The Resource Guide to US FCPA* (the Guidance) promulgated by the DOJ and SEC emphasizes the need for appropriate due diligence and vetting before engaging third parties.
The Guidance details the need to conduct risk-based due diligence in order to understand the qualifications and associations of prospective third-party partners; ensure they are not willingly forging alliances with partners who are likely to commit acts of corruption; and avoid subjecting themselves to possible liability under the FCPA as well as other anti-corruption laws. It sounds pretty straightforward.
The reality however, is that for even the most conscientious of companies, real hurdles exist to conducting fulsome due diligence in a global setting.
Identifying beneficial owners, principals and other stakeholders: The first step in conducting proper due diligence and knowing your business partners is identifying who they are. This may seem like an obvious place to start, but in practice it it may be easier said than done. In many countries in Asia, for example, businesses tend to be run by families rather than individuals. Similarly, in some countries in the Gulf there tend to be extensive and complicated networks of related companies. In other instances, local practices may disguise the identity of key stakeholders. For example, in Russia, silent partners may obtain an ownership stake by virtue of secret agreements. In India, traditional “Benami transactions” allow purchasers to conceal their identity by acquiring property in another person’s name. That is, to take this first step in due diligence, care must be taken to disentangle relationships, identify possible hidden partners and accurately identify those with whom you are actually partnering.
Properly evaluating the business purpose for the third-party and any necessary structures: The Guidance instructs that a red flag should be raised when a third party is in a different line of business than that for which it is engaged. However, the question of relevant qualifications may need to be evaluated in a wider context. Third parties may insist that some other party, such as offshore affiliates (yet another red flag) or partners with no qualifications relevant to the business in question, need to be introduced into the relationship. Possible justifications for this structure would be to ensure observation of local currency control laws, or to be able to import directly into the country (in some countries, only a limited sub-set of companies have import licenses). In countries such as Russia and China, such claims may have some legitimacy. Care must be taken to properly evaluate these justifications under local law to determine whether the stated rationale is with merit or is merely an attempt to disguise improper practices.
Evaluating red flags: The Guidance further explains that due diligence needs to establish a prospective third-party partner’s business reputation, and that the greater the number of red flags, the higher the level of scrutiny. Again it is critical to consider local context. Chief among archetypal red flags is a reputation for past misconduct. In assessing a prospective partner’s reputation and prior history of misconduct a company may learn that certain stake-holders have a police dossier. A police dossier is akin to various law enforcement agencies’ files (i.e., information of interest comes to the attention of the agency and the result is memorialized for future use; it does not necessarily imply criminal charges or an ongoing investigation) or have otherwise been the subject of criminal allegations. In many countries in central Europe, however, it is common for individuals to have police dossiers or be the subject of politically-motivated prosecutions. When the State Security Service of the Federal Republic of Yugoslavia database was made public, more than one million Slovenians were found to be in the database – roughly half the country’s population. Thus, while the existence of a police dossier may legitimately give rise to concern, it is important to put such a discovery into context. Still another example is prior allegations of corruption appearing in the media. In many countries, including Russia and South Africa, business competitors and politicians wield allegations as a tactic to discredit potential adversaries or competitors. When you evaluate the veracity of such allegations, it is important to note that all press is not created equal and may not be independent or a credible source.
Three key takeaways
There is no one-size-fits-all solution to due diligence.
Use reputable, established firms that are experienced in conducting diligence in the jurisdiction where you are seeking to engage a third party.
Due diligence must be culturally sensitive to properly evaluate the meaning of any red flags and/or rationales provided.
YOU MAY ALSO ENJOY THIS RELATED ARTICLE
Risk-based due diligence of third-party intermediaries: a scorecard approach
*The Criminal Division of the US Department of Justice and the Enforcement Division of the US Securities and Exchange Commission, A Resource Guide to the US Foreign Corrupt Practices Act (November 2012)