At the recently concluded Compliance Week 3rd Annual Third-Party Risk Management Conference, Kara Brockmeyer, former head of the Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) unit and now partner at Debevoise & Plimpton LLP, said that if there is no business reason to contract with a third party, this is more than simply indicia of a red flag from the compliance perspective; it is also simply bad business. She expanded on this by also noting that if there is no commercial reason to structure a transaction in a certain manner or the deal does not make sense from the business perspective, not only is it problematic from the compliance perspective it is also bad business.
It should be common sense that you should have a business justification to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have a particular third party represent your company. This concept is enshrined in the 2012 FCPA Guidance, which stated, “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.”
The Internal Revenue Service (IRS) also considers a business justification to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, former IRS special agent and now Vice President at Credit Suisse, has previously said that the lack of business justification could be a red flag, which could signify some possible indicia of corruption. When former regulators from the SEC and IRS both note the importance of a business justification, it is clear that this is something you should incorporate into your compliance program.
However, Brockmeyer took the business justification beyond simply considering the third-party you may engage to a much more robust risk management process. She suggested considering the structure of the transaction in addition to who is aiding your company. To her addition, I would add that you need to consider the business case as well. Such an approach would form a much more robust compliance risk management process. If you want to consider this in the traditional risk management process you might see it in the forecasting, risk assessment and risk-based monitoring approach.
Based on the foregoing, I have developed three steps for a business justification that every company should engage from the business perspective, which aids in operationalizing compliance. (1) Business case; (2) Transaction Partner; and (3) Transaction structure.
You might think it a minimum business practice that every transaction should have a written business case. This minimum requirement is only amplified in FCPA high-risk jurisdictions. Further, such an approach acts as a compliance internal control, in further support of your compliance program. It is well-documented that one of the common reasons for a transaction’s failure is the lack of a business to pursue the project in the first place.
What should you incorporate into your business case? Martin Webster, advises such information as the business problem or opportunity you are trying to solve, the benefits to the organization, obviously the risks and, from the compliance perspective, the potential corruption risks. Certainly, your costs, solutions, timescale for the entire lifecycle of a project, its impact on your business operations and your company’s ability to deliver the project outcomes. In short, the business case should bring together the benefits, disadvantages, costs, and risks of the current situation and future vision so that executive management can decide if the project should go ahead.
The next step should be a business justification for the specific transaction partner. Your business unit must articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner, or will they be involved in a one-off only transaction?
This transaction partner justification should include the competence of the business partner. There should also be a discussion of the compensation structure, both as to the reasonableness and scope. You should begin the entire process by requiring the relevant business unit which desires to obtain the services of any foreign business partner to provide you with a business justification including current opportunities in territory, how the candidate was identified and why no currently existing foreign business relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive. It should include a discussion of the qualifications of the candidate for subject matter expertise and the resources to perform the services for which they are being considered or the expected activities for your company.
From the compliance perspective, you will need the name and contact information for the proposed third party and how the business unit came to know about the third party because it is a red flag if a customer or government representative points you towards a specific third party. You will also need an explanation of why this particular third party should be used, as opposed to an existing or other third party, if such were considered. All of this information should be written down and then signed by the Business Sponsor.
It was here Brockmeyer’s remarks added new insight into the entire business justification process from the compliance perspective. Once again, if the structure of a transaction makes no sense from the business perspective, there may well be a compliance problem with the transaction. For instance, if you are trying to hire a local content partner and you move the structure of the transaction from paying the local content partner as a third-party agent, to a vendor in the supply chain, where your organization already has approved vendors to deliver the same or similar services, it does not make sense from the business perspective. Further, if you then try to move the same third party to an exclusive sole source supplier when you have the same resources inside your organization who can perform the services at a more cost-effective rate it may demonstrate that the transaction structure does not make sense.
Ultimately, I believe the business justification process provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is because you need to lay out the business reason for a transaction; why you are doing it and who you are doing it with, which all operate as a compliance internal control. It also means that compliance is at the table when high-risk business opportunities arise, so they can be managed more effectively and efficiently.
The 3-step business justification process for high-risk transactions can more fully operationalize compliance.Click to tweet
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2018