FCPAméricas Blog
“Remedial Due Diligence”: Handling third party backlogs
4.10.2012
A recent survey conducted by Deloitte found that companies’ FCPA due diligence on business partners remains low. A considerable number of respondents said they typically only conduct anti-corruption due diligence and risk assessments on up to a quarter of their business partners. Five percent of respondents conduct no third party due diligence at all.
Third party due diligence can create a real challenge for global companies. It is not uncommon for some companies to work with, and have to vet, thousands of third parties. Tyco had to build its due diligence program to cover more than 32,000 resellers, distributors, and other partners. Twelve percent (12%) of the companies surveyed by Deloitte said they work with more than 10,000 business partners.
The more third parties that a company uses, the higher the company’s exposure to FCPA liability. More third parties also means more time and expense necessary to implement a comprehensive due diligence program. In the Deloitte survey, respondents cited cost as the most important factor in their failure to undertake adequate due diligence measures.
Backlogs. A common challenge for companies getting up to speed on their due diligence programs relates to addressing their current business relationships. Even if a company has implemented procedures to vet new partners going forward, it still must vet the “backlog” of current partners (a process also known as “remedial due diligence”).
Consider this typical situation. A global company with thousands of business partners conducts a risk review of its current business relationships and, based on the results, classifies them into tiers according to corruption risk levels. Pursuant to industry benchmarks, it selects the top 10% as the highest risk and prioritizes due diligence efforts on these companies first. But this group still yields several thousand third parties. How does the company quickly conduct due diligence on these business partners in a way that is both efficient and meaningful? If the company spends just a few hundred dollars to review each third party (which is on the low end of normal costs), it would still need to budget almost one million dollars just for basic due diligence.
Here are some ways that a company can handle this situation:
1. Use the opportunity to build internal capacity. Some companies see this situation as an opportunity to build the internal capabilities they will eventually need to run a fully-functioning anti-corruption compliance program. For larger companies, comprehensive programs generally require numerous full-time staff with knowledge of how to navigate the complicated and inevitable compliance issues that arise. Training qualified staff now will pave the way toward a streamlined compliance team in the future.
2. Outsource and negotiate a good rate. A company will need to spend money to get its due diligence program up to speed no matter what. If the company is large enough, it can outsource the work and use its leverage to negotiate a preferential rate. There are now an overwhelming number of due diligence providers in the compliance space. Competition can be fierce. Global companies can use this landscape to their advantage.
3. Prioritize due diligence on the highest of the highest risk. The company can roll out its due diligence in steps, first focusing on the highest of the highest risk. Which third parties assist the company in countries where corruption risk is most prevalent, countries like Argentina, Angola, and China? Which ones generate the most business? Which ones have known pending business? Which ones are paid on a commission basis? Which ones receive the most money from the company? After reviewing these entities, the company can then methodically work its way through the next levels of risk from there.
4. Prioritize due diligence where no contracts exist. Companies can focus first on the business partners with whom they do not yet have a written contract in place. FCPA attorney Michael Volkov says: “Companies are usually surprised to discover how many third parties have no contracts at all.” He advises companies to first vet the third parties in this group that are receiving the most money from the company and then proceed in an orderly way from there. Contract formation and due diligence phases are thereby wrapped together.
5. Build due diligence into contract renewals. James Tillen, Coordinator of Miller & Chevalier’s FCPA and Anti-Corruption Practice Group, says that companies can also look at the natural life cycles of the contracts currently in place to find opportunities to roll out due diligence. He says, “Eventually all companies will need to be reviewed. But contract renewals can provide a helpful starting point that works to minimize disruption of core business practices.” He also suggests that companies prioritize “evergreen” contracts (those in place for an indefinite period of time) since those contracts will not be subject to a renewal process. Companies should also convert evergreen to term contracts as a basic risk mitigation step.
Of course, the most sure-fire way of reducing third party risk and lowering the due diligence bill is to eliminate the use of third parties from your business altogether. For most companies, though, this is easier said than done.
The FCPAméricas blog is not intended to provide legal advice to its readers. The blog entries and posts include only the thoughts, ideas, and impressions of its authors and contributors, and should be considered general information only about the Americas, anti-corruption laws including the U.S. Foreign Corrupt Practices Act, issues related to anti-corruption compliance, and any other matters addressed. Nothing in this publication should be interpreted to constitute legal advice or services of any kind. Furthermore, information found on this blog should not be used as the basis for decisions or actions that may affect your business; instead, companies and businesspeople should seek legal counsel from qualified lawyers regarding anti-corruption laws or any other legal issue. The Editor and the contributors to this blog shall not be responsible for any losses incurred by a reader or a company as a result of information provided in this publication. For more information, please contact Info@MattesonEllisLaw.com.
The author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
© 2012 Matteson Ellis Law, PLLC
Post authored by Matteson Ellis, FCPAméricas Founder & Editor
Comments