Third-party partners are the weakest link for companies trying to do business in high-risk countries like Brazil, Guatemala, Honduras and El Salvador as the Biden administration makes enforcement under the Federal Corrupt Practices Act (FCPA) a cornerstone of its national security posture, a compliance specialist says.
Companies can go a long way to instilling within their structure visibility and culture to operate with integrity in countries where corruption is widespread; the challenge is to keep your company from getting dragged into FCPA compliance problems by your association with a party you’ve hired to help you do business there.
“It's not easy to have visibility into what your partner is doing outside your purview,” Robert Johnston, an attorney with Lowenstein Sandler, told Legal Dive. “It could be a local lawyer, consultant, tax consultant, PR firm, someone you hired to get your products through the port, someone you hired to expedite a permit being issued – any third party you’ve engaged in a local market to help you get things done.”
Some 90% of FCPA violations involve third-party partners, according to Stanford University data. That makes vetting partners upfront and checking on them periodically afterwards the best way to avoid compliance problems.
“You might want to do a corporate intelligence report,” Johnston said. “Ask for ownership charts, and make sure none of the owners are government officials or related to a government official. Are you hiring a PR firm because [the principal is] a brother of a powerful senator or because they’re the best one?”
You also want to include adequate representations and warranties in your partner contracts.
“They [must] agree they’re going to abide by the law and they will notify you as often as annually they’ve been compliant with the law – haven’t bribed anyone,” he said. “You can conduct periodic audits and due diligence to make sure what they’re saying to you appears to be true.”
Recent initiatives have uncovered the challenges of operating in Brazil and what’s known as the Northern Triangle – an area encompassing Honduras, El Salvador and Guatemala in Central America – because of corruption that in some cases extends to the highest reaches of government.
“Corruption has always been a problem in the region but it’s now impossible to deny it given these massive scandals that have been uncovered,” said Johnston.
About half a dozen years ago, the Brazilian government conducted a review known as the Car Wash Investigation that uncovered criminal practices in the country by hundreds of business and government leaders, including former heads of state. And early in the Biden administration the government on national security grounds launched a task force to measure the pervasiveness of corruption in the Northern Triangle.
As a result of the initiatives, more companies than has typically been the case can expect to get snagged in FCPA enforcement activities, Johnston said.
“In general, FCPA cases are pretty slow moving,” he said. “A lot of cases take several years to resolve, so we’ll probably see in the relatively near future companies disclosing in 10-Ks and 10-Qs that they are investigating misconduct in those countries.”
Companies can go a long way to reduce their liability by engaging in what Johnston calls proactive compliance – setting up controls that are appropriately scoped, and resourced, to the risks as they move into a country, either through an acquisition or a venture.
“You’re looking at everything from how licenses and permits were acquired to how the business opportunity came to be and whether government officials have either disclosed or undisclosed ownership interest on any of the targets,” Johnson said. “You’re conducting post-closing audits to make sure any undisclosed, inappropriate business practices need to be halted. One company I worked with would pick a handful of jurisdictions a year and rotate through a kick-the-tires internal audit to make sure there are no previously undiscovered corruption risks.”
Proactive compliance is also helpful in the event your company gets ensnared in an enforcement action, because it shows regulators you’ve made a good-faith effort to operate appropriately.
“It’s not a get-out-of-jail-free card, but it gives you more chits at the negotiating table,” he said.
If you discover a problem yourself, thanks to your controls or your audit effort, and take remedial action, that can work in your favor as regulators decide how hard, or whether, to go after you.
“It’s not theoretical,” he said. “It’s actually possible that under the right circumstances the company could successfully defend itself should its compliance program be sufficiently robust and empowered. I’m aware of a couple of investigations – they’re not public – where companies did get a prosecution declination from both the DOJ and the Securities and Exchange Commission. Those decisions were based in part on the strong compliance programs that existed at the time of the misconduct and also what the companies did to remediate the problem once they learned about it.”