Yesterday, I looked at some of the more creative bribery schemes identified in 2019 Foreign Corrupt Practices Act (FCPA) enforcement actions. They were schemes involving distributors, joint ventures (JVs) and fraudulent third-party service providers. Today, I wanted to follow up with some responses for the compliance professional to use going forward for the bribery schemes identified.
I. Discounts to Distributors
For distributors there should be an entire discount approval process, which not only must be followed but there must be oversight and testing of the process. If multiple requests for a discount come in and they all have the same business justification that is a red flag in and of itself, warranting further investigation. As far back as the BHP Billiton FCPA enforcement action, where business justification for government travel to the 2008 Beijing Olympics became a cut and paste job, the regulators have made clear that there must be a substantive reason for the discount and that discount must be tested.
This testing also comes in the form of reviewing, with a critical eye the backup documentation to demonstrate the business case for the discount. If there is no documentation, the discount request should not be approved. If there are conditions attached to the discount approval, such as a time limit expiration on the discounts; there must be follow up to determine if the discount was revoked or otherwise take off the table.
II. Joint Ventures
a. Forming the JV
JVs provide many FCPA risks that other types of business relationships do not bring. For instance, the JV may interact with foreign government officials or employees of a state-owned enterprise; then leverage those relationships for an improper benefit relating to contracts, regulatory licenses, permits or customs approvals. It is difficult to regulate a JVs interaction with foreign government officials when your partner is a state-owned enterprise, or where your company is relying on the local company for its local contacts and expertise for business development and/or regulatory knowledge and experience.
The risks are compounded when the US company does not exercise control of the JV. This is further compounded by the fact there is no minimum threshold for a FCPA enforcement action against a US company for the actions of a JV in which it holds an interest. If a company holds something less than majority rights, it must urge, beg and plead for the majority partner to adhere to anti-corruption compliance standards and controls. Often, these requirements are established in the JV agreement but the success in securing such contract protections depends on the importance of the global company to the JV itself.
Knowing who your JV partners are is a mandatory step therefore robust due diligence is something you must engage in from the start. Both the Fresenius Medical Care AG & Co. KGaA (FMC) and Westport Fuels Systems, Inc. (Westport) enforcement actions demonstrate that if a government official has or even hides an interest in a JV; payments, distributions and buy-outs can be an avenue to make corrupt payments.
b. The JV Agreement
As a starting point, it is important to have compliance terms and conditions, these reasons can include some of the following: 1) to set expectations between the parties; 2) to demonstrate the seriousness of the issue to the non-US party; and 3) to provide a financial incentive to do business in compliant manner.
You must have an absolute prohibition of all forms of bribery and corruption. Many foreign JV partners may not understand that the FCPA applies to them if they partner in a business relationship with a US company. Further, they do not understand that they may be covered persons under the FCPA. This all must be spelled out for them. Audit rights are a key clause in any compliance terms and conditions and must be secured.
c. Managing the Relationship
A key tool in managing the affiliation with a JV post-contract execution is auditing. Your compliance audit should be a systematic, independent and documented process for obtaining evidence and evaluating it objectively to determine the extent to which your compliance terms and conditions are followed. You should work to obtain, review, analyze and evaluate relevant data; and use the data as a basis to remediate any issues which have arisen in the operation of the JV.
In addition to monitoring and oversight of your JVs, you should periodically review the health of your JV management program. The robustness of your JV management program will go a long way towards preventing, detecting and remediating any compliance issue before it becomes a full-blown FCPA violation. As with all the steps laid out, you need to fully document all steps you have taken so that any regulator can review and test your metrics. The 2019 Evaluation of Corporate Compliance Programs (2019 Guidance) lays out what the Department of Justice (DOJ) will be reviewing and evaluating going forward for your compliance program. You should also use these metrics to conduct a self-assessment on the state of your compliance program for your JVs.
III. Third-Party Services
The steps in the lifecycle management of any third-party are mandatory for every compliance regime. There should be a business justification which is reviewed by an appropriate level of compliance. It then moves to robust due diligence for any third parties, whether they are sales side representatives or provide goods/services to your organization through the Supply Chain. Quad/Graphics Inc. (Quad/Graphics) is the starkest in this area as a simple check on the corrupt third-parties would have revealed that they were all owned by the same individual, their corporate information was all the same as they were all registered in the same city, with the same address. This was topped off by the fact that they had no real business operations and any visual inspection would have demonstrated this.
Yet the most important step is managing the relationship after the contract is signed. This is the key lesson from Quad/Graphics and FMC. What does the information in the invoice provide to you? Are the services delivered legitimate? For Quad/Graphics, the services described were performed by in-country Quad/Graphics employees. In the case of FMC, the services listed were for the non-existent storage of non-existent products. Other indicia of fraud and corruption found in invoices include multiple invoices with consecutive numbering’ with the same date and dollar amount, invoices with rounded dollar amounts, invoices with no supporting documentation and, finally, hand delivery of check so there was no bank to verify the accounts. A simple review by someone who knew what they were doing would raise red flags and lead to further investigation.
Fraudsters are always looking for loopholes and weak spots to exploit. The same is true for those engaged in bribery and corruption. The role of every compliance professional is the prevent, detect and remediate. By following some of the approaches I have outlined, you can move towards more robust detection.