Dinner [and Pearls of Wisdom] with Tom Fox


It is not often that you can get time with someone like Tom Fox and pick his brain on FCPA and compliance issues. Eddie Cogan, the CEO and Founder of Catelas, was fortunate enough to sit down with Tom for dinner this week in Chicago at a World Compliance FCPA event. We  thought we would share some of Tom’s Pearls of Wisdom.

Q1: looking across the entire spectrum of FCPA violations what things stick out:

A:

  1. the continued increase in FCPA enforcement actions. It is not going away anytime soon.
  2. the DOJ is focusing industry by industry and we can definitely see their current focus on Pharma/medical devices and Private Equity; on top of the usual suspects. Now the DOJ seems to looking at aerospace and defense industries.
  3. finally I think we are seeing a greater focus on individual executive responsibility – a recently the President of Terra Telecom received  a sentence of 15 years

Q2: So what should a compliance officer do in the face of this scrutiny? Especially when such officers are sitting in offices very far removed  from the action:

A: well for starters not knowing is not a defense.  The DOJ have advised on what is a minimum best practice for compliance and most recently indicated “Enhanced Compliance Obligations”.  You need to incorporate these into your program.  If I were to focus on 3 things it would be 1) know your third parties, 2) training and 3) documentation, documentation, documentation.  The latter I repeat because its so important to be able to show the regulator when they come calling that your do have systems in place and that you do have a systematic reasonable approach to the task.

Q3: One of the things I am seeing more of recently is the concept of due diligence and ongoing audit programs.  That seems to be much more substantial than policy and training.

A: yes it is.  In the recent J&J case, we saw mention of obligations like “J&J will conduct due diligence reviews of sales intermediaries, including agents, consultants, representatives, distributors, and join venture partners” .  There is also a recognition that risk changes over time and that you need an ongoing program of review & audit in place.

Q4: What advice do you have for Compliance Officers trying to tackle this problem {of knowing your Partners} ?

  1. You need to fully assess, in writing, your overall risk parameters in a Risk Assessment. That is your starting point.
  2. Your due diligence should be based on the risk you assess for the third party.
  3. You should continue to perform and update your due diligence at greater than one year intervals, particularly if the risk profile has changed.
  4. Follow the DOJ enforcement actions and Opinion Releases for your best sources of information on the DOJ’s latest thinking on best practices.

The over-riding theme to the discussion was “know your partners” which is all well and good, but it is no trivial exercise. Large multi-nationals could typically have hundreds if not thousands of partners around the world; distributors who partner with 3rd party resellers or partners who sub-contract with local businesses. This can quickly and easily become a complex web of business relationships which is constantly evolving and changing. As Tom intimates, the only way to stay on top of it is to leverage technology, systems and documented processes so that company’s can more confidently say, “yes we know who our partners are” and “yes we know how business is being conducted”.

For more information about Catelas 360 degree Partner Assessments, look here.

Advertisements

How well do you know your Partners and 3rd Parties?


Reading through the Mike Volkov and Tom Fox blogs certainly provides food-for-thought around FCPA violations and infringements. Mike is holding a webinar next week to talk about FCPA with respect to Private Equity and Hedge Funds, in particular when such companies are considering international mergers or acquisitions; Tom talks about whether FCPA scrutiny revolves around the oil and gas company because of the places where they operate or the ‘cowboy tradition’ of the industry.

These articles got me thinking about the partners and 3rd parties that such companies contract with to conduct business in countries like Russia, China and Mexico. My question for companies with significant international operations is simply “How well do you really know your Partners and 3rd Parties?” I posed a similar question in my blog last month, but the point is worth repeating.

Most companies it seems, who are expanding their international businesses or looking at potential M&A activity, do a pretty good job at the front end – ie the due diligence stage. Vetting partners, 3rd party relationships, etc. The problem is that business relationships are not static – they change and evolve. Personnel changes, from sales to research and development teams to supply chain partners. With these changes, so does ‘who we do business with’ and more importantly ‘how business is conducted’.

At Catelas we are not advocating that companies need to monitor every business relationship every minute of the day, but we certainly recommend regular check-ups (or assessments). For example, a company might be have expanded its business operations into South America. Well it would not hurt to conduct a business partner / 3rd party assessment after 1 year to examine what those business relationships look like. Or a major pharma company conducting clinical trials in Indonesia may find it makes sound business sense to identify the key relationships that exist between the company, partners, 3rd parties and hospitals, six month into those trials.

As this picture shows, these 360 degree assessment need not be a massive, expensive investigation in-country. Nor is it a major audit of the company’s financials and partnership contracts. Rather they are designed to be a non-obtrusive examination of how  business is really being done on a day-to-day basis – ‘who is talking to who’, and ‘what are the key business relationships in place’. It provides first and foremost ‘peace of mind’ that the company is conducting business ethically. But if red flags are raised as a result of the assessment, then it provides a process for undertaking a more detailed examination.

And hence the MRI analogy we have used before – the Catelas 360 degree assessment provides an MRI into your foreign business operations – answering the question “How well do you know your 3rd parties?”. To learn more take a look here or give us a call. I would love to hear your views.