Applying Multi-Layer Due Diligence â Is There Such a Thing as Too
Transcription
Applying Multi-Layer Due Diligence â Is There Such a Thing as Too
Applying Multi-Layer Due Diligence – Is There Such a Thing as Too Much? Houston, TX 23 March 2015 Panelists William Gordon: Associate General Counsel and Chief Compliance Officer, Hercules Offshore, Inc. Tom Best: Partner, Steptoe & Johnson LLP Agenda Topics – “The FCPA and due diligence – interpreting the law and translating its requirements into your company’s partner investigation strategy” – “Determining the appropriate degree of due diligence – what requirements are placed on third parties to investigate their suppliers?” – “The link between careful scrutiny of your business partners and business productivity” Discussion – Enforcement “expectations” with respect to third party engagement, management – Best practices in third party and supply chain management – Business value of third party management from FCPA/anticorruption compliance perspective Enforcement “Expectations” Regarding Third Parties 4 Third Parties -- Legal and Enforcement Framework Vicarious liability for acts of third parties – Majority of recent FCPA cases – Responsibility for improper acts of agents, consultants, contractors, service providers, distributors, JV and other business partners: • Done with knowledge or authorization of company personnel • “Knowledge” standard – Includes willful ignorance – Bourke (“Head in the sand”) – Must identify and mitigate “red flags” • Due diligence • Contractual safeguards • Monitoring Third Parties -- Legal and Enforcement Framework (cont’d) OECD Good Practice Guidance (2010) DOJ Deferred Prosecution Agreements (DPAs) US Sentencing Guidelines International Standards: TI Business Principles, PACI, etc. Key Developments: – November 2012: DOJ-SEC Resource Guide – May 2012: Morgan Stanley declination/prosecution of Gerald Peterson 6 Third Parties -- Legal and Enforcement Framework (cont’d) Companies “expected” to adopt and maintain internal compliance programs designed to: – Prevent, detect and remedy improper practices; and – Promote compliance with laws Scope of program – All parts of business, including subsidiaries and foreign operations where issues may arise – Risk-based approach – Focus on third parties 20/20 hindsight when dealing with enforcement agencies 7 Third Parties -- Legal and Enforcement Framework (DOJ/SEC Guidance) DOJ/SEC Guidance – drafts from existing standards to restate agencies’ positions Emphasis: – A functioning, not “paper” program – Tailored to each company – Designed pursuant to a FCPA/anticorruption-focused risk assessment – Management commitment to compliance • “Tone at the top” • “Tone in the middle” – Communication and training mechanisms – Incentives and Discipline – Continuous Improvement – Third Parties 8 Third Parties -- Legal and Enforcement Framework (DOJ DPA/Plea Appendices) Clearly articulated written FCPA policy (with strong, visible support from senior management); Promulgate compliance standards, based on an individual risk assessment, for employees and business partners, governing: – – – – – – – – gifts, entertainment, customer travel, political contributions, charitable donations, facilitation payments solicitation/extortion; and mergers & acquisitions due diligence and integration program Annual review and update of compliance standards; Assign responsibility for compliance with a senior, autonomous official with direct reporting to internal audit, Board and/or Board committees; Ensure system of accounting procedures, including internal controls, to maintain accurate books and records; 9 Third Parties -- Legal and Enforcement Framework (DOJ DPA/Plea Appendices) (cont’d) Periodic training and annual certifications by employees and business partners; Maintain system for urgent compliance advice (hotline) and confidential reporting of potential violations (whistle-blowing); Institute appropriate disciplinary procedures for violations and reasonable remedial efforts; Due diligence procedures for retention of agents, including compliance education and anticorruption commitments; Standard anticorruption contract clauses, including audit and termination rights; and Periodic review and testing of anticorruption code and procedures. 10 Managing Third Parties – Best Practices © 2014, Steptoe & Johnson LLP, All Rights Reserved www.steptoe.com 11 Managing Third Parties – Best Practices Who are third parties? – Marketing agents/sales representatives/finders – Consultants and lobbyists – Distributors, resellers, and brokers – Partners and consortium members – Service providers: Customs brokers, tax advisors, attorneys, accountants – Contractors and suppliers 12 Third Party Enforcement: Agents and Consultants Agents/consultants: sales agents and representatives, lobbyists, etc. – Highest risk • Authorized to act on your behalf • Use of commissions or success fees – Best leverage • Greatest control See Alcoa (2014) ($384M), Alcatel (2010) ($137M), many others 13 Third Party Enforcement: Distributors Distributors – Pure distributors • Buying and selling for own account – More complex relationships • Joint marketing, etc. – Note: Structuring relationship as distributorship does not insulate from risk • Must respond to red flags See Pharma / Medical Device Settlements (2011-12) – Johnson & Johnson ($77M) – Smith & Nephew ($22M) – Pfizer/Wyeth ($60.1M) – Biomet ($22.8M) – Eli Lilly ($29M) 14 Third Party Enforcement: Business Partners Business partners: including joint ventures and consortia – Risks: • Potential liability for partners’ actions, but potentially limited scope for control • Value of partnership/JV arrangement is source of risk: – Local knowledge, contacts, industry expertise • JVs/consortia with state-owned partners • Issuers: – Books/records, internal controls liability if consolidated into parent’s financial statements See Allianz SE (2012) (SEC: $12.5M), RAE Systems, Inc. (2010) (DOJ: $1.7M; SEC: $1.25M), others 15 Third Party Enforcement: Service Providers Service Providers: – Risks: • Lack of control over providers’ actions • Reliant on services in-country – often no alternative – Risks can arise anywhere in companies’ supply chains, in-country or abroad: • Logistics providers • Contractors and sub-contractors • Professional service providers 16 Enforcement Example: Service Providers Tax Advisors – KPMG-Siddharta, Siddharta & Harsono (SSH) (2001) and Baker Hughes (2001) • $75,000 bribe to reduce tax assessment in Indonesia Lawyers – U.S. v. Jeffrey Tesler (2011) (TSKJ Consortium) – Parker Drilling (2013) Customs Brokers/Freight Forwarders – Panalpina and customers (2010) • Payments to customs officials in Nigeria and elsewhere; collective penalties of $236.5 million Subcontractors – Data Systems & Solutions (2012) • Technology/service subcontractors on power project funneled bribes to officials; fictitious modifications to contractual scope of work to disguise additional payments 17 Third Party Risk Management: Best Practices (1) Risk Assessment – Range of relationships and risks – Tiering Option (2) Policies and Procedures on Engagement – Due diligence • Questionnaires/checklists • Internal sources • External sources: When to engage? – Responding to red flags – Decision-making – Recordkeeping 18 Third Party Risk Management: Best Practices (3) – – – Contractual Safeguards Define legitimate services Compliance assurances: reps/warranties, covenants Accounting requirements and cooperation provisions • Audit rights? – Remedies: suspension, termination, clawback, etc. – Other: e.g., • Compliance program • Manner and place of payment 19 Third Party Risk Management: Best Practices (4) Training (5) Certifications (6) Oversight – e.g., – Audits – Scrutiny of invoices – Responding to red flags during performance – Periodic reviews and updates – Certifications “Best practice” has evolved significantly over the past few years. 20 Third-Party Due Diligence – Outside Resources Intelligence Databases Program Development List Screening PEPs Media Ownership Investigation & Verification DD Consulting/Investigations Sanctions, law enforcement, and other watch lists PEPs; aliases; relatives and close associates International, national, local sources Searchable; filterable Legal owners Sometimes SOEs and beneficial owners (incomplete) Compliance IT platforms Specialized ABC counsel: (workflows and approvals; Risk assessments; policies, questionnaires and certifications; procedures, forms, certifications data analytics; archived reports) Best practices; benchmarking Privileged legal advice Database search and summaries Database search and summaries Database search and summaries Local language review Investigations of beneficial ownership Regional/local presence, expertise, and/or language Analysis of country/region Business profile Site visits; in-person interviews; other local inquiries Reference checks Public registries; court records Outside Legal Advice Local Law Anticorruption Legal Advice 21 Local counsel: Investigations of beneficial ownership Privileged legal advice Local counsel: May offer some of the services offered by DD firms Local counsel: Privileged local law advice Specialized ABC counsel: Analysis of red flags and risks Advice on safeguards Privileged legal advice Business Value of FCPA/AntiCorruption Compliance; Third Party Management © 2014, Steptoe & Johnson LLP, All Rights Reserved www.steptoe.com 22 Positive Business Case for Compliance? Current conditions for compliance professionals in the extractive industries: – On the one hand: • Commodity prices low/depressed – budgets are tight • Continued SEC/DOJ activity in the sector • FCPA/anti-corruption enforcement no longer a U.S.-only phenomenon • Whistleblower epidemic – On the other: • Significant U.S. enforcement activity over past 10 years; companies generally well-attuned to the risks © 2014, Steptoe & Johnson LLP, All Rights Reserved www.steptoe.com 23 Positive Business Case for Compliance? (cont’d) Is this the only value of a strong compliance program? © 2014, Steptoe & Johnson LLP, All Rights Reserved www.steptoe.com 24 Positive Business Case for Compliance? (cont’d) Increased attention to quality of company business relationships = benefits? Benefits financial? Other? Quantifiable? © 2014, Steptoe & Johnson LLP, All Rights Reserved www.steptoe.com 25