An ongoing challenge for compliance officers is determining whether a contractor, vendor or agent represents a low or high risk of corruption for the corporation and what steps to take to ensure that the company’s anti-corruption procedures work in practice and are not simply a “paper tiger”.
Meeting demands; ensuring compliance
Often a tension can develop between the company’s compliance officer and those actually doing the purchasing, procurement or contracting. This is especially acute if the protocols in place for vetting, auditing and reporting on contractors seem overly onerous or place undue restrictions on employees. While the line departments want to ensure they are getting the best vendor or otherwise meeting their business requirements, compliance officers have the ongoing challenge of ensuring that potentially high risk contractors are properly vetted and do not pose a risk to the company’s compliance or ethics.
Assuming the line departments are on board, and they have identified a potentially high risk vendor, the next question the company needs to address is how to contract with this vendor all the while ensuring they meet the company’s anti-corruption standards. We frequently get asked the following questions:
- Should the compliance officer make the vendor adopt the company’s own policy?
- Should the contractor be made to sign a declaration to the effect that it abides by the company’s own general principles regarding corruption and business ethics?
- Is it sufficient for the vendor to declare that they have their own policy in place?
- Should the compliance offer request a copy of the contractor’s policy and review it for completeness?
When dealing with contractors operating under the same laws as the company, it may be easier to “trust but verify” that the contract has a program or procedures in place to comply with the same set of rules and obligations imposed on the company. For example, if both are Canadian companies, then both would have to abide by Canadian anti-bribery provisions in the Criminal Code and the Corruption of Foreign Public Officials Act.
However, when the contractor is registered in a second country (i.e. the United States) and is operating on behalf of the corporation in a joint third country, the analysis of which laws apply can become more difficult to parse.
Reviewing a contractor’s anti-corruption policy
It may seem simplest to request a copy of the vendor’s anti-corruption policy for review. However, this poses difficulties from a logistical perspective as well as from a risk perspective. First, this would require the line department to receive the policy and forward to the compliance officer for review, which could lead to delays for time-sensitive or routine contracts. Second, if there are significant gaps between the two policies, the recourse may be to require the contractor to adopt the company’s policy anyways. And, it will lead to significantly more work for the compliance officer and increased liability – if there are difficulties in the future, questions may be raised as to whether the compliance officer’s review was “good enough” or thorough enough, to warrant deferring to the contractor’s own policy, especially in cases where there were significant discrepancies between the two.
The answer comes down to acceptable risk and implementable policies that ensure that the company has performed sufficient due diligence, has not willfully overlooked red flags and has taken proactive steps to identify and mitigate potential corruption and bribery issues. Taken together, this can go a long way to demonstrating to the relevant authorities that the company has taken bona fide steps to ensure that it has attempted to be compliant with the relevant laws.
Amending protocols to suit your anti-corruption needs
Here are demonstrable ways that a company can ensure that its high risk contractors recognize the importance of anti-corruption and agree to abide by applicable laws:
- Require that specific representations and warranties clauses be included in all contracts with high risk contractors: these clauses should require that the contractor agree that it understands the laws applicable to its business undertakings on behalf of the company, that it agrees to comply with such laws, that it has never violated relevant anti-bribery and anti-corruption laws, that it has proper accounting mechanisms in place, and that it agrees that any material change of circumstances shall immediately be reported to the company;
- Require that the contractor complete a due diligence questionnaire, which would provide crucial information on the contractor’s principals and corporate background; and
- Require that the contractor execute a declaration on ethics, which requires the contractor, inter alia, to attest to its ethical principles and provide information on its own anti-corruption and ethical procedures.
In some instances, it may be useful to also require the contractor to agree to implement the company’s own anti-corruption and code of ethics, or an abridged version thereof. This is more relevant in situations where the contractor does not have its own policy, where both companies are subject to the same laws or where the contractor may be subject to much less stringent laws.
Another solution may be to require the contractor – during the contactor due diligence process - to compare and contrast the company’s anti-corruption policy against its own and to highlight significant gaps between the two. If this gap represents an unacceptable risk to the company, then the company should include specific provisions in its goods and services contract to deal with these gaps. One example of this could be the use of facilitation payments. While these are still legal under U.S. law, the Canadian government has recently made them impermissible for those subject to Canadian laws.
The above is not meant to be legal advice. Each company’s risk profile is different and can be influenced by factors such as the location of its operations and the type of services provided by its contractors. As a result, seeking legal advice early on in the development of a compliance program could save previous time and effort.