The increasing number of settled Foreign Corrupt Practices Act (FCPA) actions involving third parties has resulted in heightened scrutiny of such relationships. The greatest exposure for most public companies subject to the FCPA has been historically in the area of “pass through” payments, where an improper payment is made through a third party, such as a consultant or agent. Governmental guidance encourages companies subject to the FCPA to “exercise due diligence and to take all necessary precautions to ensure that they have formed a business relationship with reputable and qualified partners and representatives.” 1 Such guidance identifies example of “red flags” that companies subject to the FCPA should look out for. 2
The governmental actions against Halliburton and entities previously related to it establish that limited FCPA due diligence of third parties will not suffice. Any due diligence conducted must be thorough, reasonably designed to uncover potential “red flags,” and well documented.
The recent governmental actions against Panalpina and affiliated entities go even further. Each of the seven recent settlements required the entity involved to adhere to a “Corporate Compliance Program” containing specific due diligence and compliance requirements. 3 In particular, each program states that “[t]o the extent that the use of agents and business partners is permitted at all,” the companies involved will “institute appropriate due diligence and compliance requirements pertaining to the retention and oversight of all agents and business partners.” Such requirements include properly documenting “risk-based” due diligence pertaining to the “hiring and appropriate and regular oversight” of such agents and business partners. They also require all such agents and business partners be informed of the company's commitment to abide by laws and prohibitions against foreign bribery, and of the company's ethics and compliance standards and procedures “and other measures for preventing and detecting such bribery.” Finally, they require that the companies seek reciprocal commitments regarding such rules from the agents and business partners involved.
Where “necessary and appropriate,” the companies involved also agree to include “standard provisions in agreements, contracts, and renewals thereof with all agents and business partners, that are reasonably calculated to prevent violations of the anti-corruption laws.” Such provisions may, depending on the circumstances, include: “(a) anti-corruption representations and undertakings relating to compliance with the anti-corruption laws; (b) rights to conduct audits of the books and records of the agent or business partner to ensure compliance with the foregoing; and rights to terminate an agent or business partner as a result of any breach of anti-corruption laws, and regulations or representations and undertakings related to such matters.”
While many companies may be complying with most, if not all of these standards already, it would appear advisable to conduct a thorough review of current FCPA due diligence policies and procedures regarding third parties with the guidance of the recent settlements. This is especially true in light of the fact that all of the “Corporate Compliance Programs” specifically note that these are the “minimum” elements required for existing companies' internal controls, policies, and procedures.
Exactly what constitutes “appropriate and regular oversight” of agents and business partners is not defined. Presumably, it will vary depending on the nature and scope of the relationship involved. Consideration of including a well-documented annual or semi-annual review process would not seem unreasonable under the circumstances. In addition, if contract clauses containing the right to conduct audits of books and records are utilized, it would seem prudent to include such audits on occasion.