Due diligence on business partners is one of the most important things a company can do, but also one of the least interesting things. She points out that the FCPA has a “should have known” standard. So ignorance is not a defense.
Sales consultants are some of the higher risk because they are usually paid on a commission basis. Consultants, paid by the hour, are a lesser risk merely because of the different compensation model. Distributors and resellers can be a risk. Merely having a third party in between your company and the corrupt official is still bad and is not a defense to charges.
Resellers are a new problem. The take title to your product and are your customer. But if there is evidence that the resellers are paying bribes to their customers, your company can be potentially be pulled in.
She turned to focus on some problem areas in due diligence when working with third parties.
Ownership – This is the most important and should be a deal-breaker if true beneficial ownership is not disclosed. (You can also work in the negative- not a government official or blocker person. This is not a good practice. The hidden identity should be a red flag. It would certainly be a red flag in a government investigation.)
Government relations. You need to find out if a clse relative is in the government. It is not a deal-breaker, but you need to be aware of the relationship.
Expertise. What is this person being paid to do if they do not have any particular expertise.
Financial stability. If they are acting as your agent, their financial failing will rub off on you.
Media searches. You need to know if your business partner is in the headlines.
Training. You need to letting them know what they need to do.
Periodic review and certifications. You want to make sure that you update things when the contract is renewed. You also want to check periodically to make sure there has not been a big change in the business partner. Certifications can be included on each invoice so they certify each time they paid that they have not bribed a foreign official.
It is important to keep red flags in mind, but you should standardize your contracts and review and not target specific areas. Many of the biggest FCPA cases have come from individuals acting in countries that are not known for being corrupt.
You can have a tiered due diligence program, depending on the nature of the relationship, the basis of compensation,and the reputation of the company. The most common is three tiers: not risky, standard, and more risky. That allows you to target your resources.
She sees the divide in the DOJ cases where companies are either do due diligence or not doing any diligence. Not doing diligence almost moves you into a strict liability position. You have no defense.
There has been a surge in FCPA cases over the last few years. Most involved problems with intermediaries.
She points out that corruption due diligence is a two-way street. Increasingly, foreign companies are conducting due diligence on American companies.
She also takes a controversial position that you may be better off not having audit rights if you do not intend to actually do audits. She advocates triggered audit rights instead of a matter of course if you are not going audit on a regular basis. You want to have a meaningful conversation with your intermediary that these audit rights are real.
There is an increasing turf battle on international enforcement. The SFO (Britain’s version of the DOJ) has stated that reporting to the DOJ first is not a voluntary disclosure for their purposes and reserve the right to still enforce.
(These notes are taken live, so I apologize if I left out anything or misquoted someone. Please forgive any typos or grammatical errors.)