There is often discussion of “victims” of Foreign Corrupt Practices Act violations. Yet, I genuinely believe that one of the seldom-discussed “victim” categories of this new era of FCPA enforcement and resulting compliance “best practices” is foreign third parties.
For starters, a business organization can be exposed to FCPA anti-bribery violations based on the conduct of various third parties (assuming the “knowledge” component of the third-party payment provisions is met). Moreover, based on current enforcement theories, the mere “improper” recording of foreign third-party transactions may constitute a books and records violation and the enforcement agencies frequently find internal controls violations based on various alleged deficiencies concerning a business organization’s relationship with foreign third parties.
Because of these legal provisions (and aggressive and dubious enforcement of these provisions), an extensive and elaborate series of “best practices” have developed around pre-engagement, engagement, and post-engagement of foreign third parties.
Yet, the FCPA is certainly not unique in exposing a business organization to legal liability based on the acts of various third parties. There are countless other U.S. statutes that have similar features. Yet ask yourself: do my clients or does my company unleash the same “best practices” policies and procedures on a third party from Boston compared to Beijing, from Louisville compared to Luanda, from San Diego compared to Sao Paulo?
The resounding answer (informed by my experience as an FCPA practitioner, information received from participants from leading law firms and companies who attend my FCPA Institute, and other general discussions with various practitioners) is no.
This of course begs the question of whether typical third-party practices in the domestic context are too lax or whether typical third-party practices in the foreign context are too aggressive. Like many things, the best answer is probably somewhere in between.
Yet, it sure seems that a starting point for a business organization’s relationship with a domestic third-party is that the third-party is ethical until proven otherwise and the business organization is not going to spend thousands of dollars to engage in various steps and create extensive due diligence files so that it can tell the best story possible should the until occur. This is a respectful and healthy way to begin (and maintain) a relationship with a human being – not to mention a cost and time-efficient use of limited corporate resources.
On the complete opposite end of the spectrum, it sure seems that a starting point for a business organization’s relationship with a foreign third-party is that the third-party is perhaps unethical and thus the business organization spends thousands of dollars on pre-engagement due diligence and other steps so that it can tell the best story possible should indeed the third-party acted unethically. This is simply not a healthy way to begin a relationship with anyone, recognizing that on the receiving end of the business organization’s pre-engagement questionnaire, FCPA acknowledgment letter, and other “best practice” steps later in the relationship (such as training acknowledgement letter and annual certification letter, etc.) is a real human being.
If the definition of xenophobia is having a fear of certain similarly situated people (but not others based on their nationality) and treating similarly situated people differently based on their nationality, then a credible case can be made in many instances that FCPA third-party “best practices” (as often advanced by the U.S. government in enforcement actions) are xenophobic.
For instance, in numerous FCPA enforcement actions among the internal control deficiencies cited by the government was the company retained a foreign third-party without conducting due diligence and without entering into a written agreement with the third-party. Yet can anyone point to a U.S. government enforcement finding internal control deficiencies for not conducting due diligence on a domestic third-party or not entering into a written agreement with a domestic third-party?
In one FCPA enforcement action among the internal control deficiencies cited by the government was the company engaged a foreign third-party under circumstances in which the third-party did not agree to any accounting or audit of fees received. Yet can anyone point to a U.S. government enforcement action finding internal control deficiencies for engaging a domestic third-party in which the third-party did not agree to any accounting or audit of fees received?
In another FCPA enforcement action among the internal control deficiencies cited by the government was the company engaged a foreign third-party without checking all of the third-party’s references some of which turned out to be false. Yet can anyone point to a U.S. government enforcement action finding internal control deficiencies for engaging a domestic third-party without checking all of the third-party’s references?
Something is either an internal control violation or it isn’t. Given the language of the FCPA’s internal controls provisions it should not matter whether the third-party is a foreign third-party or a domestic third-party.
As an aside, the above post is further informed by having served as an expert in a foreign arbitration on behalf of a foreign agent of a U.S. company who was subjected to various alleged FCPA “best practices” relevant to foreign third parties. The foreign third-party was literally “put through the ringer” by the U.S. company (and its major accounting firm who suggested various FCPA “best practices) including an audit of the third-party’s family members and examination of the third-party’s grocery bills – I kid you not).
Yet the theory of the case was that the U.S. company’s new private equity owners wanted to get rid of the foreign third-party for business reasons (the third-party’s contract was becoming too expensive for the U.S. company) and the U.S. company used the FCPA as a pretext to attempt to terminate the contract. Thankfully for the foreign third party who engaged me, the arbitrator saw through this and awarded the foreign third party approximately $5 million based on various causes of action.
FCPA Institute - Zoom (Oct. 27-29)
Elevate your FCPA knowledge and practical skills. Nine hours of integrated and cohesive instruction led by Professor Koehler (an FCPA expert with teaching experience). Learn more, spend less. Professional credential available.