The European concern Airbus has been in the news recently for corruption issues. According to an article in the Financial Times (FT), entitled “Airbus sued by middlemen fired following fraud inquiry”, its annual report lists multiple ongoing fraud and corruption investigations which have a risk of a “material impact” on the company’s profits. Yet it was another issue which caught my eye and it was that the company is “being sued by consultants and middlemen who were dismissed as a part of a compliance review initiated following fraud probes around the world.”
At some point, you will be required to terminate a third-party and there will be multiple legal, compliance and business issues to navigate going forward. If you are stuck doing it in the middle of a Foreign Corrupt Practices Act (FCPA) or Bribery Act investigation, such as Airbus is currently under with the UK Serious Fraud Office (SFO), there may well be some tension to do so and do so quickly. If you have not thought through this issue and created a process to follow before it all hits the fan, you may well be in for a very tough road.
The key theme in termination is planning. The Office of Comptroller of the Currency, OCC Bulletin 2013-29, said that regarding third-party termination, a bank should develop a “contingency plan to ensure that the bank can transition the activities to another third party, bring the activities in-house, or discontinue the activities when a contract expires, the terms of the contract have been satisfied, in response to contract default, or in response to changes to the bank’s or third party’s business strategy.”
In an article entitled “Breaking Up Is Hard To Do”, Carol Switzer related how to avoid pain by planning for the end of a third-party relationship. She said it all should begin with “an exit strategy, a transition plan or a pre-nup—whatever the title, it’s best to begin by planning for the end which, in the case of business at least, will always eventually come. Whether due to contract completion or material breach, turning over responsibility to another party, or abandonment of the contracted activity altogether, contract termination is an inevitable phase in the third-party relationship lifecycle.” Planning for the end is important because, “The more long term and layered the relationship, the more difficult it will be to disentangle. The deeper the third-party is embedded in and uses the confidential information of the company and its customers, the greater the risks presented by failing to design a smooth transition process.”
It should originate with clearly specified contract termination rights but that is only the starting point, “To work out a smooth transition, the plan must also include internal change management processes and policies, designated transition team members, contingencies, and adequate resources and time allowances.” Your corporate values must be protected by “clearly designating the disposition of shared intellectual property and infrastructure assets.” Next you need to think through your transition plan by “ensuring rights to hire or continue use of key contractor employees who have been servicing your account, arranging to bringing new contractors or internal managers up to speed, and filing any regulatory or other required notifications.” Finally, bear in mind that your reputation must be protected during this transition process “by controlling and planning for issuance of public statements and social media postings by terminated contractors or their employees, or the best laid transition plans may be for naught.”
You will also need to consider the business risks around the termination of a third-party, particularly on the sales side of your business. This may mean sitting down with a customer or group of customers to explain the reasons behind the termination. Obviously if your business team has not developed a relationship with the end-using customer, this can be a difficult and very problematic conversation.
Unless you are exiting a business sector or territory, you will need to replace the third-party. This means going through the entire five-step process with any potential sales agent or representative. Such planning needs to be built into your termination strategy. If the reason for termination is a contract violation or worse a FCPA violation, there may well be other notifications which are required, both internally and externally to government regulators. You have also been under some type of contractual nondisclosure language and so consultation with your legal counsel, once again both in-house and outside, may be required. Finally, never forgot the reputation damage by releasing such information, or conversely not disclosing it. Both sets of reasons may hurt your business reputation as well.
In addition to the above steps, there are some specific considerations you should take. In the area of data, data privacy and data accessibility, if a third-party has access to your network and systems, such access must be revoked. If your terminated third-party has physical data, you must plan for the return of your data to you in a format that is acceptable to you and is secure. If your data is confidential, you may want to require that it be returned in an encrypted format and via an encrypted channel. You should lay out the time frame for the return of any data.
Alternatively, you can specify that data be destroyed. If this is the route you take with your third-parties, it should be performed in a way which is secure so the data cannot be reconstructed at a later date, through the use of surreptitiously created backup or duplicate data. You should mandate the third-party provide to you a certificate of destruction that confirms the destruction of your data and the methods used for destruction. Information that must be retained should maintain the data protection requirements currently in place, or stronger if the applicable laws change during the time of retention.
Although rarely considered, the termination of a third-party relationship can be as important a step as any other in the management of the third-party lifecycle. While having the contractual right to terminate is a good starting point, it is only the starting point. You not only need to have a compliance and legal plan in place but a business plan as well. If you do not, the cost in both monetary and potential business reputation can be quite high.
As for Airbus, the FT noted that the company said in its annual report it “faced multiple investigations in Germany, Greece, the UK, Romania and Australia. It said that as a result of these inquiries and commercial disputes, it was enhancing its policies procedures and practices, “in particular in respect of sales support activities”.” The company went on to note that it “has significantly reduced the number of middlemen used in foreign sales and last year abolished the Sales and Marketing Organisation that managed these intermediaries.” It also said it was “conducting enhanced due diligence as a precondition for future or continued engagement and to inform decisions on corresponding payments”, the report stated. The company had hired “legal, investigative, and forensic accounting expertise of the highest calibre” to review all of its third-party relationships.”
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2017