Five Lessons for Third-Party Distributor Risk Management from Microsoft FCPA Settlement (Part III of III)
The Microsoft FCPA settlement, while not significant in the total penalty of approximately $25 million, provides some important instructions concerning distributor and re-seller risks and mitigation strategies. Here are five important lessons learned:
Discount Controls and Customer/End User Pricing: Microsoft agreed to provide significant discounts based on false justifications. Microsoft failed to confirm the justification for the discounts that permitted the bad actors to create a significant slush fund used to pay illegal bribes to Hungarian government officials.
Additionally, Microsoft failed to confirm that the substantial discounts were passed on to the end-user/customer. For many companies, this means that companies can no longer hide their eyes when it comes to distributor and reseller pricing of goods. Such data is critical for ensuring compliance with anti-corruption laws. Unfortunately, many companies do not have the leverage to require distributors and resellers to provide ultimate customer pricing and sales revenues. Microsoft, however, had (and has) such leverage and could have learned whether he discounts were passed on to the customer.
As a best practice, companies have to address this issue and seek ultimate pricing data or suffer a Microsoft-type control problem.
Due Diligence Review: In several instances, Microsoft failed to conduct or document due diligence review of its distributors or Licensed Solutions Providers. In doing so, Microsoft clearly turned a blind eye to significant corruption risks.
Government Employee: In retaining am LSP, Microsoft discovered that the LSP included a government employee. That is a screaming red flag that requires follow up and due diligence review of the LSP’s ownership. However, Microsoft did not conduct a due diligence review, did not focus on the government employee’s relationship with the LSP, and failed to act.
Failure to Document Services and Unexplained Presence of Third Parties: In numerous instances, Microsoft failed to inquire why a specific LSP, who was not involved in the original and winning bod, was brought into the transaction. Such an inexplicable development is a serious red flag that suggests that the late-arriving LSP was being used to funnel illegal bribes to government officials.
Each of the bid transactions also included third parties who failed to provide any documentation concerning the supposed services provided to Microsoft. The factual recitation is replete with instances in which Microsoft had no documentation that the third party reseller provide any services. Such a deficiency reflects a serious internal control deficiency that suggests such payments m ay have been used for improper purposes.
Third Party Conduits for Excessive Gifts, Hospitality and Travel: The Microsoft enforcement action underscores the danger that an employee can enlist the assistance of a third-party to funnel illegal funds for improper gifts, meals, hospitality and travel. Such illegal funding schemes were generated through false invoices and excessive discounts, a common illegal funding tactic. Companies need to redouble their efforts in uncovering such schemes and identifying anomalous transactions with its third-party partners.