Jay Martin, Chief Compliance Officer (CCO) at BakerHughes Inc. suggests an approach that reviews key risk factors to move forward. Martin has laid out 15 key risk factors of targets under a FCPA analysis, which he believes should prompt a purchaser to conduct extra careful, heightened due diligence or even reconsider moving forward with an acquisition under extreme circumstances.
- A presence in a BRIC (Brazil, Russia, India and China) country and other countries whose corruption risk is high, for example, a country with a Transparency International CPI rating of 5 or less;
- Participation in an industry that has been the subject of recent anti-bribery or FCPA investigations, for example, in the oil and energy, telecommunications, or pharmaceuticals sectors;
- Significant use of third-party agents, for example, sales representatives, consultants, distributors, subcontractors, or logistics personnel (customs, visas, freight forwarders, etc.)
- Significant contracts with a foreign government or instrumentality, including state-owned or state-controlled entities;
- Substantial revenue from a foreign government or instrumentality, including a state-owned or state-controlled entity;
- Substantial projected revenue growth in the foreign country;
- High amount or frequency of claimed discounts, rebates, or refunds in the foreign country;
- A substantial system of regulatory approval, for example, for licenses and permits, in the country;
- A history of prior government anti-bribery or FCPA investigations or prosecutions;
- Poor or no anti-bribery or FCPA training;
- A weak corporate compliance program and culture, in particular from legal, sales and finance perspectives at the parent level or in foreign country operations;
- Significant issues in past FCPA audits, for example, excessive undocumented entertainment of government officials;
- The degree of competition in the foreign country;
- Weak internal controls at the parent or in foreign country operations; and
- In-country managers who appear indifferent or uncommitted to U.S. laws, the FCPA, and/or anti-bribery laws.
In evaluating answers to the above inquiries or those you might develop on your own, you may also wish to consider some type of risk rating for the responses, to better determine is the amount of risk that your company is willing to accept to do so you will need to both assess risk and subsequently evaluate that risk. Borrowing from a matrix developed by Michele Abraham from Timken Co., I have found Timken's matrix for risk rating and assessment useful. Risks should initially be identified and then plotted on a heat map to determine their priority. The most significant risks with the greatest likelihood of occurring are deemed the priority risks, which become the focus of the your post-acquisition remediation plan going forward. A risk-rating guide similar to the following can be used.
Likelihood RatingAssessmentEvaluation Criteria1Almost CertainHigh likely, this event is expected to occur2LikelyStrong possibility that an event will occur and there is sufficient historical incidence to support it3PossibleEvent may occur at some point, typically there is a history to support it4UnlikelyNot expected but there's a slight possibility that it may occur5RareHighly unlikely, but may occur in unique circumstances
'Likelihood' factors to consider: The existence of controls, written policies and procedures designed to mitigate risk capable of leadership to recognize and prevent a compliance breakdown; Compliance failures or near misses; Training and awareness programs. Product of 'likelihood' and significance ratings reflects the significance of particular risk universe. It is not a measure of compliance effectiveness or to compare efforts, controls or programs against peer groups.
The key to such an approach is the action steps prescribed by their analysis. This is another way of saying that the pre-acquisition risk assessment informs the post-acquisition remedial actions to the target's compliance program. This is the method set forth in the FCPA Guidance. I believe that the DOJ wants to see a reasoned approach with regards to the actions a company takes in the mergers and acquisitions arena. The model set forth by Michele Abraham of Timken certainly is a reasoned approach and can provide the articulation needed to explain which steps were taken.
It is also important that after the due diligence is completed, and if the transaction moves forward, the acquiring company should attempt to protect itself through the most robust contract provisions that it can obtain, these would include indemnification against possible FCPA violations, including both payment of all investigative costs and any assessed penalties. An acquiring company should also include reps and warranties in the final sales agreement that the entire target company uses for participation in transactions as permitted under local law; that there is an absence of government owners in company; and that the target company has made no corrupt payments to foreign officials. Lastly, there must be a rep that all the books and records presented to the acquiring company for review were complete and accurate.
To emphasize all of the above, the DOJ stated in the Pfizer Deferred Prosecution Agreement (DPA), in the mergers and acquisition context, that a company is to ensure that, when practicable and appropriate on the basis of a FCPA risk assessment, new business entities are only acquired after thorough risk-based FCPA and anti-corruption due diligence is conducted by a suitable combination of legal, accounting, and compliance personnel. When such anti-corruption due diligence is appropriate but not practicable prior to acquisition of a new business for reasons beyond a company's control, or due to any applicable law, rule, or regulation, an acquiring company should continue to conduct anti-corruption due diligence subsequent to the acquisition and report to the DOJ any corrupt payments or falsified books and records.
Tomorrow in Part III, I will take a look at your post-acquisition actions in the mergers and acquisition context.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2014