In this five-part podcast series, I visit with Terry L Orr, a Managing Director at Kroll, a division of Duff & Phelps, the sponsor of this podcast series. We visit on the current state of compliance through the lens of recent Foreign Corrupt Practices Act (FCPA) enforcement actions and the Evaluation of Corporate Compliance Programs, 2019 Guidance, consider some of the specific issues in compliance for private equity and the increased importance of compliance in the healthcare industry. It is a comprehensive look at state of compliance at the half-year mark of 2019. We have previously considered how compliance programs might be updated based upon lessons learned in recent FCPA enforcement actions, then we considered the Department of Justice’s (DOJ’s) recent guidance on corporate compliance. In Part IV, we consider unique challenges for private equity companies in compliance; both in their organizations and for their portfolio companies.

We began with an examination that it is important for private equity firms to focus on the compliance programs of their portfolio or investment companies. Orr believes that the Securities and Exchange Commission (SEC) and the DOJ are placing greater emphasis on the importance of effective compliance programs. He pointed to the DOJ’s recent 2019 Guidance, in which the DOJ emphasized an increased focus on the roles of senior and middle management for enforcing a compliance program. Orr theorizes, the “SEC and DOJ are prepared to hold fund managers responsible if one of their portfolio companies turns out to have internal issues including corruption, lapses in data protection or even the #MeToo movement. Those agencies even have authority over international investments if the fund manager is based in the US, meaning that private equity players will often be forced to grapple with both US and international regulators.”

We next considered specific areas of concern for private equity with international or prospective investments. Here Orr believes that the Trump administration is using sanctions more than any other recent administration. Subsequently, private equity owners need to be aware of whether a prospective portfolio company does business in a region where there are US sanctions, or for certain deals they will have to consider the Committee on Foreign Investment in the U.S. (CFIUS) concerns, in addition to data protection and privacy issues, #MeToo and FCPA issues.

Typically, private equity owners focus on the importance of compliance programs as part of the pre-deal diligence, yet there are reasons why they should be focused on compliance programs after the deal as well. Here Orr noted, “It’s always possible that a new issue will arise in the wake of a deal being signed but fund managers need to ensure that in the aftermath of a deal, the portfolio company is either fully compliant or is taking steps to make sure it will be fully compliant going forward.”

We turned to the question of what should fund managers do to ensure portfolio companies are fully compliant with applicable government regulations and guidance? In this area Orr believes, “the best way to be vigilant is to do serious diligence and then implement the policies that will put a business in the best position to avoid being penalized by a regulator.” A private equity owner should utilize teams of experienced professionals, specializing in a variety of industries, that assist fund managers to test compliance programs for weaknesses and gaps and then help them implement policies that will put a business in the best position to avoid being penalized by regulators or experience loses from nefarious acts by employees and non-employees.

One of the things I have long worried about in this arena is the owners spending the needed money on the testing and improvement of its portfolio companies’ compliance programs. I asked Orr about his observations. He stated, “historically private equity owners have been hesitant to spent money on compliance programs, however, more recently I’ve seen a shift in the market. PE sponsors are placing greater importance on a portfolio company’s existing control structure.”

He continued that this shift has come from three separate yet interdependent reasons. The first is that   due to the sky-high valuations at which many businesses are trading, buyers have no choice but to pay top dollar for a company, leaving virtually no margin for error or future losses caused by a weak compliance program. Secondly, while the cost of fines and penalties might be a qualifiable risk, the risk of reputational damage is unquantifiable and thus greater effort is being spent to protect against it. Finally, due to the quantifiable nature of fines, penalties and even fraud loss, private equity owners are finding a positive return on investment (ROI) in testing and establishing strong compliance and control structures.

Always being interested in a positive ROI on establishing a strong compliance and control structure, I asked Orr if he could provide an example. He cited to the following, “The Association of Certified Fraud Examiners (ACFE) estimates in the ACFE’s 2018 Report to the Nations, that companies are losing approximately 5% of annual revenues to fraud. In a company generating $15M annually, with an EBITDA of $2.250M, losing 5% of revenues or $750K, would have a valuation impact on the company of approximately $9.0M, assuming a valuation of 12X EBITDA. This shows that an undetached fraud totaling 5% of revenues can decrease a company’s valuation by as much as 25%.”

Of course private equity is in many areas where there is heightened government oversite including companies with international operations (particularly in certain parts of the world); the banking and financial services industry; healthcare, pharmaceuticals and biotechnology companies; companies performing government contracting; construction, engineering and infrastructure companies (due to multi-year contracts); and software development and services companies (tech in general).

We concluded by discussing that many private equity owners believe that since their portfolio companies are audited by independent auditors, there is no need for additional testing or remediation on a portfolio company’s compliance program or internal control structure. Orr believes that approach has significant risks. He detailed three. First, “Management is primarily responsible for establishing and testing compliance programs and internal controls. Second, independent auditors test a company’s financial statements for material accuracy. Third, fraud schemes generally fall under an auditors’ materiality threshold for testing. Four and finally, professional accounting standards do not mandate that auditors resolve fraud or allegations of fraud unless engaged to do so.” In other words,  private equity owners need to perform additional testing and monitoring of the status of their portfolio companies’ compliance programs.

For more information on Kroll, a division of Duff & Phelps, click here. For more information on Terry Orr, click here. Join us for our final episode where take a deep dive into the burgeoning issues of healthcare and compliance.