I hope you have enjoyed this 31-day series on how to design, create and implement a best practices compliance program. These blog posts and podcasts over the past 13 months will form the basis of my next book The Complete Compliance Handbook which will be published by Compliance Week in April, 2018. It will be the most up-to-date handbook for every compliance practitioner, including the most recent Department of Justice pronouncements on what constitutes a best practices compliance program, in the FCPA Corporate Enforcement Policy and the Evaluation of Corporate Compliance Programs. I know you will find it useful. I end this month with levels of due diligence.

I next want to take a deep dive and exploration of the levels of due diligence. Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.

Under the Evaluation of Corporate Compliance Programs (Evaluation) it states in Prong 10. Third Party Management: Risk-Based and Integrated Processes How has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes? 

The question becomes how do you use the information you obtained in the business justification and the questionnaire to determine an appropriate level of due diligence for the next step in the five-step process of third-party management. A three-step approach of varying levels of due diligence is the appropriate analysis to take going forward.

A three-step approach was discussed favorably in Opinion Release 10-02. In this Opinion Release, the Department of Justice (DOJ) discussed the due diligence that the requesting entity performed. This Opinion Release sets out a clear break which every compliance practitioner should use in considering an appropriate level of due diligence to engage with your third-party risk management process or when considering the level of due diligence required on a potential business venture partner. I break due diligence down into three stages: Level I, Level II and Level III. A very good description of the three levels of due diligence was presented by Candice Tal in an article entitled “Deep Level Due Diligence: What You Need to Know”.

Level I

First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. Tal believes that this basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.

Level II

Level II due diligence encompasses supplementing these Global Watch lists with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company; the third party’s key executives and associated parties. I believe that Level II should also include an in-country database search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments of the third party; a check for international derogatory electronic and physical media searches, you should perform both English and foreign-language repositories searches on the third party, in its country of domicile, if you are in a specific industry, using technical specialists you should also obtain information from sector specific sources.

Level III

This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation. I agree with Tal that a Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.” Further, the “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English.  Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”

But more than simply an investigation of the company, critically including a site visit and coupled with onsite interviews, Tal says that some other things you investigate include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publically.”

Further, you may need to engage a foreign law firm, to investigate the third party in its home country to determine their compliance with its home country’s laws, licensing requirements and regulations. Lastly, and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the Foreign Corrupt Practices Act (FCPA); you can use a Level III to determine if the third party is willing to stand up with you under the FCPA and are you willing to partner with the third party?

There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II & III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to Document Document Document all your due diligence.

Three Key Takeaways

  1. A Level I due diligence should be only used where there is a low risk of corruption.
  2. A Level II due diligence is sufficient in a high-risk jurisdiction if there are no red flags to clear.
  3. Level III due diligence is deep dive, boots on the ground investigation.

 

As the leading provider of ethics and compliance cloud software, Convercent connects ethics to business performance by weaving ethics and values into everyday operations in more than 600 of the world’s largest companies. Its Ethics Cloud Platform, provides a suite of applications: Convercent Insights, Convercent Helpline, Convercent Campaigns, Convercent Disclosures and Convercent Third Party. For more information go to Convercent.com.

Today, I want to take a deep dive and exploration of the levels of due diligence. Due diligence is generally recognized in three levels: Level I, Level II and Level III. Each level is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.

Under the Evaluation of Corporate Compliance Programs (Evaluation) it states in Prong 10. Third Party Management: Risk-Based and Integrated Processes How has the company’s third-party management process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes? 

The question becomes how do you use the information you obtained in the business justification and the questionnaire to determine an appropriate level of due diligence for the next step in the five-step process of third-party management. A three-step approach of varying levels of due diligence is the appropriate analysis to take going forward.

A three-step approach was discussed favorably in Opinion Release 10-02. In this Opinion Release, the Department of Justice (DOJ) discussed the due diligence that the requesting entity performed. “First, it [the requestor] conducted an initial screening of six potential grant recipients by obtaining publicly available information and information from third-party sources…Second, the Eurasian Subsidiary undertook further due diligence on the remaining three potential grant recipients. This due diligence was designed to learn about each organization’s ownership, management structure and operations; it involved requesting and reviewing key operating and assessment documents for each organization, as well as conducting interviews with representatives of each MFI [microfinance institution] to ask questions about each organization’s relationships with the government and to elicit information about potential corruption risk. As a third round of due diligence, the Eurasian Subsidiary undertook targeted due diligence on the remaining potential grant recipient, the Local MFI. This diligence was designed to identify any ties to specific government officials, determine whether the organization had faced any criminal prosecutions or investigations, and assess the organization’s reputation for integrity.”

This Opinion Release sets out a clear break which every compliance practitioner should use in considering an appropriate level of due diligence to engage with your third-party risk management process or when considering the level of due diligence required on a potential business venture partner. I break due diligence down into three stages: Level I, Level II and Level III. A very good description of the three levels of due diligence was presented by Candice Tal in an article entitled “Deep Level Due Diligence: What You Need to Know”.

Level I

First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. Tal believes that this basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.

Level II

Level II due diligence encompasses supplementing these Global Watch lists with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company; the third party’s key executives and associated parties. I believe that Level II should also include an in-country database search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments of the third party; a check for international derogatory electronic and physical media searches, you should perform both English and foreign-language repositories searches on the third party, in its country of domicile, if you are in a specific industry, using technical specialists you should also obtain information from sector specific sources.

Level III

This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation. I agree with Tal that a Level III due diligence investigation is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.” Further, the “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English.  Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”

But more than simply an investigation of the company, critically including a site visit and coupled with onsite interviews, Tal says that some other things you investigate include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publically.”

Further, you may need to engage a foreign law firm, to investigate the third party in its home country to determine their compliance with its home country’s laws, licensing requirements and regulations. Lastly, and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the Foreign Corrupt Practices Act (FCPA); you can use a Level III to determine if the third party is willing to stand up with you under the FCPA and are you willing to partner with the third party?

The Risk Advisory Group, has put together a handy chart of its Level I, II and III approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence.

Level Issues Addressed Scope of Investigation
I ·      That the company exists

·      Identities of directors and shareholders

·      Whether such persons are on regulators’ watch lists

·      Signs that such persons are government officials

·      Obvious signs of financial difficulty

·      Signs of involvement in litigation

·      Media reports linking the company to corruption

·      Company registration and status

·      Registered Address

·      Regulators’ watch lists

·      Credit Checks

·      Bankruptcy/Liquidation Proceedings

·      Review accounts and auditor’s comments

·      Litigation search

·      Negative media search

II As above with the following additions:

·      Public Profile integrity checks

·      Signs of official investigations and/or sanctions from regulatory authorities

·      Other anti-corruption Red Flags

As above with the following additions:

·      Review and summary of all media and internet references

·      Review and summary of relevant corporate records and litigation filings, including local archives

·      Analysis and cross-referencing of all findings

III As above with the following additions:

·      But seeking fuller answers to any questions raised by drawing on a wider range of intelligence sources and/or addressing specific issues of potential concern already identified

 

As above with the following additions:

·      Enquiries via local sources

·      Enquiries via industry experts

·      Enquiries via western agencies such as embassies or trade promotion bodies

·      Enquires via sources close to local regulatory agencies

There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II and III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to Document, Document, and Document all your due diligence.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2018

What should your compliance policy and procedures on charitable donations look like? What should you prohibit or even caution against? The starting point is the 2012 FCPA Guidance regarding charitable donations. Your policy should begin by asking the following five initial questions:

  • What is the purpose of the donation?
  • Is the payment consistent with the company’s internal guidelines on charitable giving?
  • Is the payment at the request of a foreign official?
  • Is a foreign official associated with the charity and, if so, can the foreign official make decisions regarding your business in that country?
  • Is the payment conditioned upon receiving business or other benefits?

There are additional inquiries based upon the DOJ Opinion Releases issued regarding charitable donations. Some of the protections a company can do to comply with the FCPA regarding charitable donations are as follows:

  • Will the donation recipients certified that they or the entity will comply with the requirements of the FCPA;
  • Will the recipient provide audited financial statements; and
  • Will the recipient restrict the use of the donated funds to humanitarian or charitable purposes only;
  • Will the funds be transferred to a valid bank account; and
  • Will the recipients, allow ongoing auditing and monitoring of the efficacy of the charitable donation program.

Based upon the Schering-Plough and Lilly SEC enforcement actions, there are some additional inquiries that should be specified:

  1. What was the timing of the charitable donation or promise to make a donation in relation to the obtaining or retaining of business?
  2. Did the company follow its normal protocol for requesting, reviewing and making a charitable donation or is there a pattern of unusual donations outside the protocol?
  3. Did any one person make multiple donations just below their authority level so that it did not have to go up the line for review?
  4. Was the total amount donated to one charitable foundation out of proportion to the rest of the country or region’s charitable donation budget?
  5. Did the sales in one area, region or country spike after a pattern of charitable donations?

The information on the red flags from the prior Opinion Releases and the best practices, as set out in the 2012 FCPA Guidance, have been available for some time. From the Schering-Plough and Lilly enforcement actions, your policy should consdier the timing of charitable donations to see if they are at or near the time of the awarding of new or continued business. Finally in managing the relationship, you now need to look at overall increases in sales to determine if they are tied to a pattern of charitable donations. By looking at the timing and quantum of charitable donations, internal audit may be able to ascertain that a spike in sales is tied to corrupt conduct.

Three Key Takeaways

  1. What are the basic inquiries to make around charitable donations?
  2. Use all of the communication tools the DOJ has provided; written guidance, enforcement actions and Opinion Releases to inform your charitable donation policy.
  3. Document Document Documents the basis of your charitable donations risk assessment.

 

This month’s sponsor is the Doing Compliance Master Class. In 2018 I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

Opinion Releases can provide valuable information for the compliance practitioner. I agree with the statement found in the 2012 FCPA Guidance that “DOJ’s opinion procedure is a valuable mechanism for companies and individuals to determine whether proposed conduct would be prosecuted by DOJ under the FCPA. Generally speaking, under the opinion procedure process, parties submit information to DOJ, after which DOJ issues an opinion about whether the proposed conduct falls within its enforcement policy.”

In the areas of charitable donations, the DOJ has provided several Opinion Releases which give solid guidance on this tricky issue. There have been four Opinion Releases in the area of charitable donations under the FCPA. In each Opinion Release, the DOJ indicated that it would not initiate prosecutions based upon the fact scenarios presented to it.

95-01

This request was from a US based energy company that planned to operate a plant in

South Asia, in an area where was no medical facilities available. The energy company planned to donate $10 million for equipment and other costs to a medical complex that was under construction nearby. The donation would be made through a US charitable organization and a South Asian LLC.

The energy company stated it would do three things with respect to this donation.

  1. Before releasing funds, the energy company said it would require certifications from the officers of all entities involved that none of the funds would be used in violation of the FCPA.
  2. It would ensure that none of the persons employed by the charity or the LLC were affiliated with the foreign government.
  3. The energy company would require audited financial reports detailing the disposition of the funds.

97-02

This request was from a US based utility company that planned to operate a plant in

Asia, in an area where there was no primary-level school. The utility company planned to donate $100,000 for construction and other costs to a government entity that proposed to build an elementary school nearby. Before releasing funds, the utility company said it would require certain guarantees from the government entity regarding the project, including that the funds would be used exclusively for the school.

06-01

This request was from a Delaware company doing business in Africa. The company desired to initiate a pilot project under which it would contribute $25,000 to the Ministry of Finance in the country to improve local enforcement of anti-counterfeiting laws. The contribution would fund incentive awards to local customs officials, which was needed because this African country was a major transit point for illicit trade and the local customs officials have no incentive to prevent the contraband.

The company said that along with the contribution, it would execute an agreement with the Ministry to encourage exchange of information and establish procedures and criteria for incentive awards. The company said that if the program is successful, the awards would continue to be funded as needed, and the company will seek the participation of its competitors in this program.

The company would implement at least five safeguards to ensure the funds would be used as intended, including:

  1. Payments to a valid government account, subject to internal audits.
  2. Payments only upon the confirmation that goods seized were in fact counterfeit.
  3. The Ministry would identify award candidates without input from the company and would provide evidence that funds were used properly.
  4. The company would monitor the program’s effectiveness.
  5. Records will be required to be kept and be available for inspection for a period of time.

10-02

A US Company desired to move from a charitable entity model to a for profit model in the area of micro-financing. To do so it was required to make a large cash donation to a charity in the country in question. The company engaged in three rounds of due diligence in which it determined that the most favorable candidate had a government official on its Board of Directors but that under the laws of the country in question, the government official could not receive compensation to sit as a Board member. After initially listing the 3 levels of due diligence in which the company had engaged prior to finalizing its choice of local entity to receive the donation; the DOJ noted that the donation ‘requested’ of the US Company would be subject to the following controls:

  1. Payments of the donations would be staggered over a period of eight quarters rather than in one lump sum.
  2. Ongoing monitoring and auditing of the funds use for a period of five years.
  3. The donations would be specifically utilized for the building of infrastructure.
  4. The funds could not be transferred to either the charities parent or any other affiliated entity.
  5. The funds would not be paid to the parent of the organization receiving the grant and there was an absolute prohibition on compensating Board Members.
  6. The proposed grant agreement under which the funds would be donated had significant anti-corruption provisions which included a requirement that the local organization receiving the funds adopt an anti-corruption policy and that company making the donation shall receive full access to the local organization’s books and records.
  7. Right to terminate the agreement and recall the funds if evidence was found that “reasonably suggests” a breach of compliance provisions.

Mendelsohn Guidance

Dick Cassin, writing in the FCPA Blog, in a posting entitled “When is Charity a Bribe?”, cited to the then Deputy Chief of the Criminal Division’s Fraud Section at the DOJ Mark Mendelsohn.  Mendelsohn was asked about the guidelines regarding requests for charitable giving and the FCPA and said that any such request must be evaluated on its own merits. He advocated a “common sense” approach in identifying and clearing Red Flags. Some of the areas of inquiry would include answers to the following questions.

  1. Is there a nexus between the charity and any government entity from which the company is seeking a decision?
  2. If the governmental decision-maker holds a position at the charity, that’s a red flag.
  3. Is the donation consistent with the company’s overall pattern of charitable donations?
  4. If one donation or a series of them is more than the company has made to any other charity in the past five years, that would also be a red flag.
  5. Who made the request for the donation and how was that request made?

Three Key Takeaways

  1. You can utilize the Opinion Release process for a wide variety of issue.
  2. You must manage your charitable donations program even after the money has been donated.
  3. Never forget the Mendelsohn common sense approach to charitable donations.

 

This month’s sponsor is the Doing Compliance Master Class. In 2018, I am partnering with Jonathan Marks and Marcum LLC to put on training. Look for dates of one of the top compliance related training going forward.

One of my favorite words in the context of Foreign Corrupt Practices Act (FCPA) enforcement is dis-link. It a useful adjective in explaining how certain conduct by a company must be separated from the winning of business and more broadly it works on many different levels when discussing the FCPA. This concept of dis-linking was most prominently laid out in Opinion Release 14-02 (14-02). It provided one of the most concrete statements from the DOJ on the unidimensional nature of compliance in the mergers and acquisition context; both in the pre-acquisition and post-acquisition phases.

In this Opinion Release the Requestor was a multinational company headquartered in the United States. The Requestor desired to acquire a foreign consumer products company and its wholly owned subsidiary (collectively, the “Target”), both of which were incorporated and operated in an un-named foreign country. It never issued securities in the United States and had negligible business contacts in the US, including no direct sale or distribution of their products. During its pre-acquisition, due diligence of the Target, Requestor identified several likely improper payments by the Target to government officials of Foreign Country, as well as substantial weaknesses in accounting and recordkeeping. Considering the bribery and other concerns identified in the due diligence process, Requestor also detailed a plan for remedial pre-acquisition measures and post-acquisition integration steps. Requestor sought from the DOJ an Opinion as to whether the Department would then bring an FCPA enforcement action against Requestor for the Target’s pre-acquisition conduct. It was specifically noted that the Requestor did not seek an Opinion from the Department as to Requestor’s criminal liability for any post-acquisition conduct by the Target. 

Pre-Acquisition Due Diligence

In preparing for the acquisition, Requestor undertook extensive due diligence aimed at identifying, among other things, potential legal and compliance concerns at the Target. Requestor retained an experienced forensic accounting firm (“the Accounting Firm”) to carry out the due diligence review. This review brought to light evidence of apparent improper payments, as well as substantial accounting weaknesses and poor recordkeeping. The Accounting Firm reviewed approximately 1,300 transactions with a total value of approximately $12.9 million with over $100,000 in transactions that raised compliance issues. The clear majority of these transactions involved payments to government officials related to obtaining permits and licenses. Other transactions involved gifts and cash donations to government officials, charitable contributions and sponsorships, and payments to members of the state-controlled media to minimize negative publicity. None of the payments, gifts, donations, contributions, or sponsorships occurred in the US, none were made by or through a US entity and none went through a US bank.

The due diligence showed that the Target had significant recordkeeping deficiencies. Further, the records which did exist did not support the clear majority of the cash payments and gifts to government officials and the charitable contributions. There were expenses that were improperly and inaccurately classified. The accounting records were so disorganized that the Accounting Firm was unable to physically locate or identify many of the underlying records for the transactions. Finally, the Target had not developed or implemented a written code of conduct or other compliance policies and procedures, nor did the Target’s employees show an adequate understanding or awareness of anti-bribery laws and regulations.

Post-Acquisition Remediation

The Requestor presented several pre-closing steps to begin to remediate the Target’s weaknesses prior to the planned closing in 2015. Requestor aimed to complete the full integration of the Target into Requestor’s compliance and reporting structure within one year of the closing. Requestor presented an integration schedule of the Target into the acquirer which included various risk mitigation steps, communications and training on compliance procedures and policies, standardization of business relationships with third parties, and formalization of the Target’s accounting and recordkeeping in accordance with Requestor’s policies and applicable law.

DOJ Analysis

The DOJ noted black-letter letter when it stated, ““It is a basic principle of corporate law that a company assumes certain liabilities when merging with or acquiring another company. In a situation such as this, where a purchaser acquires the stock of a seller and integrates the target into its operations, successor liability may be conferred upon the purchaser for the acquired entity’s pre-existing criminal and civil liabilities, including, for example, for FCPA violations of the target. However, this is tempered by the following from the 2012 FCPA Guidance, “Successor liability does not, however, create liability where none existed before. For example, if an issuer were to acquire a foreign company that was not previously subject to the FCPA’s jurisdiction, the mere acquisition of that foreign company would not retroactively create FCPA liability for the acquiring issuer.””

As none of the payments were made in the US, none went through the US banking system and none involved a US person or entity that this would not lead to a creation of liability for the acquiring company. Moreover, there would be no continuing or ongoing illegal conduct going forward because “no contracts or other assets were determined to have been acquired through bribery that would remain in operation and from which Requestor would derive financial benefit following the acquisition.” Therefore, there would be no jurisdiction under the FCPA to prosecute any person or entity involved after the acquisition.

The DOJ also provided this additional information, “the Department encourages companies engaging in mergers and acquisitions to (1) conduct thorough risk-based FCPA and anti-corruption due diligence; (2) implement the acquiring company’s code of conduct and anti-corruption policies as quickly as practicable; (3) conduct FCPA and other relevant training for the acquired entity’s directors and employees, as well as third-party agents and partners; (4) conduct an FCPA-specific audit of the acquired entity as quickly as practicable; and (5) disclose to the Department any corrupt payments discovered during the due diligence process. See FCPA Guide at 29. Adherence to these elements by Requestor may, among several other factors, determine whether and how the Department would seek to impose post-acquisition successor liability in case of a putative violation.”

Discussion

The DOJ communicated several important messages through 14-02. First it demolished the myths of springing liability to an acquiring company in the FCPA context and buying a FCPA violation, simply through an acquisition; there must be continuing illegal conduct for FCPA liability to arise. Most clearly beginning with the 2012 FCPA Guidance, the DOJ and SEC have communicated what companies need to do in any M&A environment. While many compliance practitioners had only focused on the post-acquisition integration and remediation; the clear import of 14-02 is to re-emphasize the importance of the pre-acquisition phase.

Due diligence must begin in the pre-acquisition phase. The steps taken by the Requestor in this Opinion Release demonstrate some of the techniques you can use in the pre-acquisition phase include (1) having your internal or external legal, accounting, and compliance departments review a target’s sales and financial data, its customer contracts, and its third-party and distributor agreements; (2) performing a risk-based analysis of a target’s customer base; (3) performing an audit of selected transactions engaged in by the target; and (4) engaging in discussions with the target’s general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target over the past ten years.

Whether you can make these inquiries or not, you will also need to engage in post-acquisition integration and remediation. 14-02, taken together with the steps laid out in the 2012 Guidance, has provided the post-acquisition actions a compliance professions needs to take after the transaction is closed. If you cannot perform any or even an adequate pre-acquisition due diligence, the time frames you put in place after the acquisition closes will need to be compressed to make sure that you are not continuing any nefarious FCPA conduct going forward.

But it all goes back to dis-linking. If a target is engaging in conduct that violates the FCPA but the target itself is not subject to the jurisdiction of the FCPA, you simply cannot afford to allow that conduct to continue. If you do allow such conduct to continue your company will be actively engaging and participating in an ongoing FCPA violation. That is the final takeaway from this Opinion Release; it is allowing corruption and bribery to continue which brings companies into FCPA grief. Opinion Release 14-02 provided you a roadmap of the steps you can take to prevent such exposure.

Three Key Takeaways

  1. In the M&A context, the key is to dis-link any illegal conduct going forward.
  2. Opinion Release 14-02 provides the clearest roadmap for pre-and post-acquisition compliance actions in the M&A context.
  3. Never forget the Opinion Release procedure. It has been used successfully in two important M&A matters (08-02 and 14-02).

 

This month’s podcast series is sponsored by Michael Volkov and The Volkov Law Group.  The Volkov Law Group is a premier law firm specializing in corporate ethics and compliance, internal investigations and white collar defense.  For more information and to discuss practical solutions to compliance and enforcement issues, email Michael Volkov at mvolkov@volkovlaw.com or check out www.volkovlaw.com.