Ken JohnsonBefore Jim Crane came along to purchase the Houston Astros and provide us all with some of the best lessons learned for the compliance practitioner, they had a long and storied history, even if part of that history included not achieving much in the way of success. After all it took the Astros 50 years to reach the World Series (reach – not win). Before they had that inglorious run, they were known as the Houston Colt 45s and they were even more sad sack than after they re-moninkered themselves as the Astros.

In the Pantheon of baseball achievements one Houston Colt 45 stands above all. It is Ken Johnson, who died earlier this week. Johnson’s achievement – he is the only pitcher in the long and storied history of baseball, who pitched a complete game no-hitter and lost. In a game against the Cincinnati Reds, on April 23, 1964, with one out in the 9th inning, Johnson fielded a bunt by Pete Rose and threw wildly to first, allowing Rose to reach second. Rose scored two batters later on an error by second baseman Nellie Fox. The Reds won the game 1-0.

I thought about hard luck Ken Johnson in the context of the continued difficulty companies face around liability for third parties under the Foreign Corrupt Practices Act (FCPA). There are two areas that do not get as much attention that I wanted to focus on today. The first is the Questionnaire you utilize to help in the evaluation of any third party and the second is the compliance terms and conditions you should include in any commercial agreement with third parties.

Below are some of the areas that I think you should inquire into through your Questionnaire to a proposed third party:

  • Ownership Structure: Describe whether the proposed third party is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials?
  • Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed third party. You should obtain financial records, audited for 3 to 5 years, if available. Obtain the name and contact information for their banking relationship.
  • Personnel: Determine whether the proposed agent will be providing personnel, particularly whether any of the employees are government officials. Make sure that you obtain the names and titles of those who will provide services to your company.
  • Physical Facilities: Describe what physical facilities that will be used by the third party for your work. Be sure and obtain their physical address.
  • References: Obtain names and contact information for at least three business references that can provide information on the business ethics and commercial reliability of the proposed third party.
  • PEPs: Are any of the owners, beneficial owners, officers or directors politically exposed persons (PEPs).
  • UBO: It is imperative that you obtain the identity of the Ultimate Beneficial Owner (UBO).
  • Compliance Regime: Does the proposed third party have an anti-corruption/anti-bribery program in place? Do they have a Code of Conduct? Obtain copies of all relevant documents and training materials.
  • FCPA Training and Awareness: Has the proposed third party received FCPA training, are they TRACE certified or certified by some other recognizable entity?

One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.

The questionnaire fills several key roles in your overall management of third parties. Obviously it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.

Similarly, compliance terms and conditions should be in every contract, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.

In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it:

  • Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
  • Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
  • Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
  • No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
  • Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
  • Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
  • On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
  • Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
  • Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.

Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simple to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the Department of Justice (DOJ) will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the Deferred Prosecution Agreement (DPA) and in the FCPA Guidance. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party.

Two of the under-utilized tools of third party risk management are the third party questionnaire and compliance terms and conditions. By using these relatively simple and straightforward techniques you can help avoid the hard-luck nature of Ken Johnson and losing the game when you pitch a no-hitter.

A Happy Thanksgiving to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015

DOJI have devoted quite a bit of space over the past few weeks to changes the Department of Justice (DOJ) has been announcing since September with the release of the Yates Memo, the new-breaking story of the DOJ Compliance Counsel, through to the November announcements by Sally Yates clarifying compliance credit under the Memo which bears her name and Leslie R. Caldwell’s articulation of the metrics the DOJ Compliance Counsel will use when evaluating corporate compliance programs.

One thing I did not discuss was the article in the Washington Post by Ellen Nakashima, entitled “Justice Department could give firms a pass on foreign bribery if they confess”, where she wrote about a potential change in DOJ enforcement focus under the Foreign Corrupt Practices Act (FCPA), away from prosecuting companies to going after individuals. I plan to rectify this gap in coverage with an event that I have wanted to put on for some time, a Webinar with FCPA expert, Mike Volkov.

In this webinar we will review the announcements and changes in enforcement focus and explain how the DOJ’s FCPA enforcement program is expected to undergo a significant change in policy focus going forward. We will build from the recent adoption of the Yates Memorandum, the DOJ hiring of a new Compliance Counsel to review and evaluate FCPA compliance programs, the attendant metrics and how the DOJ is modifying its corporate prosecution focus.

When you couple the above with the Washington Post article suggesting that DOJ is considering offering companies leniency in exchange for full cooperation and disclosure of FCPA violations so long as the company cooperates fully in the prosecution of culpable individuals and the company maintains an effective anti-corruption compliance program; you have quite a story to explore. Such a change in prosecution strategy could have a significant impact on corporate liability for FCPA violations as well as corporate compliance programs. Businesses have long advocated for a leniency program and one may soon be put into practice.

Both Mike and I are quite excited to be putting on our first joint Webinar. His experience as a former DOJ prosecutor will provide valuable insight into how the Yates Memo will work to change the focus of line prosecutors, from their resources, to how prosecutors are evaluated. Moreover, Volkov has long advocated that companies understand more precisely how and what are the specific benefits of self-disclosure. Back at the Senate Judiciary hearing of 2010, he advocated a self-disclosure model based along the lines of the DOJ program for anti-trust enforcement. Now with the release of the Yates Memo and further clarifications from Sally Yates, I believe we have come quite close to what Volkov advocated. I know you will benefit from hearing about how Volkov thinks this new leniency program may well work in practice.

So I hope you will join Michael and myself, next Tuesday, December 1 at 2 PM EST, for a one-hour exploration of the changes wrought in 2015, what they may mean for FCPA enforcement in 2016 and beyond. I will review some of the specific compliance program inputs we received from the announcement of the DOJ’s Compliance Counsel and Caldwell’s articulation of the compliance program metrics. For more information and registration details, click here.

Eiffel Tower after attacksThe attacks in Paris and subsequent events have horrified any right-minded person. The slaughter of innocent civilians sickened the world and the outpouring of support for the city of Paris; the country of France and the French people has been universal. One of the things that I thought about in the aftermath is the intersection of corruption and terrorism. The EU open border policy and its banks notoriously lax money laundering regimes and enforcement could certainly have contributed to some of the underlying factors leading to the attack. I am sure there will be aggressive and robust responses from governments across the globe involving new and beefed up anti-money laundering (AML) laws. This is something the anti-corruption compliance practitioner and all US companies need to prepare for in the days and weeks to come, largely in response to the attacks in Paris.

Most anti-corruption compliance practitioner and most US companies do not focus on AML compliance or corporate AML controls. However, the bad guys think about how to move money around from their ill-gotten gains quite a bit, using the most innocuous types of business. In an article Los Angeles Times (LAT), entitled “Cartels use legitimate trade to launder money, US and Mexico say”, reporters Tracy Wilkinson and Ken Ellingwood described a process whereby teams of money launderers working for cartels use dollars to purchase a commodity from the US and then export the commodity to Mexico or Colombia. A key is that “Paperwork is generated that gives a patina of propriety” which means that drug money is given the appearance of legitimate proceeds from a legitimate commercial transaction. An Immigration and Customs official interviewed said, “It’s such a great scheme. You could hide dirty money in so much legitimate business, and they do. You can audit their books all day long and all you see is goods being imported and exported.” Another scheme involved several executives of Angel Toy Company, who conspired with Mexican drug cartels to launder drug money through a scheme to purchase Teddy Bears (of all things), for shipment back to and for resale in Mexico. The plan was straightforward, just under $10K of cash for each shipment of Teddy Bears, which were then resold in Mexico.

The key is that the commodities being purchased are so mild that large bulk purchases will rarely, if ever, draw any official scrutiny. The goods purchased can be red tomatoes or bolts of cotton fabric. In either case, the commodity itself does not matter, as the simple fact of purchasing in the US, shipping into, and reselling in Mexico allows the drug cartels to “transfer earnings back home to pay bills and buy new drug supplies while converting dollars to pesos in a transaction relatively easy to explain to authorities.”

However, now money launderers use even more sophisticated tactics such as “overvaluing and undervaluing invoices and customs declarations.” There is even a new term “trade-based money-laundering” used to denominate the schemes. It was reported that in another operation, which was estimated to launder over $1MM every three weeks, money launderers were exporting from the US to Mexico polypropylene pellets that are used to make plastic. However, the money launderers inflated the value declared on the high-volume shipments and this eventually attracted suspicion of US bank investigators, “who shut down the export operation by discontinuing letters of credit that the suspected launderers were using.” One official noted, “You generate all this paperwork on both sides of the border showing that the product you’re importing has this much value on it, when in reality you paid less for it. Now you’ve got paper earnings of a million dollar and the million dollars in my bank account – it’s legitimate. It came from this here, see?”

Transactional based due diligence and internal controls are mandatory components of Foreign Corrupt Practices Act (FCPA) minimum best practices compliance program. In addition to due diligence on agents, distributors or others in the sales distribution chain, companies need to perform due diligence on those to whom they sell. If someone from Mexico suddenly comes to your business and wants to buy widgets with cash, this needs to send up a huge Red Flag.

Banks and financial institutions have led the way in fighting money laundering through their robust AML controls. Below I have listed some AML Red Flags that you can begin to use now:

  1. Legitimacy of the party and/or assets are undeterminable through due diligence or independent verification;
  2. The party proffers false, misleading or substantially incorrect information and documentation;
  3. The party suggests transactions involving cash or insists on dealing only in cash equivalents;
  4. The party refuses to disclose or to provide documentation concerning identity, nature of business, or nature and source of assets;
  5. The party refuses to identify a principal or beneficial owner;
  6. The party appears to be acting as an agent for an undisclosed principal or beneficial owner, but is reluctant to provide information, or is otherwise evasive, regarding the identity of the principal or beneficial owner;
  7. The party is a shell company and refuses to disclose the identity of the party’s beneficial owner;
  8. The party has assets that are well beyond its known income or resources;
  9. The party requests that funds be transferred to an unrelated third party and is unable to provide sufficient legitimate and independently verifiable justification for such request;
  10. The party requests a wire transfer to a jurisdiction other than the one in which the party is located and is unable to provide sufficient legitimate and independently verifiable justification for such request, particularly if located in an “offshore” bank secrecy or tax haven;
  11. The party engages in transactions that appear to have been structured so as to avoid government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds;
  12. The party exhibits unusual concern about compliance with government reporting requirements;
  13. The party exhibits a lack of concern regarding risks or other transaction costs;
  14. The party wishes to engage in a transaction that lacks business sense, economic substance or apparent investment strategy;
  15. The party lacks general knowledge of its industry or lacks adequate facilities or qualified staff to perform the required tasks or work;
  16. The party requests that a transaction be processed in a manner that circumvents procedures or avoids documentation requirements;
  17. The party is included on list of Specially Designated Nationals, or similar lists maintained by the U.S. Government and the United Nations, or is associated with such individuals and entities;
  18. The party is located or has accounts or financial dealings in countries either identified as being non-cooperative with international efforts against money laundering by the Financial Action Task Force, or against whom the U.S. Treasury Department has issued an advisory;
  19. The party, or any person associated with the party, is or has been the subject of any formal or informal allegations (including in the reputable media) regarding possible criminal, civil or regulatory violations or infractions; and
  20. The independent due diligence conducted uncovers allegations that raise concerns regarding the party’s integrity.

Obviously there is a large overlap with anti-corruption due diligence and red flags. While most anti-corruption compliance practitioners understand the basic concepts behind KnowYourCustomer programs, including due diligence and policies and procedures, most of corporate America is quite far behind banks and financial institutions in the sophistication around detecting, investigating and reporting suspicious transactions. I think companies will need to take a look at the steps they place around AML compliance and the sooner the better.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015

Free TipsUsually I have Houston professional sports teams to hold high as example of true bone headedness around compliance issues. However, as my beloved Houston Astros took the World Series Champions, KC Royals, to the 7th inning of a game 5 before folding in the American League (AL) Division Series and then had the AL Rookie of the Year and Cy Young Award winners, I cannot cite to them about now. How about the NFL’s worst excuse for a football team, the Houston Texans? Once again no because they just put a huge beat-down, old-school butt-whoopin’ on the previously undefeated BB shootin’ rootin’ tootin’ Andy Dalton-led Cincinnati Bengals this past Monday night. Finally, the pathetic Houston Rockets, who made last year’s NBA Western Conference finals, yet unceremoniously quit playing for Coach Kevin McHale after a paltry seven games this season because, you know he hurt their feelings when he questioned their work ethic, thereby getting himself fired; they actually started trying not to lose and won the first game after said termination. So we will give Houston professional sports teams a pass this week for my ‘Stupid is as stupid does’ lesson, at least for this week.

However, there is one German automobile manufacturer who has joined the ranks of Houston professional sports teams in providing lessons learned on what not to do in the wake of scandals. I, of course, refer to Volkswagen (VW) that apparently not only cannot find its left hand with its right hand but also may actually be trying to avoid finding either hand all together about now. What did the German national brand mean to you before the VW emissions-testing scandal? For me in meant two things: Quality and Honesty. Now it appears single-handedly VW is trying to destroy both of these positive legacies with its actions in the wake of the September revelations. As reported William Boston and Mike Spector in the Wall Street Journal (WSJ), in an article entitled “VW to Meet With Regulators as Patience Frays”, the German auto manufacturing company has moved from Forest Gump mode in handling it responsibilities to outright insanity in how it deals with regulators and the public. Whatever its reasons for doing so, I seriously think it will certainly not work to VW’s benefit.

VW has become the textbook case of what not to do in the wake of a huge corporate scandal. If you are a Chief Compliance Officer (CCO) or compliance practitioner, you should be watching, reading and listening carefully not only for yourself but also for your senior management and Board of Directors. VW’s descent into near PR-madness all started when the company allowed the Environmental Protection Agency (EPA) to make the initial announcement that VW had indeed cheated with its ‘defeat device’ and then consistently lied about it to regulators across the globe.

How bad was the bone-headed public relations disaster? Two of the company’s Directors were not even told about the scandal or the company’s admission that it had intentionally installed the defeat the device almost five years ago. The WSJ reported that Board member and “Lower Saxony Prime Minister Stephan Weil told his legislature on Oct. 13 that he and a top deputy heard the news “from media reports” over the weekend.” A former Board member and current German Vice Chancellor, Sigmar Gabriel, “also learned about the scandal from media reports. When one of his top aides awoke to coverage on Saturday morning, Volkswagen was unreachable”. VW’s response was almost priceless. The WSJ piece said, “A Volkswagen spokesman said management wasn’t required to inform Mr. Weil or other directors until the full dimension of the scandal became clear.” Don’t you love it when the lawyers write the press releases? (Free compliance tip # 1 for VW – tell your Board members that you have violated the law before they here it from US regulators on TV.)

But even more than keeping their own Board members and high German government officials in the dark, VW has embarked on a campaign to (apparently) alienate regulators across the globe so deeply that the company will lose all credibility. The article noted “EU Industry Commissioner Elzbieta Bienkowska was in Berlin recently and believed she had a meeting set with Herbert Diess, chief of the Volkswagen brand. The meeting was canceled. “I don’t think it was a good decision,” she said. “I don’t know why it was canceled. It was not me who canceled.” A Volkswagen spokesman said Mr. Diess and Ms. Bienkowska didn’t have a confirmed appointment that day.” With only understatement that the WSJ could get away with, the article noted, “While possibly a misunderstanding, the exchange shows how tense Volkswagen’s relationship with Brussels has become.” Indeed. (Free compliance tip # 2 for VW (and Mr. Diess) – have your people, call her people and confirm.)

Don’t worry as I am just getting warmed up because VW has gone further than just insulting the paltry EU Industry Commissioner and their own Board members. First as to US regulators, VW has, once again apparently, decided to fight tooth and nail. Earlier this month, “Volkswagen received another notice from the EPA, this time alleging cheating software also was in 3.0-liter diesel engines used in luxury sedans and sport-utility vehicles made by its namesake, Audi and Porsche units. Volkswagen contested the claim, but still angered some customers who bought the vehicles only to see them drop in value.” The article somewhat dryly noted, “Impressions matter in high-stakes government investigations. Past cases indicate the U.S. is more inclined to impose lower fines on companies that are seen as cooperative in public, even if disagreements over facts continue behind closed doors.” (Free compliance tip # 3 for VW – credibility is key with regulators. So don’t use the public defense that we lied and cheated regarding the emissions-testing for only 12 million of our cars, but not the rest.)

Indeed the VW attitude towards the EPA has become so toxic that even the German government has called the company to task. The WSJ article said “Interactions between Volkswagen and the EPA got so bad that German Transport Minister Alexander Dobrindt publicly criticized the company after he met with agency officials last month. The EPA “is dissatisfied—angry,” he said in Washington, D.C., after meeting U.S. officials. “Trust has been destroyed and it will take considerable work to rebuild it.””

As you might expect VW sales are now down, yet the company has not provided its sales force, i.e. the VW dealers out there, information on how to respond or even what is going on. The article reported, “Some dealers say they are equally frustrated.

“We still don’t know what to tell our customers,” said Steve Kalafer, who co-owns Flemington Car & Truck Country, a New Jersey-based dealership. “We need details about how VW plans to make our customers whole.”” (Free compliance tip # 4 for VW – your sales force is the organization that faces the public; keep them informed so they can talk to your customers.)

All in all, one quote from the article sums it up, when the WSJ quoted Sasja Beslik, head of Responsible Investments at Swedish fund group Nordea Asset Management for the following, “This is a textbook example of how it should not be done”. Amen, brother.

Finally, free compliance tip # 5 for VW, call Jim Crane, owner of the Houston Astros, who intentionally tanked his team for three years so the team had the worst record in baseball yet this year had a team in the playoffs. I cannot think of anyone more well suited to advise you how to run your business about now as Crane certainly cannot give you any worse advice on how to run your business.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015