Third-party intermediaries pose a significant corruption risk for multinationals. In this six-part series, Jim Nortz provides practical steps to reduce your firm’s corruption risk and avoid prosecution in the event an intermediary is caught paying bribes.
After less than six months on the job as Chief Compliance Officer for a multinational corporation, I found myself in a shabby conference room in the U.S. Department of Justice’s Fraud Division in Washington, D.C. Seated across the table from me was an Assistant U.S. Attorney (AUSA) who was trying to decide whether to prosecute my new employer for multiple Foreign Corrupt Practices Act (FCPA) violations.
Before I took the Chief Compliance Officer position at the firm, the company had voluntarily reported several instances in which its Intermediaries in China, Pakistan and Ukraine paid bribes to government officials. Each of these matters were thoroughly investigated. The company terminated relationships with all the Intermediaries implicated in the corrupt schemes, and I was in the process of leading the work to enhance the company’s global anti-corruption program. The purpose of our meeting with the AUSA was to report the outcome of our investigations and to persuade the Fraud Division not to pursue an enforcement action against the company.
Following our presentation regarding our investigations, the AUSA asked me a series of questions to which I responded:
AUSA: “Do you have enough internal resources to effectively manage your company’s FCPA risks?”
Response: “I do have sufficient resources, and I have the full support of the company’s board of directors and executive leadership team.”
AUSA: “Would you like to have more resources to get the job done? This is something we might be able to help you obtain.”
Response: “Thank you, no. I really do have the resources I need to effectively manage our corruption risks.”
AUSA: “Did the company perform due diligence on the third-party intermediaries who it later caught paying bribes?”
Response: “Yes. We did so with the assistance of a highly regarded agency that specializes in such work.”
AUSA: “Did the agency’s or the company’s due diligence process detect the intermediaries’ corrupt business practices.”
Response: “No.”
AUSA: “If your due diligence process failed to detect corrupt business practices with intermediaries who routinely paid bribes to government officials, why should we or you have any confidence in your third-party anti-corruption program?”
The answer to this question was obvious. Given our experience, we could not reasonably rely exclusively on third-party due diligence checks to effectively manage corruption risks associated with the hundreds of Intermediaries we had scattered around the world. Published data regarding FCPA enforcement actions shows that my company was not alone in its struggle to manage its Intermediary corruption risks.
Ever since the FCPA came into effect in 1977, Intermediaries have presented a vexing compliance challenge for multinational corporations. As the graph below illustrates, the vast majority of FCPA enforcement actions involved criminal activity by Intermediaries rather than their principals alone.
The Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) are well aware of these challenges. In the second edition of its “Resource Guide to the U.S. Foreign Corrupt Practices Act,” released on July 3, 2020 (“2020 Guide”), the DOJ and SEC detail three guiding principles regarding intermediary due diligence:
- As part of risk-based due diligence, a company should understand the qualifications and associations of its third-party partners, including its business reputation and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.
- Companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.
- Companies should undertake some form of ongoing monitoring of third-party relationships. Where appropriate, this may include updating due diligence periodically, exercising audit rights, providing periodic training and requesting annual compliance certifications by the third party.
Like most governmental guidance, it is long on the “what,” but short on the “how.” This series of articles is aimed at filling that gap by providing practical steps your firm can implement that will mitigate your intermediary corruption risks without breaking the bank. Specifically, these articles will set forth five critical elements of a comprehensive intermediary life cycle management program that is integrated into – rather than separate from – routine business operations:
- First-Party Due Diligence
- Third-Party Due Diligence
- Contracting
- Training
- Auditing and Monitoring
The next five parts of this Anti-Corruption Survivor’s Guide will focus on each of these elements individually and provide practical tips on how to implement them.
By standing up an intermediary life cycle program with these five elements at my company, we were ultimately successful in persuading the DOJ’s Fraud Division to decline prosecution and impose no fines despite the many instances of corruption we voluntarily reported. Likewise, by implementing the intermediary life cycle management program described in the subsequent parts of this series, you will substantially reduce corruption risks and put your company in the best possible position to avoid prosecution should one or more of your intermediaries get caught paying bribes to advance your firm’s business interests.
Read Part 2: Harnessing the Power of First-Party Due Diligence
