Download   Report
  1. law, govt and politics
  2. law enforcement

Applying Multi-Layer Due Diligence – Is There Such a Thing as Too

Applying Multi-Layer Due
Diligence – Is There Such
a Thing as Too Much?
Houston, TX
23 March 2015
Panelists
 William Gordon: Associate General Counsel
and Chief Compliance Officer, Hercules
Offshore, Inc.
 Tom Best: Partner, Steptoe & Johnson LLP
Agenda
 Topics
– “The FCPA and due diligence – interpreting the law and translating its
requirements into your company’s partner investigation strategy”
– “Determining the appropriate degree of due diligence – what
requirements are placed on third parties to investigate their
suppliers?”
– “The link between careful scrutiny of your business partners and
business productivity”
 Discussion
– Enforcement “expectations” with respect to third party
engagement, management
– Best practices in third party and supply chain management
– Business value of third party management from FCPA/anticorruption compliance perspective
Enforcement “Expectations”
Regarding Third Parties
4
Third Parties -- Legal and Enforcement
Framework
 Vicarious liability for acts of third
parties
– Majority of recent FCPA cases
– Responsibility for improper acts of
agents, consultants, contractors,
service providers, distributors, JV and
other business partners:
• Done with knowledge or authorization of
company personnel
• “Knowledge” standard
– Includes willful ignorance – Bourke
(“Head in the sand”)
– Must identify and mitigate “red flags”
• Due diligence
• Contractual safeguards
• Monitoring
Third Parties -- Legal and Enforcement
Framework (cont’d)
 OECD Good Practice Guidance (2010)
 DOJ Deferred Prosecution Agreements (DPAs)
 US Sentencing Guidelines
 International Standards: TI Business Principles, PACI, etc.
 Key Developments:
– November 2012: DOJ-SEC Resource Guide
– May 2012: Morgan Stanley declination/prosecution of
Gerald Peterson
6
Third Parties -- Legal and Enforcement
Framework (cont’d)
 Companies “expected” to adopt and maintain internal
compliance programs designed to:
– Prevent, detect and remedy improper practices; and
– Promote compliance with laws
 Scope of program
– All parts of business, including subsidiaries and foreign
operations where issues may arise
– Risk-based approach
– Focus on third parties
 20/20 hindsight when dealing with enforcement agencies
7
Third Parties -- Legal and Enforcement
Framework (DOJ/SEC Guidance)
 DOJ/SEC Guidance – drafts from existing standards to restate agencies’ positions
 Emphasis:
– A functioning, not “paper” program
– Tailored to each company
– Designed pursuant to a FCPA/anticorruption-focused risk
assessment
– Management commitment to compliance
• “Tone at the top”
• “Tone in the middle”
– Communication and training mechanisms
– Incentives and Discipline
– Continuous Improvement
– Third Parties
8
Third Parties -- Legal and Enforcement
Framework (DOJ DPA/Plea Appendices)
 Clearly articulated written FCPA policy (with strong, visible support from
senior management);
 Promulgate compliance standards, based on an individual risk
assessment, for employees and business partners, governing:
–
–
–
–
–
–
–
–
gifts,
entertainment,
customer travel,
political contributions,
charitable donations,
facilitation payments
solicitation/extortion; and
mergers & acquisitions due diligence and integration program
 Annual review and update of compliance standards;
 Assign responsibility for compliance with a senior, autonomous official
with direct reporting to internal audit, Board and/or Board committees;
 Ensure system of accounting procedures, including internal controls, to
maintain accurate books and records;
9
Third Parties -- Legal and Enforcement
Framework (DOJ DPA/Plea Appendices) (cont’d)
 Periodic training and annual certifications by employees and
business partners;
 Maintain system for urgent compliance advice (hotline) and
confidential reporting of potential violations (whistle-blowing);
 Institute appropriate disciplinary procedures for violations and
reasonable remedial efforts;
 Due diligence procedures for retention of agents, including
compliance education and anticorruption commitments;
 Standard anticorruption contract clauses, including audit and
termination rights; and
 Periodic review and testing of anticorruption code and
procedures.
10
Managing Third Parties – Best
Practices
© 2014, Steptoe & Johnson LLP, All Rights Reserved
www.steptoe.com
11
Managing Third Parties – Best Practices
 Who are third parties?
– Marketing agents/sales representatives/finders
– Consultants and lobbyists
– Distributors, resellers, and brokers
– Partners and consortium members
– Service providers: Customs brokers, tax advisors,
attorneys, accountants
– Contractors and suppliers
12
Third Party Enforcement: Agents and Consultants
 Agents/consultants: sales agents and representatives,
lobbyists, etc.
– Highest risk
• Authorized to act on your behalf
• Use of commissions or success fees
– Best leverage
• Greatest control
 See Alcoa (2014) ($384M), Alcatel (2010) ($137M), many
others
13
Third Party Enforcement: Distributors
 Distributors
– Pure distributors
• Buying and selling for own account
– More complex relationships
• Joint marketing, etc.
– Note: Structuring relationship as distributorship does not
insulate from risk
• Must respond to red flags
 See Pharma / Medical Device Settlements (2011-12)
– Johnson & Johnson ($77M)
– Smith & Nephew ($22M)
– Pfizer/Wyeth ($60.1M)
– Biomet ($22.8M)
– Eli Lilly ($29M)
14
Third Party Enforcement: Business Partners
 Business partners: including joint ventures and consortia
– Risks:
• Potential liability for partners’ actions, but potentially limited
scope for control
• Value of partnership/JV arrangement is source of risk:
– Local knowledge, contacts, industry expertise
• JVs/consortia with state-owned partners
• Issuers:
– Books/records, internal controls liability if consolidated into
parent’s financial statements
 See Allianz SE (2012) (SEC: $12.5M), RAE Systems, Inc.
(2010) (DOJ: $1.7M; SEC: $1.25M), others
15
Third Party Enforcement: Service Providers
 Service Providers:
– Risks:
• Lack of control over providers’ actions
• Reliant on services in-country – often no alternative
– Risks can arise anywhere in companies’ supply chains,
in-country or abroad:
• Logistics providers
• Contractors and sub-contractors
• Professional service providers
16
Enforcement Example: Service Providers
 Tax Advisors
– KPMG-Siddharta, Siddharta & Harsono (SSH) (2001) and Baker Hughes
(2001)
• $75,000 bribe to reduce tax assessment in Indonesia
 Lawyers
– U.S. v. Jeffrey Tesler (2011) (TSKJ Consortium)
– Parker Drilling (2013)
 Customs Brokers/Freight Forwarders
– Panalpina and customers (2010)
• Payments to customs officials in Nigeria and elsewhere; collective penalties
of $236.5 million
 Subcontractors
– Data Systems & Solutions (2012)
• Technology/service subcontractors on power project funneled bribes to
officials; fictitious modifications to contractual scope of work to disguise
additional payments
17
Third Party Risk Management: Best Practices
(1) Risk Assessment
– Range of relationships and risks
– Tiering Option
(2) Policies and Procedures on Engagement
– Due diligence
• Questionnaires/checklists
• Internal sources
• External sources: When to engage?
– Responding to red flags
– Decision-making
– Recordkeeping
18
Third Party Risk Management: Best Practices
(3)
–
–
–
Contractual Safeguards
Define legitimate services
Compliance assurances: reps/warranties, covenants
Accounting requirements and cooperation provisions
• Audit rights?
– Remedies: suspension, termination, clawback, etc.
– Other: e.g.,
• Compliance program
• Manner and place of payment
19
Third Party Risk Management: Best Practices
(4) Training
(5) Certifications
(6) Oversight – e.g.,
– Audits
– Scrutiny of invoices
– Responding to red flags during performance
– Periodic reviews and updates
– Certifications
 “Best practice” has evolved significantly over the past few
years.
20
Third-Party Due Diligence – Outside Resources
Intelligence Databases

Program
Development
List Screening

PEPs

Media

Ownership



Investigation &
Verification
DD Consulting/Investigations
Sanctions, law

enforcement, and other
watch lists
PEPs; aliases; relatives 
and close associates
International, national,
local sources
Searchable; filterable
Legal owners
Sometimes SOEs and
beneficial owners
(incomplete)
Compliance IT platforms
Specialized ABC counsel:
(workflows and approvals;

Risk assessments; policies,
questionnaires and certifications;
procedures, forms, certifications
data analytics; archived reports) 
Best practices; benchmarking

Privileged legal advice
Database search and summaries
Database search and summaries


Database search and summaries
Local language review

Investigations of beneficial
ownership

Regional/local presence,
expertise, and/or language
Analysis of country/region
Business profile
Site visits; in-person interviews;
other local inquiries
Reference checks
Public registries; court records





Outside Legal Advice
Local Law
Anticorruption
Legal Advice
21
Local counsel:

Investigations of beneficial
ownership

Privileged legal advice
Local counsel: May offer some of the
services offered by DD firms
Local counsel: Privileged local law
advice
Specialized ABC counsel:

Analysis of red flags and risks

Advice on safeguards

Privileged legal advice
Business Value of FCPA/AntiCorruption Compliance; Third Party
Management
© 2014, Steptoe & Johnson LLP, All Rights Reserved
www.steptoe.com
22
Positive Business Case for Compliance?
 Current conditions for compliance professionals in the
extractive industries:
– On the one hand:
• Commodity prices low/depressed – budgets are tight
• Continued SEC/DOJ activity in the sector
• FCPA/anti-corruption enforcement no longer a U.S.-only
phenomenon
• Whistleblower epidemic
– On the other:
• Significant U.S. enforcement activity over past 10 years; companies
generally well-attuned to the risks
© 2014, Steptoe & Johnson LLP, All Rights Reserved
www.steptoe.com
23
Positive Business Case for Compliance? (cont’d)
 Is this the only value of a strong compliance program?
© 2014, Steptoe & Johnson LLP, All Rights Reserved
www.steptoe.com
24
Positive Business Case for Compliance? (cont’d)
 Increased attention to quality of company business
relationships = benefits?
 Benefits financial? Other?
 Quantifiable?
© 2014, Steptoe & Johnson LLP, All Rights Reserved
www.steptoe.com
25
District Sales Manager - Brandon

District Sales Manager - Brandon

SUPPORTING INFORMATION FOR THE POST OF HOUSING

SUPPORTING INFORMATION FOR THE POST OF HOUSING

Cyber-Security Training for Law Enforcement and Educators

Cyber-Security Training for Law Enforcement and Educators

Important changes and new guidance for April 2015 email letter

Important changes and new guidance for April 2015 email letter

obtrusive lighting complaint form

obtrusive lighting complaint form

Sheriff Dan Houston Bernalillo County Sheriff’s Department

Sheriff Dan Houston Bernalillo County Sheriff’s Department

Invitation - Hansberry Tomkiel

Invitation - Hansberry Tomkiel

Financial Services Commission Gibraltar –Head of Enforcement Role Purpose:

Financial Services Commission Gibraltar –Head of Enforcement Role Purpose:

AGENDA | FALL FORUM THURSDAY, NOVEMBER 6, 2014

AGENDA | FALL FORUM THURSDAY, NOVEMBER 6, 2014

further details. - Ark-Tex Council of Governments

further details. - Ark-Tex Council of Governments

The 3rd Oil and Gas Anti-Corruption Compliance Exchange An

The 3rd Oil and Gas Anti-Corruption Compliance Exchange An

abcdocz.com

© Copyright 2024