Yesterday I considered the need for due diligence in the management of third parties. Today, I want to take a deeper dive and explore the levels of due diligence. Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.

Level I

First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering, anti-bribery, sanctions lists, coupled with other financial corruption & criminal databases.  These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities.  It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.

Level II

Level II due diligence encompasses supplementing these Global Watch lists with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company; the third party’s key executives and associated parties.  I believe that Level II should also include an in-country data base search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments of the third party; a check for international derogatory electronic and physical media searches, you should perform both English and foreign-language repositories searches on the third party, in its country of domicile, if you are in a specific industry, using technical specialists you should also obtain information from sector specific sources.

Level III

This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation. According to Candice Tal, founder of Infortal, Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions.  Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in country investigation.” Further the “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English.  Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”

But more than simply an investigation of the company, critically including a site visit and coupled with onsite interviews, Tal says that some other things you investigate include “an in-depth background check of key executives or principal players.  These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such  “Reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publically.”

Further you may need to engage a foreign law firm, to investigate the third party in its home country to determine the third party’s compliance with its home country’s laws, licensing requirements and regulations. Lastly and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the FCPA; you can use a Level III to determine if the third party willing to stand up with under the FCPA and are you willing to partner with the third party.

The Risk Advisory Group, created a handy chart of its Level I, II and III approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence.

Level Issues Addressed Scope of Investigation
One ·      That the company exists

·      Identities of directors and shareholders

·      Whether such persons are on regulators’ watch lists

·      Signs that such persons are government officials

·      Obvious signs of financial difficulty

·      Signs of involvement in litigation

·      Media reports linking the company to corruption

·      Company registration and status

·      Registered Address

·      Regulators’ watch lists

·      Credit Checks

·      Bankruptcy/Liquidation Proceedings

·      Review accounts and auditors comments

·      Litigation search

·      Negative media search

Two As above with the following additions:

·      Public Profile integrity checks

·      Signs of official investigations and/or sanctions from regulatory authorities

·      Other anti-corruption Red Flags

As above with the following additions:

·      Review and summary of all media and internet references

·      Review and summary of relevant corporate records and litigation filings, including local archives

·      Analysis and cross-referencing of all findings

Three As above with the following additions:

·      But seeking fuller answers to any questions raised by drawing on a wider range of intelligence sources and/or addressing specific issues of potential concern already identified

 

As above with the following additions:

·      Enquiries via local sources

·      Enquiries via industry experts

·      Enquiries via western agencies such as embassies or trade promotion bodies

·      Enquires via sources close to local regulatory agencies

There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II & III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to Document Document Document all your due diligence.

Three Key Takeaways

  1. A Level I due diligence should be only used where there is a low risk of corruption.
  2. A Level II due diligence is sufficient in a high risk jurisdiction if there are no red flags to clear.
  3. Level III due diligence is deep dive, boots on the ground investigation.

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.

 

Most companies fully understand the need to comply with the FCPA requirements around third parties as they represent the greatest risks for an FCPA violation. However, most companies are not created out of new cloth but are ongoing enterprises with a fully up and running business in place. This means they may need to bring resources to bear to comply with the FCPA while continuing operating an ongoing business. This can be particularly true in the area of performing due diligence on third parties. Many companies understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of third party risk and thereby perform the requisite due diligence required under the FCPA.

Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. The information that you should have developed in Steps 1 & 2 of the third party management process should provide you with the initial information to determine the level of due diligence you should perform on third parties. This leads Step 3 in the five steps of the third-party management-Due Diligence.

Jay Martin, CCO at BakerHughes often emphasizes that a company needs to evaluate and address its risks regarding third parties. This means that an appropriate level of due diligence may vary depending on the risks arising from the relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.

Our British compliance cousins of course are subject to the UK Bribery Act. In its Principle IV of an Adequate Procedures compliance program, the UK Ministry of Justice (MOJ) stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of Principle IV is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique. The MOJ said that due diligence is so important that “the role of due diligence in bribery risk mitigation justifies its inclusion here as a Principle in its own right.”

Carol Switzer, writing in Compliance Week related that you should initially set up categories for your third parties of high, moderate and low risk. Based upon which risk category the third party falls into, you can design specific due diligence. She defined low risk screening as “trusted data source search and risk screening such as the aforementioned World Compliance”; moderate risk screening as “enhanced evaluation to include in-country public records…and research into corporate relationships”; high risk screening is basically a “deep dive assessment” where there is an audit/review of third party controls and financial records, in-country interviews and investigations “leveraging local data sources.”

A three-step approach was also discussed favorably in Opinion Release 10-02. In this Opinion Release, the DOJ discussed the due diligence that the requesting entity performed. “First, it [the requestor] conducted an initial screening of six potential grant recipients by obtaining publicly available information and information from third-party sources…Second, the Eurasian Subsidiary undertook further due diligence on the remaining three potential grant recipients. This due diligence was designed to learn about each organization’s ownership, management structure and operations; it involved requesting and reviewing key operating and assessment documents for each organization, as well as conducting interviews with representatives of each MFI to ask questions about each organization’s relationships with the government and to elicit information about potential corruption risk. As a third round of due diligence, the Eurasian Subsidiary undertook targeted due diligence on the remaining potential grant recipient, the Local MFI. This diligence was designed to identify any ties to specific government officials, determine whether the organization had faced any criminal prosecutions or investigations, and assess the organization’s reputation for integrity.”

Three Key Takeaways

  1. You must have enough information to fully identify the owners, ultimate beneficial owners and related parties to determine if there is foreign official involvement.
  2. All commentary on best practices compliance programs require an appropriate level of due diligence.
  3. The best practice is to use a professional due diligence provider to perform due diligence level 2 and 3.

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC accelerator, the leading platform for third party risk management. To learn more, go towww.opus.com.

 

This month, I will consider the risk management of third parties in an operationalized compliance program. As every compliance practitioner is well aware, third parties still present the highest risk under the Foreign Corrupt Practices Act (FCPA). The Department of Justice Evaluation of Corporate Compliance Programs devotes an entire prong to third party management. It begins with the following:

Risk-Based and Integrated ProcessesHow has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes?

This first set of queries clearly specifies the DOJ expects an integrated approach that is operationalized throughout the company. This means your compliance must have a process for the full life cycle of third party risk management. There are five steps in the life cycle of third party management.

  1. Business Justification and Business Sponsor;
  2. Questionnaire to Third Party;
  3. Due Diligence on Third Party;
  4. Compliance Terms and Conditions, including payment terms; and
  5. Management and Oversight of Third Parties After Contract Signing.

Over this month, I will be exploring each of these steps in detail so by the end of this month, you will be able to fully operationalize your third party risk management program.

Step 1 – Business Justification

The first step breaks down into two parts:

  1. Business Sponsor
  2. Business Justification

The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.

Step 2 – Questionnaire

The term ‘questionnaire’ is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party.

One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.

Step 3 – Due Diligence

Most compliance practitioners understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner.

Our British compliance cousins of course are subject to the UK Bribery Act. In its Six Principles of an Adequate Procedures compliance program, the UK MOJ stated, “The commercial organisation applies due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks.” The purpose of this principle is to encourage businesses to put in place due diligence procedures that adequately inform the application of proportionate measures designed to prevent persons associated with a company from bribing on their behalf. The MOJ recognized that due diligence procedures act both as a procedure for anti-bribery risk assessment and as a risk mitigation technique.

After you have completed Steps 1-3 and then evaluated and documented your evaluation, you are ready to move onto to Step 4 – the contract. In the area of compliance terms and conditions, the FCPA Guidance intones “Additional considerations include payment terms and how those payment terms compare to typical terms in that industry and country, as well as the timing of the third party’s introduction to the business.” This means that you need to understand what the rate of commission is and whether it is reasonable for the services delivered. If the rate is too high, this could be indicia of corruption as high commission rates can create a pool of money to be used to pay bribes. If your company uses a distributor model in its sales side, then it needs to review the discount rates it provides to its distributors to ascertain that the discount rate it warranted.

Step 4 – The Contract

You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise. 

Step 5 – Management of the Relationship

I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.

Final Thoughts

I continually give my Mantra of FCPA compliance, which is Document, Document, and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.

Three Key Takeaways 

  1. Use the full 5-step process for 3rd party management.
  2. Make sure you have BD involvement and buy-in.
  3. Operationalize all steps going forward by including business unit representatives.

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC Accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.

Today, I conclude my exploration of Level III, deep dive due diligence, by discussing how a this should be considered as a best practices tool by a Board of Directors in a broader sense. I am joined in this exploration by Candice Tal, founder and Chief Executive Officer (CEO) of Infortal Worldwide, a corporate security and investigations firm founded in 1985 to serve emerging growth and Fortune 500 clients globally in a variety of sectors including biotechnology, financial services, high-technology, manufacturing and professional services. Tal’s extensive international experience and long-term relationships have enabled Infortal Worldwide to secure and deliver deep-level information not readily available through customary investigative channels.

Today, I want to consider how a Level III deep dive due diligence investigation should be used by a Board of Directors as an ongoing tool in the risk management process. Board involvement in general is key for a risk management process to work effectively as it sets the proper tone for an organization. Tal stated, “If a board is actively protecting the interests of the companies and its shareholders, then board transparency should be step one. So, if the board is screening new members and new additions to the board and screening directors on an ongoing basis that sets the tone at the top for the rest of the organization. It shows and demonstrates transparency. It shows and demonstrates how seriously the board takes the issues of risk. Risk over all, any type of risk, whether it’s executive risk or risk throughout the organization from things like bribery and corruption or through other types of crime, embezzlement, theft, loss of value of the various parts of the organization whether it’s a department or through a vendor in the supply chain.”

Beyond setting a proper tone at the top, Tal believes it is “important for a Board of directors to protect its shareholders from unnecessary risks as well as the Board itself.” Such an approach will demonstrate a Board is fulfilling its “fiduciary duty and also helps with compliance. It goes further to demonstrate effectiveness of internal controls for larger companies or any company really that’s publicly traded it would provide for a more effective risk management and so we identify the issues that can be exposed.” Tal went on to note this strategy of risk management can help your company to “minimize financial exposures, will reduce certainly business liabilities and certainly in M&A deals and in corporate supply chain ventures and then a deeper level evaluation of the information, especially the hidden and undisclosed information will help a company to get ahead of the issues and be able to go into damage control if necessary.”

The potential costs to a company are well documented. These costs could be the 20% of senior executives which Tal has found to have engaged in some type of activity or behavior which could financially damage a company or the up to 35% of third parties which have red flags raised and must be cleared. If a Board does not set the right tone for performing the requisite investigations to know whom you are bringing into management or with whom you are signing up to engage in business with going forward, such laxity will permeate the organization.

Tal went on to relate, “It’s really about shoring up and hardening the protection of the company from unnecessary risks and unnecessary threats and also to ensure that value is kept within the organization and that the company can get ahead of any issues that arise before they get exposed by the press.” Tal further noted that we “live in a society and an age of scandals and corruptions and failed deals. So, there are plenty of investigative journalists looking for interesting stories that are going to expose companies to situations they’d rather not find themselves in.”

These issues move beyond the executive hiring/promotion and third parties into mergers and acquisition (M&A) as well. Usually the focus in any acquisition is the financial due diligence. Yet Tal points out that knowing the background of the executive leadership team of any acquisition can be as critical to understanding not only whether the acquisition engaged in behavior which may have violated the Foreign Corruption Practices Act (FCPA) but also whether the acquired company will be a cultural fit down the road. Tal said, in many ways it is getting “really valuable meaningful information about those individuals. Having done a deep dive, Level III investigation can help your business avert a crisis because if you do not perform such an investigation, you might not even be aware that a crisis could occur or may already be unfolding.”

It is important to use a seasoned, experience investigative entity to perform such a Level III due diligence. Here two components from the recently released Department of Justice (DOJ) Evaluation of Corporate Compliance Programs are important to consider. Under the prong “Confidential Reporting and Investigation”, it states, “Properly Scoped Investigation by Qualified Personnel – How has the company ensured that the investigations have been properly scoped, and were independent, objective, appropriately conducted, and properly documented?” This prescription would certainly be applicable to Level III, deep dive due diligence.

Around M&A Level III, deep dive due diligence investigations Tal suggests that such language, “speaks to other types of issues like success and liability issues” because, “if we’re talking about acquisitions and it could be a small acquisition you know, $50 to a $100 million or it could be an extremely large acquisition.” Tal’s experience led her to conclude, “even in a very large acquisition, especially with global businesses that some of the key executives may have relationships that the Board is not very well aware of and we have seen situations where even at Fortune 100 companies the internal departments that are utilized to investigate these things don’t necessarily always have the resources that external companies like Infortal have to go and examine the situations in country.”

Many compliance professionals only consider a deep dive, Level III due diligence when evaluating third parties. However this type of investigation and information can be used by compliance practitioners and companies more generally in a wide variety of ways and for a wide variety of purposes. Your company would be well served to consider using such a tool in the future.

Candice Tal can be reached via email at ctal@infortal.com.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Today, I continue my exploration of Level III, deep dive due diligence, by discussing how this should be considered for third parties. I am joined this week by Candice Tal, founder and Chief Executive Officer (CEO) of Infortal Worldwide, a corporate security and investigations firm founded in 1985 to serve emerging growth and Fortune 500 clients globally in a variety of sectors including biotechnology, financial services, high-technology, manufacturing and professional services. Tal’s extensive international experience and long-term relationships have enabled Infortal Worldwide to secure and deliver deep-level information not readily available through customary investigative channels.

Most companies fully understand the need to comply with the Foreign Corrupt Practices Act (FCPA) regarding third parties as they represent the greatest risks for a FCPA violation. However, most companies are not created out of new cloth but are ongoing enterprises with up and running businesses in place. They need to bring resources to bear to comply with the FCPA while continuing to do business. This can be particularly true in the area of performing due diligence on third parties. Many companies understand the need for a robust due diligence program to investigate third parties but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA.

Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. Jay Martin, Chief Compliance Officer (CCO) at BakerHughes Inc. (BHI) often emphasizes that a company needs to evaluate and address its risks regarding third parties. This means that the appropriate level of due diligence may vary depending on the risks arising from the relationship. So, for example, the appropriate level of due diligence required by a company when contracting for the performance of Information Technology (IT) services may be low, to reflect low risks of bribery on its behalf. Conversely, a business entering into the international energy market and selecting an intermediary to assist in establishing a business in such markets will typically require a much higher level of due diligence to mitigate the risks of bribery on its behalf.

Carol Switzer, writing in Compliance Week, related that you should initially set up categories for your third parties of high, moderate and low risk and based upon which risk category the third party falls into, you can design specific due diligence. She defined low risk screening as “trusted data source search and risk screening such as… World Compliance”; moderate risk screening as “enhanced evaluation to include in-country public records… and research into corporate relationships”; high risk screening is basically a “deep dive assessment” where there is an audit/review of third party controls and financial records, in-country interviews and investigations “leveraging local data sources.”

Tal said that a Level III “typically refers to in-country searches but it may also include things like business operational information, trade reputation, how are they known locally. Are they known to operate corruptly in any way shape or form or are the executives involved in any underhand or shady relationships? Or perhaps they, on a routine basis, do business with countries and governments that are sanctioned by the US that may not be sanctioned in their own country.” Even armed with basic financial information, you need to go past the documentation provided to test that documentation. While some type of third party certification may be a nice to have, such a certification will not protect your company if you have not performed your own due diligence to determine if the facts on the ground are as the written record presents them.

Another way to consider the Level III approach is through a ‘boots on the ground’ investigation. It is a targeted check in-country to make sure that the entity actually exists. Tal provided a couple of examples to illustrate. In one she said, “we’ve gone in-country and found that there was a military style compound there with very high barbed wire fences and in addition to that no one has shown up to work there for at least six months.” A second example related to a “company [that] checked out in the Level I, but we found that there was some question marks about who showed up at the facility to work every day” so Infortal visited the company, “when we went to check on the facility it wasn’t at any of the addresses provided by the company. We did however locate them and they were in a warehouse.”

The results were quite telling as the company “had one person behind a desk who said he was the marketing manager and no one else was in the empty barren warehouse except this one individual and so that was a big red flag for that particular company too because they didn’t have any high-tech workers there at all. There were no engineers. There was no one else, just one single guy in a warehouse. So, these are the types of red flag issues that come up that maybe only found at tier three investigation level but it should actually be identified at tier one and these are some of the things that are very different about how we do our work and so we’re looking at undisclosed information.”

In a white paper entitled “Deep Level Due Diligence: What You Need to Know”, Tal related that “Controlling identified risk factors will often yield greater mid-range and long-term profitability with a relatively small capital outlay. Due diligence investigations often form a key portion of large corporations’ emerging market & high growth markets success strategy in addition to meeting regulatory compliance objectives. Deep level due diligence reports should provide corporate clients the assurance needed to comply with global anti-corruption regulations FCPA and to engage in new markets with clearly identified and manageable risks.”

Tomorrow I conclude this series by considering a deep dive, Level III due diligence as a tool for the Board of Directors.

Candice Tal can be reached via email at ctal@infortal.com.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017