We all know and hear about third-party risks – over and over again. Despite this recurring theme, organizations continue to pay the price for failing to address third-party issues.  It does not take a rocket scientist to address third-party risks. 

All too often, corporations flirt with a third party because of the lure of a lucrative deal, an elusive contract, or a winning bid. When an organization starts down this road, the dangers are more than evident.  Business actors typically know the dangers but turn a blind eye – these situations are common.

Foster Wheeler learned of so many red flags in its pursuit of the Petrobras contract that there was no other color to protect them.  Looking back on the events, Foster Wheeler had so many opportunities to avoid the risk posed by the Italian Agent, the local Brazil Agent, and Unaoil. 

In hindsight, it is easy to point out some of the obvious flaws in the decision making but let’s start with a more basic viewpoint.

First, to the extent, Foster Wheeler maintained a third-party due diligence program, several actors sought to use the Italian Agent without subjecting the candidate to a robust review process that was designed to ensure a careful review of the Italian Agent.  Such a process should have included some basic questions like – how did Foster Wheeler learn of the proposed agent?  Who was the business sponsor and for what purpose? What services was the agent to be used for? 

Had Foster Wheeler asked these questions with care and sincerity, it is clear the Italian Agent would have fumbled from the beginning.  The circumstances of the introduction through a clothing sales person to a soon-to-be former Chairman does not provide any reassurances as to the bona fides of the Italian Agent.  Further, it was never clear exactly what services the Italian Agent intended to provide and e his qualifications to provide such services.

Second, even after these basic missed opportunities, Foster Wheeler eventually learned that the Italian Agent misrepresented his previous work experience.  Further, the Italian Agent cited his relationship with Unaoil as an alternative method to receive payments.  Both of these facts triggered classic red flags that would have sealed any third-party candidate’s fate – a third-party that lies about his/her prior work experience and proposes am unusual payment arrangement is nothing more than bad news dressed in a third-party’s costume.

But the story got even worse – recognizing the serious red flags facing Foster Wheeler, a business leader came up with the bright idea of retaining the Italian Agent on an interim basis.  In effect, Foster Wheeler circumvented its controls, relied on an interim agreement, and started down the road of perdition.

Foster Wheeler’s conduct, which had to include several key actors who not only ignored its internal controls and stretched to a knowing circumvention of its due diligence controls, revealed a glaring absence of any commitment to a culture of compliance.  Indeed, based on the facts outlined by the Justice Department and the SEC, Foster Wheeler’s resembled a culture of non-compliance, meaning a business committed to securing business any wat necessary.

The story unfortunately did not end there.  We have not even touched the issue of payments and accounting for money.  Foster Wheeler made four distinct payments to the Italian and Brazil Agents.  These payments were on their face problematic under even a system of basic controls, let alone the context of the entire story.

The Italian and Brazil Agents presented four invoices that failed to include basic information relating to the services provided, the need for such services, the terms for payments and other basic invoice to payment processes.  Instead, it appeared that Foster Wheeler applied few if any controls to these basic functions to require a more fulsome explanation and documentation for the invoices.

I guess in the end – circumvention in one area of compliance controls, i.e. due diligence basic steps, can easily expand into avoidance of other significant controls, including basic invoicing, justification, documentation and assurances prior to issuance of large payments to a problematic third party.

In the face of these significant concerns, I am always mystified when legal and compliance practitioners argue that an FCPA violation was caused by a “rogue employee” or “third party.  A bad actor rarely carries out his/her illegal scheme without some level of complicity from other persons – the interesting question is usually what level of knowledge the facilitators may have, what specific breakdowns occurred either in surrounding controls, supervision or oversight. 

To carry out an illegal scheme, more than just one actor has to “break bad.” A lone actor will not succeed unless important controls were never put in place, or more likely, responsible persons, such as managers, supervisors or gatekeepers ignore warning signs and failed to respond to red flags and relevant risks.  

Foster Wheeler is just one more example in the fabric of organizational misconduct of how legal violations typically involve a series of misconduct and/or miscues. In most cases, there are multiple factors that occur that in the end contribute to a root cause failure.  It is important to review enforcement cases with this perspective and appreciation for the complexity of misconduct.