1. U.S. Companies doing business abroad directing third parties’ FCPA compliance program – risk-based approach.
Settlements announced by DOJ and SEC show us not only how misconduct and violation can be costly and harm a company’s reputation, but also how the globalization of anti-corruption efforts are increasingly more effective and more aggressive.
The program should direct US and foreign companies to follow DOJ guidance in FCPA and other analogous compliance areas, including third parties compliance.
The high risk-based approach was commented by the DOJ in the Opinion Procedure Release 08-02, which released and approved Halliburton’s proposed acquisition of the UK entity Target with the provision that Halliburton undertakes certain actions, such as comprehensive risk-based FCPA and anti-corruption due diligence work plan. The plan would address the use of agents and other third parties, commercial dealings with state-owned customers; any joint venture, teaming or consortium arrangement; customs and immigration matters; tax matters; and any government licenses and permits.
The risk-based approach was also adopted by UK’s Financial Services Authority on AON case last year, enforcing local and global anti-corruption protocols.
The DOJ Opinion Procedure Release 08-02 system, therefore affects international acquisitions and transactions. The risk-based system can also be used to assist in the evaluation of foreign business partners or suppliers, functioning as a radar detector which tracks and identifies risks on third parties.
A well established Foreign Business Partner Committee at a US company can oversee activities towards the results of investigative due diligence. The committee should format a program including the business unit’s rationale for partnering with a person or entity.
Foreign business partner’s ethics and FCPA compliance program can direct issues and restrictions on facilitation of payments, gifts, entertainment and travels; establish proper accounting and invoicing; and enforce policies that flow down to any sub-vendor or supplier of the foreign business partners.
2. PROACTIVE COMPLIANCE PROGRAM, DUE DILIGENCE AND RISK ASSESSMENT
If the foreign business partner does not meet the US company policies or the FCPA’s standards, the company should consider requiring the partner to implement one according to the US Sentencing Guidelines and the DOJ guidance.
Smaller foreign business partners are more likely to lack those policies, but the leading company still has the liability for their actions. Therefore, sometimes the solution is to acquire the smaller foreign company and integrate it to the leading company’s FCPA policies.
Generally, the interaction and supervision of FCPA compliance is made by contractual provisions and clauses in which the FCPA guidance is integrated. Examples are: no payments of money, or anything of value, such offer, promise, or paid, directly or indirectly, to any foreign officials, political parties, party officials, or candidates for public or political role, to influence the acts of such officials in their capacity to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the US company is a participant.
Regardless, conducting an overall program and adding contractual terms with foreign business partner may address US Company’s compliance with the FCPA policies:
· Indemnification – the foreign business partner must provide full indemnification for any FCPA violation, including all cost of the underlying investigation;
· Cooperation - the foreign business partner must cooperate with any ethics and compliance investigation;
· Material breach of contract – clause provision that FCPA violations, with no notice or opportunity to cure will be enough grounds for immediate cessation of all payments;
· No sub-vendors or suppliers without approval and scrutiny from the US company;
· Audit rights – for FCPA related compliance procedures;
· Acknowledgment of the applicability of the FCPA to the business relationship;
· Ongoing training for top management of foreign business partner and all persons performing services on a company’s behalf;
· Annual certification of conduct that complies with FCPA or any applicable law;
· Re-qualification - the foreign business partner must be required to re-qualify as a provider at regular interval, using due diligence like the one prior to contractual approval, in an effort to mitigate FCPA future violations;
· Internal review of the compliance program and the ongoing relationship to prevent future liability.
3. Conclusion – prevent v. cure
The use of a standardized process, record-keeping management and record retention schedules combined with ethics compliance does not guarantee compliance anymore. Additional focus is required on process knowledge and risk assessment for higher effectiveness. The foreigners typically are not familiar with the aggressiveness and effectiveness of a SEC investigation.
For its overseas compliance and ethics program to be effective, US Companies have to focus on relevant expertise of the laws abiding, knowledge of the market, business and culture of the region, general understanding of the local regulations, judicial system and processes. The General Counsel has to oversee the different scenarios and coordinate with the overall enterprise risk management –e.g. SOX 404 assessment, organizational corporate social responsibility or reputation, impact on ethic and compliance issues.
US Companies doing business abroad have to coordinate this process by risk assessing not only globally, but also locally; most probably a task for lawyers with background in US, and local Laws.
Also it is appropriate to start, from the top management, efforts to ensure compliance transparency in the process throughout their acts and company’s code of conduct, which should encourage internal dialogue and prompt reporting of questions and concerns.
The DOJ Deferred Prosecution Agreement with Monsanto for FCPA violations provides guidance in the continuing obligation to monitor foreign business partners.
The oversight program must involve its legal, compliance, accounting, internal audit, and information technology departments from the initial due diligence, including an ongoing risk-based compliance monitoring process.
Subscribe to:
Posts (Atom)
Posts
