FCPAméricas Blog
Transferring Third Party FCPA Due Diligence Responsibility to Your Business Units
7.26.2013
Building third party FCPA due diligence programs can be a daunting task. Reviewing all consultants, agents, distributors, suppliers, and other third parties is often overwhelming for companies with thousands of such relationships. Making sure you have dug deep enough when vetting entities is an uncertain exercise. Getting employees to take seriously the need to consider corruption risks before establishing new relationships can be difficult. FCPAméricas has previously discussed these issues here and here.
One approach to third party due diligence that is gaining steam among larger companies involves moving responsibilities from legal and compliance departments to business units. Putting commercial and sales teams in charge can address many common challenges.
For one, this approach creates an efficient way of managing large numbers of third party relationships. Relying on the chief compliance officer to vet all third parties can be impractical, so making the business units responsible for basic due diligence helps spread responsibility. It frees up legal and compliance to focus on the more complex compliance issues.
Business personnel are often the closest to the third parties, making them better positioned to obtain information about the entity and walk it through the review. Business units also tend to take the process more seriously when they are required to own it.
Moreover, companies are finding that they can reduce overall risks when business teams are put in charge. This is because business units often choose to use fewer third parties when they know doing so will involve issuing questionnaires, signing certifications, and requesting audit rights in contracts. They think twice about new relationships when they are forced to make the business case for them. For example, Siemens told FCPAméricas in an interview that it reduced its sales agents from 2600 to 1700 when it reviewed them for compliance in 2007. Of the 900 who were dropped, only 20 were due to compliance concerns. The others were simply not needed for the business and they unnecessarily increased FCPA risks.
There are potential downsides to relying on business units to conduct due diligence. Meaningful reviews might not happen and corruption risks might remain. Companies can address this in the following ways:
Implement procedures. Companies can establish procedures for categorizing third parties based on risk, and business personnel can conduct varying levels of review based on the third party’s category. Standardized forms for questionnaires, certifications, and contract clauses can be made available. The more automated the processes, the better.
Train on red flags. Companies should use FCPA compliance trainings to ensure that business units understand common red flags that arise when dealing with third parties. FCPAméricas has discussed third party red flags in Latin America here.
Make guidance available. Business teams should feel comfortable seeking guidance from compliance and legal departments on due diligence matters. If a third party is pushing back on audit rights, the legal department can intervene. If a flag is “pink” rather than “red,” the compliance department can offer its perspective. Business units need to know that they have support at every step.
Conduct regular audits. If business units know that their third party due diligence efforts will be audited, they will be more likely to take them seriously.
The FCPAméricas blog is not intended to provide legal advice to its readers. The blog entries and posts include only the thoughts, ideas, and impressions of its authors and contributors, and should be considered general information only about the Americas, anti-corruption laws including the U.S. Foreign Corrupt Practices Act, issues related to anti-corruption compliance, and any other matters addressed. Nothing in this publication should be interpreted to constitute legal advice or services of any kind. Furthermore, information found on this blog should not be used as the basis for decisions or actions that may affect your business; instead, companies and businesspeople should seek legal counsel from qualified lawyers regarding anti-corruption laws or any other legal issue. The Editor and the contributors to this blog shall not be responsible for any losses incurred by a reader or a company as a result of information provided in this publication. For more information, please contact Info@MattesonEllisLaw.com.
The author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author.
@2013 Matteson Ellis Law, PLLC
Post authored by Matteson Ellis, FCPAméricas Founder & Editor
Comments
July 30th, 2013 at 9:51 am
[…] Tom Fox asks a basic question about it. Mike Volkov drills down on the issue. The FCPAmericas blog talks about transferring third-party FCPA due diligence to […]
August 3rd, 2013 at 8:44 pm
It makes very good sense to have the business unit which is managing partners and adding new partners own and pay for the Anti-corrupttion and other due diligence process related to their business. The sales and distribution channels structure is a cost of doing business and the cost of indirect sales includes the cost of knowing the entities you are using to distribute your company’s products and ensuring they are not involved in corrupt activity. Smart sales or program management will understand that they are gaining a significant business advantage because the due diligence process gives them information they would not otherwise have about their partners’ business activities, ownership and management. And they will have objective data to allow them to reject bad guys.
The overall due diligence program should be controlled by a central organization that manages, assists and reviews the due diligence done and paid for by the business units.
The business units should also be required to pay the costs of any FCPA investigations and remedial actions, though they should not have any control over investigations.