Despite an ever-broadening tapestry of anti-corruption legislation around the globe, increases in enforcement actions, and a corresponding ramp-up in company anti-corruption efforts, companies continue to face significant compliance shortfalls, particularly in working with global business partners. Failure to effectively assess and monitor third parties, of course, is fraught with peril: in some recent years, more than 90% of reported FCPA cases involved third-party intermediaries according to Ernst & Young's 12th Global Fraud Survey .
Last year's Hewlett-Packard (HP) FCPA enforcement action revealed that HP's Russian subsidiary paid more than $2 million in bribes to agents and shell companies in order to maintain a government contract with the federal prosecutor's office. According to the SEC, “[d]espite the red flags, the deal went forward without any meaningful due diligence on the agent or the subcontractors.”
The HP case is just one of many that underscores the need for companies to know their business partners before entering into a relationship and to closely manage those relationships to ensure compliance throughout.
Pre-contract due diligence
On the front end, effectively minimizing risk exposure among third parties involves careful due diligence and resolution of any red flags that arise that could indicate the possibility of questionable behavior.
While not an exhaustive list, some common red flags include:
- Lack of experience in the field;
- Reputation for corruption including previous violations;
- The nature of relationships with government officials including an official recommending use of the third party;
- Weak compliance capabilities;
- Lack of cooperation the during due diligence process;
- Refusal to identify a principal or owner;
- The type and method of compensation requested, such as requiring a large advance payment, requiring a cash payment or requiring payment to a different individual; and
- Refusal to sign a contract.
These considerations impact the overall risk assessment of the business partner and will trigger greater compliance oversight as red flags arise. If any of these red flags arise, of course, the company must be ready to act to address them, including walking away from the relationship.
Once the business relationship is in place, companies should monitor third parties to ensure compliance. As a threshold matter, companies should ensure their third-party contracts contain anti-corruption representations and warranties, a right to audit and an agreement to cooperate in any corruption-related investigation. These types of contractual provisions provide a company with a number of monitoring tools. Auditing the business partner's books to discover irregularities may be the most effective way to ensure compliance. Short of that, companies can undertake less formal monitoring during the course of the relationship to keep it on track. Similarly, regular searches in the news, on search engines, or in other databases keep unhappy surprises to a minimum.
Again, here, you are looking for red flags such as those mentioned in the SEC and DOJ's Resource Guide to the FCPA offers a list of red flags to look out for including:
- Excessive commissions to third parties;
- Unreasonably large discounts;
- A close relation between the third party and a foreign official; and
- Payment requests to offshore banking jurisdictions.
A more detailed list of red flags is available at the FCPAmericas Blog.
Including third parties in company training programs or at least requiring the company to undertake its own training program is another means of helping to ensure compliance. If all else fails, termination rights in the case of a third party's violation of the anti-corruption laws provide a company with the ability to walk away when the monitoring reveals problematic behavior.
Corruption-related risk management is an ongoing process that does not stop with due diligence or the execution of a contract. However, knowing where to look and what to look for can provide compliance professionals with a strong head-start in managing post-contract corruption risk without endangering the company's bottom line.