Companies conducting business overseas face growing legal and reputational risks. These risks have become even more important because of increasingly complex business regulations worldwide, mounting pressure from regulators, enforcement agencies and civil society, and a dramatic increase in levels of business carried out in higher risk jurisdictions.
In the field of anti-corruption in particular, due diligence obligations on third parties have recently expanded in the wake of various laws such as the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. Under most of these laws, corporate criminal liability can be triggered when the bribe is paid by or through a third party. Companies are therefore incentivized to look into the details of transactions and their related third parties to identify and avoid the risk that third parties could bribe on their behalf.
Under many legal frameworks, organizations may indeed be held liable for acts of corruption by their third parties, i.e. their agents, consultants, suppliers, distributors, joint-venture partners, or any individual or entity that has some form of business relationship with the organization. Therefore, before entering into relationships with third parties, organizations are taking active steps to ensure that potential corruption risks flowing from these relationships are responsibly evaluated and managed. In fact, conducting risk-based due diligence on third parties has become a legal expectation in many countries that have ratified the OECD Anti-Bribery Convention and/or the United Nations Convention against Corruption, and conducting adequate due diligence may help organizations decrease, and under some laws even avoid, the risk of criminal culpability for corrupt third-party conduct.
The following is a list of most recent enforcement actions by the U.S. Securities and Exchange Commission under FCPA:
- Hitachi – SEC charged the Tokyo-based conglomerate with violating the FCPA by inaccurately recording improper payments to South Africa’s ruling political party in connection with contracts to build power plants. Hitachi agreed to pay $19 million to settle charges. (9/28/15)
- BNY Mellon – SEC charged the global investment company with violating the FCPA by providing valuable student internships to family members of foreign government officials affiliated with a Middle Eastern sovereign wealth fund. BNY Mellon agreed to pay $14.8 million to settle charges. (8/18/15)
- Vicente E. Garcia – SEC charged a former SAP SE executive with violating the FCPA by bribing Panamanian government officials through an intermediary to procure software license sales and receiving more than $85,000 in kickbacks. Garcia agreed to settle the case and return the kickbacks plus interest. (8/12/15)
- Mead Johnson Nutrition – SEC charged the infant formula manufacturer with violating the FCPA when its Chinese subsidiary made improper payments to health care professionals to recommend the company’s product to new and expectant mothers. Mead Johnson Nutrition agreed to pay $12 million to settle the case. (7/28/15)
- BHP Billiton – SEC charged global resources company BHP Billiton with violating the FCPA when it sponsored the attendance of foreign government officials at the Summer Olympics. BHP Billiton agreed to pay a $25 million penalty to settle the case. (5/20/15)
- FLIR Systems – SEC charged Oregon-based FLIR Systems with violating the FCPA by financing a “world tour” of personal travel for Middle East government officials who played key roles in decisions to purchase FLIR products. FLIR, which earned more than $7 million in profits from such sales, agreed to pay $9.5 million to settle the charges. (4/8/15)
- Goodyear Tire & Rubber Company – SEC charged Goodyear with violating the FCPA when its subsidiaries paid bribes to land tire sales in Kenya and Angola. The company agreed to pay $16 million to settle the charges. (2/24/15)
- Walid Hatoum / PBSJ Corporation – SEC charged a former officer at a Tampa, Fla.-based engineering firm with violating the FCPA by offering and authorizing bribes and employment to foreign officials to secure Qatari government contracts. Hatoum agreed to settle the charges, and PBSJ entered into a deferred prosecution agreement and must pay $3.4 million. (1/22/15)
Stats (as of Aug. 17, 2015)
Number of Entities and Individuals Charged | 181 |
Number of CEOs, CFOs, and Other Senior Corporate Officers Charged | 73 |
Number of Individuals Who Have Received Officer and Director Bars, Industry Bars, or Commission Suspensions | 40 |
Penalties Ordered or Agreed To | > $1.93 billion |
Disgorgement and Prejudgment Interest Ordered or Agreed To | > $1.47 billion |
Additional Monetary Relief Obtained for Harmed Investors | $418 million |
Total Penalties, Disgorgement, and Other Monetary Relief | > $3.76 billion |
GlaxoSmithKline (GSK) has been fined £300 million last year and five of its employees given suspended prison sentences in China for bribery – but is this the end of the matter? What impact will the verdicts have on other multinational companies conducting business in progressing or under developed countries?
Compliance officers at multinational corporations have long talked about the risks posed by corrupt practices. The GSK case confirms in the clearest terms how serious such risks may be. GSK should not become a watchword for corrupt behaviour. Rather, through its fines and the damage to reputation it has suffered, GSK may now serve as a warning to other MNCs, and, if it can be effective in implementing its new programs, a demonstration of how to respond to the challenges of doing business today.
The level of scrutiny necessary for an organization to reach reasonable confidence that it is engaged in a normal, legitimate business transaction varies with corruption risk. The level of corruption risk determines how much scrutiny is required to be able to defend before a judge or a prosecutor that the organization is confident it is dealing with a bona fide third party. The higher the risk, the broader and deeper the third-party due diligence should be.
Defining Third Parties
It is important that third-party due diligence encompass third parties contracted in both sales and supply channels. While experience shows that sales intermediaries (such as agents or distributors) may be more frequently abused than suppliers in order to relay corrupt payments, suppliers can likewise be used corruptly. The list of definitions below may be useful to help organizations clearly understand and categorize their universe of third parties.
This list is not exhaustive; some of the definitions may be overlapping and thus covering the same type of business relationships. Each organization should therefore develop its own list to draw a full inventory of third parties with whom it is engaged.
-
Joint venture partner
An individual or organization which has entered into a business agreement with another individual or organization (and possibly other parties) to establish a new business entity and to manage its assets.
-
Consortium partner
An individual or organization which is pooling its resources with another organization (and possibly other parties) for achieving a common goal. In a consortium, each participant retains its separate legal status.
-
Agent
An individual or organization authorized to act for or on behalf of, or to otherwise represent, another organization in furtherance of its business interests. Agents may be categorized into the following two types: – Sales agents (i.e. those needed to win a contract)- Process agents (e.g. visa permits agents).
-
Adviser and other intermediary (e.g. legal, tax, financial adviser or consultant, lobbyist)
An individual or organization providing service and advice by representing an organization towards another person, business and/or government official.
-
Contractor and sub-contractor
A contractor is a non-controlled individual or organization that provides goods or services to an organization under a contract. A subcontractor is an individual or organization that is hired by a contractor to perform a specific task as part of the overall project.
-
Supplier/vendor
An individual or organization that supplies parts or services to another organization.
-
Service provider
An individual or organization that provides another organization with functional support (e.g. communications, logistics, storage, processing services).
-
Distributor
An individual or organization that buys products from another organization, warehouses them and resells them to retailers or directly to end-users.
-
Customer
The recipient of a product, service or idea purchased from an organization. Customers are generally categorized into two types:- An intermediate customer is a dealer that purchases goods for resale.- An ultimate customer is one who does not in turn resell the goods purchased but is the end user.
To perform an initial screening to determine “in scope” third parties, organizations may start by asking themselves the following questions:
- Is the third party in an industry or geographic location perceived to have higher corruption risks?
- Will the third party perform services on behalf of the organization, or be authorized to represent the organization vis-à-vis other third parties?
- Is it reasonable to expect that the third party will come into contact with government officials when representing the organization?
- Will the third party be in a position to influence decisions or the conduct of other third parties for the benefit of the organization?
A positive answer to any of these questions may lead organizations to consider the third party under review as an “in scope” third party. In practice, agents, advisers and other intermediaries, as well as joint-venture and consortium partners, will likely be considered “in scope” third parties. Contractors, suppliers and a range of other business partners may also fall in this category if they are to perform services on behalf of the organization.
Once an organization has decided which third parties are “in scope” for due diligence, and what level of risk the third-party business relationship poses, the main process of due diligence begins.
For low-risk third parties, this process will likely take place within the business unit looking to retain the third party and consist of basic Internet searches and database checks.
For medium- to high-risk third parties, more thorough data collection and investigation will be needed and will likely require input or supervision from an independent business function (e.g. the organization’s compliance or legal department) and, in some cases, the assistance of an external due diligence service provider.
The three key elements to conduct a thorough third-party due diligence are:
a) Data collection
b) Verification and validation of data
c) Evaluation of results, including identification of red flags
How Back Check Group can assist:
Your organisation can suffer reputational damage and be subject to monetary penalties, government sanctions, civil suits and enforcement actions by various regulators if found to be working with individuals or entities that appear on sanctions lists, watchlists or blacklists; or lists of excluded,disqualified or debarred persons ororganizations. This content is considered to be acrucial component of any due diligence process and a legal obligation for some ,i.e., those impacted by Dodd-Frank, the Foreign Corrupt Practices Act, the UK Bribery Act and assorted financial regulations.
Back Check Group provides a structured, risk-based approach that gives confidence that your business has a transparent structure, ethical business conduct and is not associated with any illegal or unethical acts.
We have a dedicated local and global teams within the GRC Intelligence area that specialize in Integrity Due Diligence investigations. We help companies around the world to verify the information you have, and to find the information you lack.
We have access to a variety of on-line company and compliance databases, and an extensive international network for local and on-site investigations.
Back Check Integrity Due Diligence provides Sanctions & Watchlists that covers information compiled from multiple authorities and include domestic and global sanctions, plus nearly 1,200 watchlists originating from more than 80 countries translated from multiple languages covering, reports can be utilised to support a wide range of integrity risk areas, such as:
- White-collar crimes
- Crimes against humanity
- Terrorist threats
- Non-financial sanctions
- Payment patterns and insolvencies
- Unauthorized business activities
- Warning lists by financial authorities
- Disqualified directors and debarred companies
- Minor penal procedures and civil procedures
- International warrants
- national wanted persons
- regional warnings
- detention records and civil records
- Lists of international tribunals
- anti-money laundering and anti-corruption entities
- anti-corruption and anti-bribery assessments on a reseller or distributor, including Foreign Corrupt Practices Act, OECD Anti-Bribery Convention and Bribery Act
- third party onboarding for key material and services suppliers
- vendor and supply-chain screening and checks
- reputational risk management
- mergers and acquisitions and joint ventures
- senior executive screening
- watchlist screening for new customers
- ethics and corporate social responsibility, including human rights violations and conflict minerals reporting
- fraud, embezzlement, financial irregularities and money laundering
- counterfeiting and intellectual property infringement
- anti-competitive behaviour and price fixing
- grey market and illegal selling.
A small sample of lists include:
- OFAC—Specially Designated Nationals (SDN) List;
- Non-SDN List, including
- Palestinian Legislative Council
- Enhanced Sanctioned Countries List
- Her Majesty’s Treasury Consolidated List
- Commodity Futures Trading Commission
- List of Regulatory and Self-Regulatory Authorities
- Department of State,
- Directorateof Defense Trade Controls,
- Consolidated List of Debarred Parties
- European Union Designated Terrorists Consolidated List
- FBI—Hijack Suspects List
- Most-Wanted List
- Most-Wanted Terrorists List
- Seeking Information List
- International Police Most Wanted
- Red Alert Office of Controller of Currency
- Unauthorized Banks List
- StateDepartment Terrorist Exclusion List
- United Nations Consolidated Lists
- U.S.Bureau of Industry and Security Denied Persons List
- UnverifiedList; EntityList•
- World Bank Ineligible Firms List
For more information email us [email protected]
The Global Importance of Integrity Due Diligence
US Foreign Corrupt Practices Act (FCPA)
To avoid being held liable for corrupt third-party payments, the US Department of Justice encourages companies “to exercise due diligence and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives”.
UK Bribery Act
Criminalizes the “failure to prevent bribery” and provides a defense of having “adequate procedures” to prevent bribery. The fourth principle of the MOJ guidance focuses on performing risk-based due diligence on intermediaries.
OECD Good Practices Guidance
Paragraph 6
The guidance provides a list of good practices to consider as part of an effective compliance program, which includes documenting the risk-based due diligence procedures performed, findings identified, and approvals in hiring decisions and the performance of regular oversight.
World Bank Integrity Compliance Group
Section 5.1
Requires compliance programs to include the performance of due diligence on intermediaries for entities seeking to end a debarment or conditional debarment.
TI Business Principles
Section 5.2.2.1
Section 5.2.3.2
Section 5.2.4.2
Considered a best practices guide for designing and benchmarking compliance programs, and includes the performance of due diligence on intermediaries in its recommendations.
PACI Principles
Section 5.2.2.1
Section 5.2.3.1
Section 5.2.3.2
Section 5.2.3.2.1
Section 5.2.4.2
Considered a best practices guide for designing compliance programs,and includes the performance of due diligence on intermediaries in its recommendations. This guidance is not a requirement, but merely a guide for organizations of all sizes.
Back Check Group completed hundreds of Due Diligence cases on companies, their employees, partners and third parties across emerging markets and helping organizations to implement a risk-based and resource-effective process to meet the expectations of major legal frameworks and the core requirements of the FCPA and UK Bribery Act Principles.
About Danish Thanvi
With two decades of experience in advance technology, research, corporate security and compliance, Danish has been part of some of the world’s largest risk management and technology companies. Specialist in setting up global operations and in creating the fusion of technology and traditional risk management to simplify most difficult and complex fraud investigations. Hands on with all latest GRC, Digital Forensic and Data intelligence tools. Successfully running multiple businesses in Singapore, Malaysia, Canada, UAE, Pakistan and USA.
Danish Thanvi
Group CEO – Back Check Group