt Practices Act (FCPA) best practices compliance program. The debate about whether distributors were covered was ongoing until a couple of years ago so many companies may not have considered auditing such relationships. Moreover, White notes that if you raise the issue during a renewal cycle, “business partners are less likely to invoke suspicion that is a ‘targeted’ requirement” you are aiming only at them.
  • Annual business planning sessions. Such meetings usually entail an overall strategy component so White believes it is a good time to bring up the issue in the context of your company’s overall anti-corruption compliance efforts. You should have the opportunity to “discuss best-practice strategy and introduce the possibility of proactive compliance auditing for the relationship going forward.” The more you can focus on the ‘partner’ nature of the compliance obligation the more this should resonate with your Distributor/Reseller.
  • Company-wide annual meetings with Distributor/Resellers. Here White suggests that if you bring all of your Distributor/Resellers together and announce the auditing requirement, you may be able to demonstrate that auditing is now a system wide requirement. She believes “The chance of buy-in is increased if it is perceived that other competitors are already actively engaging with you in this manner.”
  • White suggests, particularly if you are in a high risk environment or need to institute such an audit right sooner rather than later, to negotiate over audits rights. She suggests “consider introducing the proposed change in tandem with a benefit that is being rolled out to the business partner.” I would add that you could also sweeten up the pot.

From the overall tone of White’s article, the key seems to communication. Communication can be used to show that adding and then invoking a compliance audit clause is not necessarily a negative outcome. But more than communication with your Distributor/Resellers is the concept from the Fair Process Doctrine; that is, if the process is fair, people and business partners may be more willing to accept a perceived negative outcome. This will go a long way to alleviating fears from Distributor/Resellers that they are being targeted for some nefarious reason or worse, that your company may be using the information obtained in a compliance audit to drive down the commercial value of the relationship.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

April 15, 2014

The Louisiana Purchase and Compliance Focus Group – Changing the Game

Focus GroupIn 1803, the fate of the United States changed in ways that could have never been contemplated, when the French Minister Talleyrand offered to sell France’s entire Louisiana Territory in North America to stunned American negotiators, Robert Livingston and James Monroe, who were simply trying to purchase the city of New Orleans from the French Emperor Napoleon. Quickly recognizing that this was an offer of potentially immense significance for the US, Livingston and Monroe began to negotiate on France’s proposed cost for the entire territory. Several weeks later, on April 30, 1803, the American emissaries signed a treaty with France for a purchase of the vast territory for $11,250,000. With the sale of the Louisiana Territory, Napoleon abandoned his dreams of a North American empire, but he also achieved a goal that he thought more important. “The sale [of Louisiana] assures forever the power of the United States,” Napoleon later wrote, “and I have given England a rival who, sooner or later, will humble her pride.”

There are many great resources out there for the compliance practitioner. One of them I have really come to appreciate and look forward to receiving is the Red Flag Group’s bi-monthly Compliance Insider magazine, available both in print and online versions. In the most recent version there were several articles that I found very useful for the compliance practitioner but the one I want to focus on today is the compliance focus group. This provides a forum, which allows employees to raise compliance issues and concerns in “an informal environment, in small groups or in one-on-one sessions. They can be done as stand alone or as break-out sessions from larger meetings, conferences or similar events where multiple parties get together.” The article provided 10 things which you should consider before you hold your compliance focus groups.

  1. Select Your Countries and Regions Carefully. You need to reflect on selecting those areas, which have “compliance issues, have been the subject of investigations or are higher risk.” Contrast that selection with one or more regions that have achieved compliance performance so that you can clearly articulate the difference. Most importantly, pick the regions that need the most support and “have the most business at risk if there is a compliance issue. You will also know from your own business those areas, business units or regions where there is more “noise” around compliance.”
  1. Plan Your Locations, Times and Attendees. Think about your logistics, both higher level such as travel times and lower details such as seating. As you will usually desire to have three to four sessions per day, up to 90 minutes, you will need to make sure people have enough time to get there and register. But also think about seating, as you want to make things as informal as possible. This means a conference table or a large U shape arrangement and not classroom or lecture room seating.
  1. Have Separate Management Sessions. It is important that you make attendees feel that they can give open and honest thoughts about the company and its compliance regime. This means you cannot have senior management in sessions for middle management and lower management and employees.
  1. Draft an Agenda and a Short Presentation. The author believes that many times participants will need a stimulus of some sort to get things going. He advises “A good idea is to build a brief agenda before the meeting, even if it is fairly flexible – many senior employees will demand an agenda before accepting a meeting.” Also prepare a brief PowerPoint presentation for the session designed to explain the purpose and outcomes of the session, keep it to five or six slides which will act as placeholders for discussion topics.
  1. Think About Some Probing Questions In Advance. Here are some of the suggested questions that you should consider asking to the group:
  • Do people understand what compliance is? What does it mean to you in your daily business dealings?
  • What do people think of the policies and procedures across the company?
  • Is the training simple and easy to understand?
  • What is the company culture around compliance? Do people really take it seriously or is there a “tick-the-box” mentality?
  • Are there issues with reporting? How do people report? What is the culture regarding reporting issues?
  • Does management “walk the walk” with compliance or just “talk the talk”?
  • How does your company compare to its peers in the area of compliance?
  • What is the competitive environment like, both externally and internally?
  • Where are the areas that compliance could improve?
  1. Select a Facilitator. Compliance issues can be sensitive and people can be uncomfortable talking about them. For the focus group to succeed and be of value, everyone should be made to feel comfortable; and feel that they are not being audited or reviewed or they will not be confident to speak up. The author believes that here a good facilitator can be assist in keeping “the discussion going, ensure that everyone participates, make people feel at ease and, most importantly, ensure that the discussion is lively. The facilitator might also need to be trained on some of the risk areas of the business and have a solid understanding of the business and the existing compliance program.”
  1. Prepare Your Opening Disclaimer. Some participants may want to know how their comments will be used, quoted directly or generalized. This would be the time to address such concerns and invoke confidentiality of names and other identifiers.
  1. Prepare Some Takeaways. The leader should be prepared to summarize what the next steps will be going forward, including when a report might be issued to management and what might included in the report.
  1. Prepare a Report For All Participants. A key component of any compliance focus group is a post event report, which consolidates all sessions. This should be generated as soon as possible after the end of the last session. The report should include specific actions that will be taken based upon the input received from the focus groups. There will certainly be expectations from participants that if they have reported any circumstances which warranted responses they will want to know what the compliance team is doing about a response. Participants will also want to see whether the feedback they gave is consistent with that given in the other sessions.

10.Write a Report for Management. This report should focus on the larger issues raised in the compliance focus groups and, as the author notes, “looking at the trends, steps forward and lessons learned.”

While your compliance focus group may not be quite the game changer that the Louisiana purchase was for the US, it will certainly provide you solid information on your compliance program that you can use to move it forward; as the article notes, “From the people who use the programme everyday—your employees and partners—you can find out what the programme means, how it adds value (or doesn’t add value) and how it is seen by the management team around the world. And while you are at it, you may want to check out the Red Flag Group’s Compliance Insider magazine, it is a great resource.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2014

February 28, 2011

After the Contract is Signed: How Frequently Should You Perform (FCPA) Due Diligence

Yesterday we participated in a workshop at the 2011 SCCE Utilities & Energy Compliance and Ethics Conference with Scott Lane, President of the Red Flag Group. In his presentation, he discussed a White Paper that he and his colleague James Walton recently released entitled, “Best Practices in Conducting FCPA /Anti-bribery Due Diligence”. We went back and read the article and found it to be an excellent resource for many questions relating to due diligence as required by the Foreign Corrupt Practices Act (FCPA) or any best practices anti-bribery and anti-corruption program. Today we will focus on the question of how often should a company perform due diligence on its foreign business relationships.

Lane and Walton begin by noting that due diligence is very hard to keep consistent as no two are ever the same. They believe it is important to keep a close watch on information sources, to search for improved providers, and ensure that the information you are looking at is useful for the business needs. The specific time frame for ongoing due diligence depends on the risk profile of a company’s foreign business relationship. They provide three benchmarks: (1) annually; (2) biennially; or (3) at contract renewal.

In making this determination, the authors suggest several risk factors which a company should evaluate in making this determination regarding the frequency of due diligence. these include:

Physical allocation of the partner: The authors define this risk as whether the foreign business partner is located in, or providing services to your company in a geographic area recognized as a high risk country. Reference can be made to the Transparency International Corruption Perceptions Index or another recognized country risk rating such as Country-Check.

Findings of the original due diligence: The authors define this factor as one based upon prior due diligence investigation. The key issues here are (1) were any Red Flags identified and (2) how were these Red Flags cleared?  It is assumed that if a Red Flag was raised in prior due diligence, then the Red Flag was cleared to enable the business relationship to come into existence. This also brings up an important point about Red Flags that is often overlooked. A Red Flag should not automatically mean that a foreign company cannot become a foreign business partner of your company. It does mean that the Red Flag must be investigated and cleared before such a foreign business relationship is created.

Type of partner: There are a side variety of foreign business relationship which require due diligence under the FCPA. As noted in several recent Deferred Prosecution Agreements, Alcatel-Lucent, Maxwell Technologies and the Panalpina settlements,  these can include resellers, agents, intermediaries, consultants, representatives, distributors, teaming partners, contractors and suppliers, consortia and joint venture partners. Those foreign business partners which are actively promoting your company in the market place put your company at the greatest risk and should therefore require more due diligence.

Type of customers the partner sells to: Most companies understand the motto  “Know Your Customer” but under FPCA, and other anti-bribery best practices, your company must also know the customers that your foreign business partner sells to or, in any other manner, interacts with. The more interaction with foreign governmental officials that your foreign business partner engages in, the more due diligence scrutiny is appropriate.

Amount of business being transacted by the partner: The authors point to this risk factor by noting that a company should keep a close watch on the dollar volume of business that it may engage in with a foreign business representative. We would suggest that a company should also review the relevant percentages of services or goods sold or services rendered for each foreign business partner. A company should certainly desire to know if a certain vendor provided a very high percentage of raw materials or any services critical to the delivery of products. Additionally if most, or all, of a company’s products are sold by or through one foreign business partner, this may call for greater due diligence scrutiny.

The authors end by noting that they believe the ideal solution for renewal of due diligence is a mixed approach based on risk. In most cases, renewals should be done annually or at least every two years. However, best practice also requires regularly checking whether the partner, or its directors, shareholders or senior executives are listed on any watch lists. This should be completed periodically – at least monthly.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2011

 

 

Blog at WordPress.com.