Third-Party Due Diligence: A Critical Part of Compliance
FCPA websites and blogs are filled with company advertisements offering due diligence services, guaranteeing facts and results. But this is only one piece in the due diligence puzzle and process. Designing a review protocol, ensuring that information is gathered and reviewed, and most importantly, requiring a brief memo reflecting the review and decision-making process, along with a statement of reasons for approving a third party, will immunize the company from future prosecution. Assuming each review is done in accordance with a pre-established process, and reflects reasonable care and analysis, then there is no way the company or any executive can be prosecuted for a criminal offense. A mistake in judgment never can be “corrupt” intent.
Every company needs to set up a procedure for reviewing third party agents. There are an infinite number of ways to accomplish this review.
First, who should review a proposed third-party agreement?
Depending on the size of the company, such review should be done by a central office or official as high in the company’s hierarchy as possible. This ensures that consistent standards are applied in the review process and that the company has an overall picture of third party hiring practices. Once approved, the agent’s individual sales deals can be reviewed by regional or local counsel (assuming that the reviewing person has been trained.
Second, what should the review package include?
The package should include the following: a proposed written contract which has anti-corruption protections, audit authority and anti-corruption training requirements; background check and investigation of any relevant issues (e.g. red flags); questionnaire and completed checklist of items. A memorandum documenting the due diligence review and the reasons for going forward with the proposed arrangement.
Third, how should the agent be integrated into the company’s compliance program?
The third party agent needs to participate in the company’s anti-corruption training program, certify as to his or her attendance, and agree to be subject to the company’s compliance procedures or have in place its own anti-corruption compliance program.
A recent KPMG survey revealed that company’s are not taking some basic steps to ensure third-party compliance with anti-corruption requirements.
• Two in five U.S. and U.K. organizations with written anti-bribery and corruption policies do not distribute them to agents, distributors, vendors, brokers, joint-venture partners or suppliers.
• Three in five companies with such compliance programs that incorporate employee training do not require any third-party representatives to participate in the training.
• Nearly one in three U.S. and one in four U.K. companies require training less than once a year.
• Three in five companies do not exercise “right to audit clauses” in third party contracts.
• More than half of the U.S. and 10 percent of the U.K. companies do not obtain periodic compliance certifications from those with whom they do business in other countries.
These deficiencies are not a good sign – companies need to make a great effort to ensure integration of third parties into the compliance structure.