1. business and industrial

M E T R O P O L I T A N
CORPORATE
COUNSEL
®
MAY 2015
WWW.METROCORPCOUNSEL.COM
Managing Distributors and
Third-Party Intermediaries
Coping with the long arm of FCPA enforcement
MCC INTERVIEW Brian McCann / KPMG
MCC interviews Brian McCann, managing
director in the Forensic Practice at KPMG,
resident in the firm’s Philadelphia office. Mr.
McCann specializes in anti-bribery and corruption (“ABC”) matters. He can be reached at
[email protected].
MCC: Starting with the basics. How do you
define a “third-party intermediary”?
McCann: Most companies struggle with the
simple definition of a third-party intermediary (“TPI”) as they evaluate their intermediary relationship populations and the
associated risks. One of the best definitions
I’ve come across is from the Organization of
Economic Cooperation and Development
(“OECD”), which defines an intermediary in
sweeping terms, such as “a conduit for goods
or services offered by a supplier to a consumer,” noting that a TPI can be a person or an
entity. For those of us in the consulting and
legal professions, the full definition can help
contextualize a company’s global business
relationships, and a full study reveals that it
encompasses the entire diversity of potential
business relationships, including sales agents,
distributors, customs agents and many others who operate on behalf of a U.S.-based
company in a foreign jurisdiction.
MCC: Why are TPIs used so pervasively in
international markets? Please discuss some
of the risks and compliance challenges within
these relationships.
McCann: The use of TPIs is critical in helping companies gain foreign market penetration, but it also inherently increases compliance risk. Most U.S. companies realize that
globalization is one of the best opportunities
for growth; however, entering into international markets requires an understanding of
the local rules of the road in each respective
territory or region that the company wishes
to enter. While this is an excellent avenue for
growth, it also involves assessing cultural nuances and different ways of doing business.
This is often a challenge for companies.
Local intermediaries understand these
cultural issues and can help companies navigate
them. The challenge, however, lies in training
these counterparts to operate with an awareness of their obligations under U.S. regulatory
guidelines. If the intermediary does not embrace
these requirements, the parent company could
be exposed to financial and reputational risks
associated with these relationships.
Now there are financial upsides and downsides here. On the upside, I mentioned that
and penalties on companies with household
names. These events become global news, so
it should suffice to say that these companies
would much rather be covered in the Wall
Street Journal for the quality of their products
and services rather than any negative connection with bribery-related activity.
MCC: Obviously TPIs present significant
risks and compliance challenges to companies
doing business on a global scale. Please provide
an overview of how companies can manage
and monitor TPI risks. Where do third-party
reviews fit into the process?
McCann: In my opinion, effective risk management starts with
risk mitigation, and, in fact, many
ntermediaries
companies have started to embrace
help penetrate
TPI risk mitigation by performing
due diligence prior to establishing
foreign markets,
a relationship with a TPI. But due
but at heightened diligence alone is no longer sufficient.
Ongoing TPI monitoring is clearly
compliance risk.”
becoming a natural compliance re–Brian McCann quirement. This is especially relevant
as it relates to ABC compliance. A
critical component that is necessary
to achieve this requirement is clear
TPIs facilitate expansion of global business
contractual terms that allow companies the right
operations, but the downside is that such ento audit their TPI’s books and records. While
gagements can be a costly proposition. First are
we’ve seen a significant uptick in regulatory
the inherent costs associated with expanding the guidance in this area, one important takeaway
company’s compliance functions, often a dauntis that there is no one-size-fits-all solution.
ing task that requires enhanced due diligence,
Each company has to design a program that
employee training and then, of course, monitorsuits its industry and business needs. In fact,
ing on a global scale. But the biggest potential
many companies are proactively monitoring
downside comes out of enforcement actions
third-party relationships not only to uncover
from both the DoJ and the SEC, which have
potential compliance-related issues, but also to
imposed stiff fines and penalties on companies
identify areas for operational improvement. As
that have failed to design and implement effecfar as methodology is concerned, my preferred
tive global ABC compliance programs.
approach is risk based in nature. This involves
Finally, you can’t ignore the significant im- understanding your population of TPIs and
plications of reputational risk. A quick look at their associated risk characteristics, which typithe largest enforcement actions in recent years cally include government interaction, type of
reflects the imposition of significant fines
service, geographic location and yearly spend. By
“I
M E T R O P O L I T A N
CORPORATE
COUNSEL
®
evaluating these characteristics, you can identify
populations of higher-risk TPIs to be considered
for further investigation.
Third-party reviews are a natural extension
of this methodology and amount to an on-theground evaluation of these high-risk relationships. We start by assessing the underlying
contract, understanding any mandated reporting
requirements and then meeting in person with
the distributor or agent to determine if their
compliance programs are aligned with the company’s requirements. We’ll also test transactions
to identify potential red flags associated with
bribery and corruption. This process typically
culminates with a written report documenting
our procedures and the associated observations.
It is not uncommon to identify that contractual
provisions or compliance reporting obligations
are not being met by the third party. On the
upside, however, these observations ultimately
will help management consider ways to improve
the compliance program on a go-forward basis.
Depending on the nature of the observations, it
may be prudent to involve the company’s legal
counsel in the planned remediation efforts.
MCC: Turning directly to the FCPA, what trends
are you observing in relation to TPIs?
McCann: The Foreign Corrupt Practices Act
(“FCPA” or “Act”) has been on the books since
1977, yet U.S. regulators have only been aggressively enforcing it for approximately the past
10 years. Due to the success of these enforcement actions, I don’t see enforcement trending
down any time soon. While TPIs themselves
are not driving the enforcement trend, we do
see a consistent theme of TPI involvement in
bribery-related activities with foreign officials.
This is further supported by a recent study conducted by the OECD where we learn that over
75 percent of bribery-related incidents involve
payments made through intermediaries. This is
a great statistic that demonstrates the inherent
risks associated with intermediary relationships.
In 2014, we saw significant FCPA
enforcement actions involving third parties.
The Alstom matter certainly jumps off the
page for resulting in the second-highest fine
ever imposed by the DoJ: approximately $773
million. The allegation was that Alstom paid
approximately $75 million in consulting fees
to third parties in an effort to secure billions
of dollars of projects in the Bahamas, Indonesia, Saudi Arabia and Taiwan. It’s a good
example of a company using TPIs to drive
business in lands that are historically tough to
enter. Additionally, it’s a good example of how
intermediary relationships can create regulatory exposure for your organization.
MCC: You have noted that 75 percent of corruption cases involve improper payments made
through TPIs. Why do these relationships implicate FCPA risk to such an impressive degree, and
what factors should companies consider in their
efforts to manage exposure?
McCann: In serving as distributors, sales agents,
joint ventures, subsidiaries, accountants, lawyers,
contractors and freight forwarders, to name a
few, TPIs become part of a company’s fabric.
The simple fact is that on a daily basis TPIs are
operating on behalf of the company – autonomously and in countries far away from the eyes
of U.S. compliance teams. That’s where the
risk arises, and it only increases in proportion
to the number of interactions with government
officials. Essentially, in expanding operations
overseas, U.S. companies continue to face all the
usual contractual and business risks while adding
in the complexity of anti-bribery compliance.
To take one example in practical terms,
when we help companies assess TPI risk,
we look first to the contract and ask some
key questions. Are the terms and conditions
clear on both sides, and, importantly, do we
have the audit rights necessary to allow us to
evaluate what TPIs have been doing on behalf
of our clients and assess potential risks the
company may not be aware of? The contract
sets the tone for the entire relationship and
provides necessary leverage for the company
to evaluate performance and compliance.
Another practical complexity involves
what we call “risk-based due diligence,” which
I touched on earlier as being part of the TPI
selection process. This may include everything
from open-source background checks via Internet searches to assessing negative media or litigation around a particular company or individual to highly sophisticated financial evaluations
during an M&A transaction. The diligence can
take many directions, most frequently along the
lines of gathering intelligence on the entity or
individual to understand their activities and historical work experience. For instance, a common
red flag within FCPA compliance might involve
individual TPIs that came out of government
agencies and became private consultants. By
understanding that context, you can better
mitigate the associated risks. Again, effective risk
management starts with risk mitigation.
And going deeper, a fundamental challenge
within FCPA compliance lies in defining the
term “foreign official,” which may be even
more difficult to pin down than the definition of TPI. As defined in the Act, the term
government official is all-encompassing and
applies to any officer or employee of a foreign
government and to those acting on the foreign
government’s behalf. As a helpful resource,
your readers can access guidance from the DoJ
and SEC at www.justice.gov/criminal/fraud/
fcpa/guidance/guide.pdf (see page 19).
One challenge that arises from the definition
of a government official is that it is broad in the
first place, and exponentially broader and more
nuanced depending on the country or industry
in which you are dealing. In a communist country like China, for instance, the term “government official” becomes very expansive because it
includes people who work for any state-owned
entity, including hospitals and many others that
could be considered non-government owned in
other countries. You really have to understand
the geopolitical issues at hand and ask yourself,
who are we hiring to act on our behalf?
Common business activities that present
challenges for companies include government tenders or typical business activities like
entertainment, which in the U.S. are often seen
as benign but take on a very different flavor
when they involve a foreign government official. So, for example, if you’re dealing through
an intermediary with a Chinese official on a
government tender with a hospital, the simple
act of taking that official to dinner to discuss
the tender may be perceived as a bribe under
the FCPA or local bribery and corruption laws.
Companies need to be sensitive to this in managing TPI activities.
MCC: To wrap up, I’d like to return to the discussion of third-party distributor reviews and get
your final thoughts on what companies really face
in monitoring TPIs.
McCann: In broad terms I’ll add that for a
number of reasons, performing a third-party
distributor review is not an easy task. These
reviews often involve a new level of interaction for companies with their intermediaries.
These interactions can often be uncomfortable for the company, and there is typically an
added business pressure focused on not disrupting TPI relationships with compliancedriven audits. TPIs drive business, and no one
wants to stymie that.
Nevertheless, compliance is a necessity, and
non-compliance is a huge liability. Enforcement is on the rise, and it remains a fact that
a majority of enforcement actions involve the
use of TPIs; therefore, it is critical for organizations with a U.S. nexus to manage regulatory
requirements by taking steps to ensure that they
understand and are monitoring the activities and
associated risks within third-party relationships.
Third-party reviews are a powerful tool
for companies that want to enjoy the business
benefits of engaging with TPIs while keeping
a close eye on their business activities and
compliance efforts.
KPMG’s proven methodologies associated
with third-party reviews provide solutions while
relieving the burden for companies having to
“figure it out for themselves.” We truly can help
organizations cut through the complexity associated with third-party risk.