FCPA compliance is not a reactive endeavor. With the current geopolitical landscape in a constant state of flux, a multitude of companies have recently fallen prey to FCPA enforcement actions, often resulting from incomplete, faulty, or simply inadequate internal compliance systems. In total, the sanctions levied by the Securities and Exchange Commission (SEC) and the U.S. Department of Justice (DOJ) have ballooned to over 11 billion dollars.
These sanctions show no sign of slowing down, either. While the Act has been in effect since 1977, over 64% of all FCPA enforcement actions have been handed down in the past 10 years. In addition, these enforcements are primarily affecting U.S.-based companies that are operating in the world’s fastest growing economies.
Of the BRIC (Brazil, Russia, India & China) and MINT (Mexico, Indonesia, Nigeria & Turkey) countries, which are characterized as emerging economic giants, only Turkey falls outside the top 10 of countries where improper payments have been prosecuted under the FCPA. That said, steering clear of these regions is not a viable option for any businesses hoping to establish a robust international presence.
The risk associated with these countries builds even further when third parties get involved. By the letter of the law, companies are liable under the Act for the actions of third parties even if the firm is unaware of these actions. Common high-risk third-party entities include Sales Agents, Consultants, Distributors, and Joint Venturers, among others. These agents often have no obligation to disclose their past transgressions, leading to a vicious cycle of FCPA entrapment. In fact, more than 90% of all FCPA enforcement actions have involved the use of a third-party intermediary.
Firms Can Avoid Common Pitfalls with Emerging Research Techniques
When engaging vendors or partners in a foreign country, the potential for hidden threats can seem like an unfortunate inevitability. What should firms do, then, to avoid these pitfalls? Through implementing an earnest due diligence program and incorporating the 5 emerging research techniques outlined below, companies can take a more proactive stance in mitigating FCPA risk.
- Research Beyond the Database
While database results form the foundation of assessing third party reputational risks, they are nowhere near sufficient in and of themselves. By analyzing primary sources such as the U.S. Department of State’s Debarred Parties List and sanctions websites such as the Office of Foreign Assets Control (OFAC) list, a definitive picture can emerge of an entity’s past legal or financial transgressions.
- Filtering False Positives
When investigating agents or owners of a prospective foreign partner, foreign-language naming conventions can render database results essentially meaningless. For example, when investigating an individual with a Mandarin-language name, it is common to come across upwards of ten name variations, especially if they have lived abroad and used an English-language alias for business purposes. Only through the analysis of trained, region-focused subject matter experts (SMEs) can one ensure accuracy when matching relevant data to a subject with a foreign-language name.
- Link Analysis
Past FCPA infractions or red flags can often be concealed by third parties through the establishment of shell corporations and fraudulent partnerships. By using Link Analysis, a visualization technique that outlines a company’s or an individual’s web of business ties and mutual interests, these risks can be better understood within the due diligence process. For example, by analyzing the degrees of separation between a possible vendor and a state-owned energy company, Link Analysis clearly and concisely illuminates liabilities that would otherwise go unexposed, helping firms to limit their exposure to risk.
- Social Media PEP Screens
Social media sources such as Facebook, Twitter, and LinkedIn are increasingly instrumental in identifying a subject’s political exposure, which may be indicative of potentially corrupt activities. In the past, Prescient’s analysts have uncovered hidden links between potential vendors and state entities through undisclosed Facebook friendships, links that weren’t apparent from database results. By examining prior job histories and individual connections, a transparent picture can emerge of possible FCPA pitfalls.
- Native Language Research
Comprehensive FCPA compliance is only possible through leveraging the power of trained human analysis, which becomes all the more crucial when subjects are located in high-risk regions around the world. Critical business registration information from emerging markets like China and Russia is oftentimes only available in native languages, necessitating a higher degree of investigative complexity during the FCPA due diligence process. Given that these sources do not appear in traditional databases, incorporating regional expertise into FCPA one’s research process can make the difference in uncovering potential risks.
Thus, in an increasingly challenging FCPA compliance environment, firms must take proactive steps to ensure that their efforts are thorough and up-to-date. Using the five innovative techniques outlined above, companies can stay ahead of the curve in conducting adequate due diligence on their third parties, lessening their exposure to operational or regulatory risk.
Sources:
- http://fcpa.stanford.edu/statistics-analytics.html
- https://www.sec.gov/spotlight/fcpa/fcpa-resource-guide.pdf
- http://www.fcpablog.com/blog/2017/9/22/telia-tops-our-new-top-ten-list-after-we-do-some-math.html
- http://www.fcpablog.com/blog/2009/2/12/kbr-and-halliburton-resolve-charges.html
- https://www.gibsondunn.com/wp-content/uploads/2017/12/Blume-Partridge-Tafari-Potential-FCPA-Liability-for-Third-Party-Conduct-Reuters.pdf