Before Jim Crane came along to purchase the Houston Astros and provide us all with some of the best lessons learned for the compliance practitioner, they had a long and storied history, even if part of that history included not achieving much in the way of success. After all it took the Astros 50 years to reach the World Series (reach – not win). Before they had that inglorious run, they were known as the Houston Colt 45s and they were even more sad sack than after they re-moninkered themselves as the Astros.
In the Pantheon of baseball achievements one Houston Colt 45 stands above all. It is Ken Johnson, who died earlier this week. Johnson’s achievement – he is the only pitcher in the long and storied history of baseball, who pitched a complete game no-hitter and lost. In a game against the Cincinnati Reds, on April 23, 1964, with one out in the 9th inning, Johnson fielded a bunt by Pete Rose and threw wildly to first, allowing Rose to reach second. Rose scored two batters later on an error by second baseman Nellie Fox. The Reds won the game 1-0.
I thought about hard luck Ken Johnson in the context of the continued difficulty companies face around liability for third parties under the Foreign Corrupt Practices Act (FCPA). There are two areas that do not get as much attention that I wanted to focus on today. The first is the Questionnaire you utilize to help in the evaluation of any third party and the second is the compliance terms and conditions you should include in any commercial agreement with third parties.
Below are some of the areas that I think you should inquire into through your Questionnaire to a proposed third party:
- Ownership Structure: Describe whether the proposed third party is a government or state-owned entity, and the nature of its relationship(s) with local, regional and governmental bodies. Are there any members of the business partner related, by blood, to governmental officials?
- Financial Qualifications: Describe the financial stability of, and all capital to be provided by, the proposed third party. You should obtain financial records, audited for 3 to 5 years, if available. Obtain the name and contact information for their banking relationship.
- Personnel: Determine whether the proposed agent will be providing personnel, particularly whether any of the employees are government officials. Make sure that you obtain the names and titles of those who will provide services to your company.
- Physical Facilities: Describe what physical facilities that will be used by the third party for your work. Be sure and obtain their physical address.
- References: Obtain names and contact information for at least three business references that can provide information on the business ethics and commercial reliability of the proposed third party.
- PEPs: Are any of the owners, beneficial owners, officers or directors politically exposed persons (PEPs).
- UBO: It is imperative that you obtain the identity of the Ultimate Beneficial Owner (UBO).
- Compliance Regime: Does the proposed third party have an anti-corruption/anti-bribery program in place? Do they have a Code of Conduct? Obtain copies of all relevant documents and training materials.
- FCPA Training and Awareness: Has the proposed third party received FCPA training, are they TRACE certified or certified by some other recognizable entity?
One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.
The questionnaire fills several key roles in your overall management of third parties. Obviously it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform.
Similarly, compliance terms and conditions should be in every contract, whether such document is a simple agency or consulting agreement or a joint venture (JV) with several formation documents. The compliance terms and conditions should include representations that in all undertakings the third party will make no payments of money, or anything of value, nor will such be offered, promised or paid, directly or indirectly, to any foreign officials, political parties, party officials, candidates for public or political party office, to influence the acts of such officials, political parties, party officials, or candidates in their official capacity, to induce them to use their influence with a government to obtain or retain business or gain an improper advantage in connection with any business venture or contract in which the company is a participant.
In addition to the above affirmative statements regarding conduct, a commercial contract with a third party should have the following compliance terms and conditions in it:
- Indemnification: Full indemnification for any FCPA violation, including all costs for the underlying investigation.
- Cooperation: Require full cooperation with any ethics and compliance investigation, specifically including the review of foreign business partner emails and bank accounts relating to your Company’s use of the foreign business partner.
- Material Breach of Contract: Any FCPA violation is made a material breach of contract, with no notice and opportunity to cure. Further, such a finding will be the grounds for immediate cessation of all payments.
- No Sub-Vendors (without approval): The foreign business partner must agree that it will not hire an agent, subcontractor or consultant without the Company’s prior written consent (to be based on adequate due diligence).
- Audit Rights: An additional key element of a contract between a US Company and a foreign business partner should include the retention of audit rights. These audit rights must exceed the simple audit rights associated with the financial relationship between the parties and must allow a full review of all FCPA related compliance procedures such as those for meeting with foreign governmental officials and compliance related training.
- Acknowledgment: The foreign business partner should specifically acknowledge the applicability of the FCPA to the business relationship as well as any country or regional anti-corruption or anti-bribery laws, which apply to either the foreign business partner or business relationship.
- On-going Training: Require that the top management of the foreign business partner and all persons performing services on your behalf shall receive FCPA compliance training.
- Annual Certification: Require an annual certification stating that the foreign business partner has not engaged in any conduct that violates the FCPA or any applicable laws, nor is it aware of any such conduct.
- Re-qualification: Require the foreign business partner re-qualify as a business partner at a regular interval of no greater than every three years.
Many will exclaim, “What an order, I can’t go through with it.” By this they mean that they do not believe that they will be able to get the third party to agree to such compliance terms and conditions. I have found that while it may not be easy, it is relatively simple to get a third party to agree to these, or similar, terms and conditions. One approach to take is that they are not negotiable. When faced with such a position on non-commercial terms many third parties will not fight such a position. There is some flexibility but the Department of Justice (DOJ) will require the minimum terms and conditions that it has suggested in the various Attachment Cs to the Deferred Prosecution Agreement (DPA) and in the FCPA Guidance. But the best position I have found is that if a third party agrees with these terms and conditions, they can then use that as a market differentiator from other third parties who have not gone through the life cycle management of a third party.
Two of the under-utilized tools of third party risk management are the third party questionnaire and compliance terms and conditions. By using these relatively simple and straightforward techniques you can help avoid the hard-luck nature of Ken Johnson and losing the game when you pitch a no-hitter.
A Happy Thanksgiving to all.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2015