Ken JohnsonBefore Jim Crane came along to purchase the Houston Astros and provide us all with some of the best lessons learned for the compliance practitioner, they had a long and storied history, even if part of that history included not achieving much in the way of success. After all it took the Astros 50 years to reach the World Series (reach – not win). Before they had that inglorious run, they were known as the Houston Colt 45s and they were even more sad sack than after they re-moninkered themselves as the Astros.

In the Pantheon of baseball achievements one Houston Colt 45 stands above all. It is Ken Johnson, who died earlier this week. Johnson’s achievement – he is the only pitcher in the long and storied history of baseball, who pitched a complete game no-hitter and lost. In a game against the Cincinnati Reds, on April 23, 1964, with one out in the 9th inning, Johnson fielded a bunt by Pete Rose and threw wildly to first, allowing Rose to reach second. Rose scored two batters later on an error by second baseman Nellie Fox. The Reds won the game 1-0.

I thought about hard luck Ken Johnson in the context of the continued difficulty companies face around liability for third parties under the Foreign Corrupt Practices Act (FCPA). There are two areas that do not get as much attention that I wanted to focus on today. The first is the Questionnaire you utilize to help in the evaluation of any third party and the second is the compliance terms and conditions you should include in any commercial agreement with third parties.

Below are some of the areas that I think you should inquire into through your Questionnaire to a proposed third party:

  • Ownership Structure: Describe whether the proposed third party is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials?
  • Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed third party. You should obtain financial records, audited for 3 to 5 years, if available. Obtain the name and contact information for their banking relationship.
  • Personnel: Determine whether the proposed agent will be providing personnel, particularly whether any of the employees are government officials. Make sure that you obtain the names and titles of those who will provide services to your company.
  • Physical Facilities: Describe what physical facilities that will be used by the third party for your work. Be sure and obtain their physical address.
  • References: Obtain names and contact information for at least three business references that can provide information on the business ethics and commercial reliability of the proposed third party.
  • PEPs: Are any of the owners, beneficial owners, officers or directors politically exposed persons (PEPs).
  • UBO: It is imperative that you obtain the identity of the Ultimate Beneficial Owner (UBO).
  • Compliance Regime: Does the proposed third party have an anti-corruption/anti-bribery program in place? Do they have a Code of Conduct? Obtain copies of all relevant documents and training materials.
  • FCPA Training and Awareness: Has the proposed third party received FCPA training, are they TRACE certified or certified by some other recognizable entity?

One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.

The questionnaire fills several key roles in your overall management of third parties. Obviously it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.

Similarly, compliance terms and conditions should be in every contract, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.

In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it:

  • Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
  • Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
  • Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
  • No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
  • Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
  • Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
  • On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
  • Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
  • Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.

Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simple to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the Department of Justice (DOJ) will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the Deferred Prosecution Agreement (DPA) and in the FCPA Guidance. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party.

Two of the under-utilized tools of third party risk management are the third party questionnaire and compliance terms and conditions. By using these relatively simple and straightforward techniques you can help avoid the hard-luck nature of Ken Johnson and losing the game when you pitch a no-hitter.

A Happy Thanksgiving to all.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015

DOJI have devoted quite a bit of space over the past few weeks to changes the Department of Justice (DOJ) has been announcing since September with the release of the Yates Memo, the new-breaking story of the DOJ Compliance Counsel, through to the November announcements by Sally Yates clarifying compliance credit under the Memo which bears her name and Leslie R. Caldwell’s articulation of the metrics the DOJ Compliance Counsel will use when evaluating corporate compliance programs.

One thing I did not discuss was the article in the Washington Post by Ellen Nakashima, entitled “Justice Department could give firms a pass on foreign bribery if they confess”, where she wrote about a potential change in DOJ enforcement focus under the Foreign Corrupt Practices Act (FCPA), away from prosecuting companies to going after individuals. I plan to rectify this gap in coverage with an event that I have wanted to put on for some time, a Webinar with FCPA expert, Mike Volkov.

In this webinar we will review the announcements and changes in enforcement focus and explain how the DOJ’s FCPA enforcement program is expected to undergo a significant change in policy focus going forward. We will build from the recent adoption of the Yates Memorandum, the DOJ hiring of a new Compliance Counsel to review and evaluate FCPA compliance programs, the attendant metrics and how the DOJ is modifying its corporate prosecution focus.

When you couple the above with the Washington Post article suggesting that DOJ is considering offering companies leniency in exchange for full cooperation and disclosure of FCPA violations so long as the company cooperates fully in the prosecution of culpable individuals and the company maintains an effective anti-corruption compliance program; you have quite a story to explore. Such a change in prosecution strategy could have a significant impact on corporate liability for FCPA violations as well as corporate compliance programs. Businesses have long advocated for a leniency program and one may soon be put into practice.

Both Mike and I are quite excited to be putting on our first joint Webinar. His experience as a former DOJ prosecutor will provide valuable insight into how the Yates Memo will work to change the focus of line prosecutors, from their resources, to how prosecutors are evaluated. Moreover, Volkov has long advocated that companies understand more precisely how and what are the specific benefits of self-disclosure. Back at the Senate Judiciary hearing of 2010, he advocated a self-disclosure model based along the lines of the DOJ program for anti-trust enforcement. Now with the release of the Yates Memo and further clarifications from Sally Yates, I believe we have come quite close to what Volkov advocated. I know you will benefit from hearing about how Volkov thinks this new leniency program may well work in practice.

So I hope you will join Michael and myself, next Tuesday, December 1 at 2 PM EST, for a one-hour exploration of the changes wrought in 2015, what they may mean for FCPA enforcement in 2016 and beyond. I will review some of the specific compliance program inputs we received from the announcement of the DOJ’s Compliance Counsel and Caldwell’s articulation of the compliance program metrics. For more information and registration details, click here.

Eiffel Tower after attacksThe attacks in Paris and subsequent events have horrified any right-minded person. The slaughter of innocent civilians sickened the world and the outpouring of support for the city of Paris; the country of France and the French people has been universal. One of the things that I thought about in the aftermath is the intersection of corruption and terrorism. The EU open border policy and its banks notoriously lax money laundering regimes and enforcement could certainly have contributed to some of the underlying factors leading to the attack. I am sure there will be aggressive and robust responses from governments across the globe involving new and beefed up anti-money laundering (AML) laws. This is something the anti-corruption compliance practitioner and all US companies need to prepare for in the days and weeks to come, largely in response to the attacks in Paris.

Most anti-corruption compliance practitioner and most US companies do not focus on AML compliance or corporate AML controls. However, the bad guys think about how to move money around from their ill-gotten gains quite a bit, using the most innocuous types of business. In an article Los Angeles Times (LAT), entitled “Cartels use legitimate trade to launder money, US and Mexico say”, reporters Tracy Wilkinson and Ken Ellingwood described a process whereby teams of money launderers working for cartels use dollars to purchase a commodity from the US and then export the commodity to Mexico or Colombia. A key is that “Paperwork is generated that gives a patina of propriety” which means that drug money is given the appearance of legitimate proceeds from a legitimate commercial transaction. An Immigration and Customs official interviewed said, “It’s such a great scheme. You could hide dirty money in so much legitimate business, and they do. You can audit their books all day long and all you see is goods being imported and exported.” Another scheme involved several executives of Angel Toy Company, who conspired with Mexican drug cartels to launder drug money through a scheme to purchase Teddy Bears (of all things), for shipment back to and for resale in Mexico. The plan was straightforward, just under $10K of cash for each shipment of Teddy Bears, which were then resold in Mexico.

The key is that the commodities being purchased are so mild that large bulk purchases will rarely, if ever, draw any official scrutiny. The goods purchased can be red tomatoes or bolts of cotton fabric. In either case, the commodity itself does not matter, as the simple fact of purchasing in the US, shipping into, and reselling in Mexico allows the drug cartels to “transfer earnings back home to pay bills and buy new drug supplies while converting dollars to pesos in a transaction relatively easy to explain to authorities.”

However, now money launderers use even more sophisticated tactics such as “overvaluing and undervaluing invoices and customs declarations.” There is even a new term “trade-based money-laundering” used to denominate the schemes. It was reported that in another operation, which was estimated to launder over $1MM every three weeks, money launderers were exporting from the US to Mexico polypropylene pellets that are used to make plastic. However, the money launderers inflated the value declared on the high-volume shipments and this eventually attracted suspicion of US bank investigators, “who shut down the export operation by discontinuing letters of credit that the suspected launderers were using.” One official noted, “You generate all this paperwork on both sides of the border showing that the product you’re importing has this much value on it, when in reality you paid less for it. Now you’ve got paper earnings of a million dollar and the million dollars in my bank account – it’s legitimate. It came from this here, see?”

Transactional based due diligence and internal controls are mandatory components of Foreign Corrupt Practices Act (FCPA) minimum best practices compliance program. In addition to due diligence on agents, distributors or others in the sales distribution chain, companies need to perform due diligence on those to whom they sell. If someone from Mexico suddenly comes to your business and wants to buy widgets with cash, this needs to send up a huge Red Flag.

Banks and financial institutions have led the way in fighting money laundering through their robust AML controls. Below I have listed some AML Red Flags that you can begin to use now:

  1. Legitimacy of the party and/or assets are undeterminable through due diligence or independent verification;
  2. The party proffers false, misleading or substantially incorrect information and documentation;
  3. The party suggests transactions involving cash or insists on dealing only in cash equivalents;
  4. The party refuses to disclose or to provide documentation concerning identity, nature of business, or nature and source of assets;
  5. The party refuses to identify a principal or beneficial owner;
  6. The party appears to be acting as an agent for an undisclosed principal or beneficial owner, but is reluctant to provide information, or is otherwise evasive, regarding the identity of the principal or beneficial owner;
  7. The party is a shell company and refuses to disclose the identity of the party’s beneficial owner;
  8. The party has assets that are well beyond its known income or resources;
  9. The party requests that funds be transferred to an unrelated third party and is unable to provide sufficient legitimate and independently verifiable justification for such request;
  10. The party requests a wire transfer to a jurisdiction other than the one in which the party is located and is unable to provide sufficient legitimate and independently verifiable justification for such request, particularly if located in an “offshore” bank secrecy or tax haven;
  11. The party engages in transactions that appear to have been structured so as to avoid government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds;
  12. The party exhibits unusual concern about compliance with government reporting requirements;
  13. The party exhibits a lack of concern regarding risks or other transaction costs;
  14. The party wishes to engage in a transaction that lacks business sense, economic substance or apparent investment strategy;
  15. The party lacks general knowledge of its industry or lacks adequate facilities or qualified staff to perform the required tasks or work;
  16. The party requests that a transaction be processed in a manner that circumvents procedures or avoids documentation requirements;
  17. The party is included on list of Specially Designated Nationals, or similar lists maintained by the U.S. Government and the United Nations, or is associated with such individuals and entities;
  18. The party is located or has accounts or financial dealings in countries either identified as being non-cooperative with international efforts against money laundering by the Financial Action Task Force, or against whom the U.S. Treasury Department has issued an advisory;
  19. The party, or any person associated with the party, is or has been the subject of any formal or informal allegations (including in the reputable media) regarding possible criminal, civil or regulatory violations or infractions; and
  20. The independent due diligence conducted uncovers allegations that raise concerns regarding the party’s integrity.

Obviously there is a large overlap with anti-corruption due diligence and red flags. While most anti-corruption compliance practitioners understand the basic concepts behind KnowYourCustomer programs, including due diligence and policies and procedures, most of corporate America is quite far behind banks and financial institutions in the sophistication around detecting, investigating and reporting suspicious transactions. I think companies will need to take a look at the steps they place around AML compliance and the sooner the better.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015

Johan LomuJonah Lomu died this week. If you have more than a passing interest in sports, you will recognize Lomu as one of the very few game-changers in a sport, his being rugby. I do not pretend to understand the sport very well (except that it involves running, blocking, hitting and tackling – which I do understand), yet I could even tell that he was a true original, a 6 foot 5 inch, 265 lb. behemoth who could run a 4.4 forty. He played for the New Zealand All-Blacks but not in middle as you might expect for a man his size but as winger, really just a wide-out for those who want it translated into American-football.

If you saw the movie Invictus about South Africa’s 1995 Rugby World Cup championship, you will remember the clips of a 20-year old Lomu single handedly destroying England with four tries (read: touchdowns) in the Semi-Finals. Yet South Africa was able to keep him under control to win one of the greatest finals upsets in Rugby World Cup history. Yet even at that youthful age, he had been diagnosed with a rare kidney disease that would eventually lead to his death at the age of 40. Here’s to you Jonah Lomu, to your true greatness and a true original.

I thought about Lomu when reading the comments from the Department of Justice (DOJ) and Assistant Attorney General Leslie R. Caldwell about how the DOJ will consider a company’s actions in any decision on whether or not to prosecute. These comments, changes and clarifications would appear to bookend the process that began with the Yates Memo, released back in September. Earlier this week, Deputy Attorney General Sally Quillian Yates clarified how the DOJ would be evaluating companies going forward.

Stephen Dockery, writing in the Wall Street Journal (WSJ) online publication, Risk and Compliance Report, in an article entitled “U.S. Justice Dept. Changes Corporate Credit Process in Prosecutions”, said that the DOJ explained how the process laid out in the Yates Memo would go into effect. He wrote there “will be two factors prosecutors can use in giving more favorable treatment” when making decisions on whether or not to prosecute. He quoted Yates as saying, “one focused solely on the company’s timely and voluntary disclosure and the second on its cooperation. We made this change to emphasize that while the concepts of voluntary disclosure and cooperation are related, they are distinct factors to be given separate consideration in charging decisions. In recognition of the significant value early reporting holds for us, prompt voluntary disclosure by a company will be treated as an independent factor weighing in the company’s favor.”

Dockery also noted that Yates clarified what might be considered “all relevant facts” from an investigation. Once again he quoted Yates directly, “There is nothing in the new policy that requires companies to waive attorney-client privilege or in any way rolls back the protections that were built into the prior factors. But to earn cooperation credit, the corporation does need to produce all relevant facts – including the facts learned through those interviews.” Dockery also said that Yates noted, “the Justice Department wouldn’t look favorably on companies trying to twist privilege to shield information from investigators.”

Caldwell expanded on these remarks in a speech made on Tuesday of this week, when she said, “In our view, a company that wishes to be eligible for the maximum mitigation credit in an FCPA case must do three things: (1) voluntarily self-disclose, (2) fully cooperate and (3) timely and appropriately remediate.” Regarding point 1, self-disclosure, Caldwell went on to say, “I mean that within a reasonably prompt time after becoming aware of an FCPA violation, the company discloses the relevant facts known to it, including all relevant facts about the individuals involved in the conduct.” Moreover, “To qualify, this disclosure must occur before an investigation—including a regulatory investigation by an agency such as the SEC (U.S. Securities and Exchange Commission)—is underway or imminent. And disclosures that the company is already required to make by law, agreement or contract do not qualify.”

Caldwell also expanded on Yates second prong, ongoing cooperation, she said, “Second, in line with the focus on individual accountability for corporate criminal conduct…companies seeking credit must affirmatively work to identify and discover relevant information about the individuals involved through independent, thorough investigations. Companies cannot just disclose facts relating to general corporate misconduct and withhold facts about the individuals involved. And internal investigations cannot end with a conclusion of corporate liability, while stopping short of identifying those who committed the underlying conduct.” But it means more than simply doing an investigation and turning over the results of the investigation. Full cooperation also “includes providing timely updates on the status of the internal investigation, making officers and employees available for interviews—to the extent that is within the company’s control—and proactive document production, especially for evidence located in foreign countries.”

Finally Caldwell added a third prong which Yates did not discuss, that being remediation. She noted that remediation includes a “company’s overall compliance program as well as its disciplinary efforts related to the specific wrongdoing at issue. For example, when examining remediation we consider whether and how the company has disciplined the employees involved in the misconduct. We also examine the company’s culture of compliance including an awareness among employees that any criminal conduct, including the conduct underlying the investigation, will not be tolerated.”

This is where the new DOJ Compliance Counsel comes into the picture. Caldwell said, “We look forward to her insights on issues such as whether the compliance program truly is thoughtfully designed and sufficiently resourced to address the company’s compliance risks and whether proposed remedial measures are realistic and sufficient.” I was interested to read that Caldwell also said this new person would also “be interacting with the compliance community to seek input about ways we can work together to advance our mutual interest in strong corporate compliance programs.” While her remarks this week did not go into the detail she did in her previous speech outlining the metrics the new Compliance Counsel will use in evaluating corporate compliance programs, Caldwell clearly referenced those standards as well.

The Yates remarks clarifying how “businesses will get an extra shot at favorable treatment based on their disclosure of wrongdoing to the government” and Caldwell’s speech further laying out the parameters and what will be expected in the form of a corporate compliance programs should be welcome news to every Chief Compliance Officer (CCO) and compliance practitioner. These two pieces of information, coupled with Caldwell’s earlier remarks on the Compliance Counsel metrics, lay out for you, with the most precision yet, how to move forward towards obtaining the best possible outcome if you are embroiled in a Foreign Corrupt Practices Act (FCPA) investigation. If your management wants to know what credit it will receive and the roadmap of how to get the best possible result, the DOJ has laid it out for you.

I further believe these series of remarks serve as a bookend to the information announced in the Yates Memo in September. That Memo set forth the expectations for prosecutors in white-collar cases, including FCPA matters, to prosecute more individuals. You see what substantive cooperation means and how your compliance program will be evaluated. The DOJ has laid it out for you in plain back and white.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015