How well do you know your Partners and 3rd Parties?


Reading through the Mike Volkov and Tom Fox blogs certainly provides food-for-thought around FCPA violations and infringements. Mike is holding a webinar next week to talk about FCPA with respect to Private Equity and Hedge Funds, in particular when such companies are considering international mergers or acquisitions; Tom talks about whether FCPA scrutiny revolves around the oil and gas company because of the places where they operate or the ‘cowboy tradition’ of the industry.

These articles got me thinking about the partners and 3rd parties that such companies contract with to conduct business in countries like Russia, China and Mexico. My question for companies with significant international operations is simply “How well do you really know your Partners and 3rd Parties?” I posed a similar question in my blog last month, but the point is worth repeating.

Most companies it seems, who are expanding their international businesses or looking at potential M&A activity, do a pretty good job at the front end – ie the due diligence stage. Vetting partners, 3rd party relationships, etc. The problem is that business relationships are not static – they change and evolve. Personnel changes, from sales to research and development teams to supply chain partners. With these changes, so does ‘who we do business with’ and more importantly ‘how business is conducted’.

At Catelas we are not advocating that companies need to monitor every business relationship every minute of the day, but we certainly recommend regular check-ups (or assessments). For example, a company might be have expanded its business operations into South America. Well it would not hurt to conduct a business partner / 3rd party assessment after 1 year to examine what those business relationships look like. Or a major pharma company conducting clinical trials in Indonesia may find it makes sound business sense to identify the key relationships that exist between the company, partners, 3rd parties and hospitals, six month into those trials.

As this picture shows, these 360 degree assessment need not be a massive, expensive investigation in-country. Nor is it a major audit of the company’s financials and partnership contracts. Rather they are designed to be a non-obtrusive examination of how  business is really being done on a day-to-day basis – ‘who is talking to who’, and ‘what are the key business relationships in place’. It provides first and foremost ‘peace of mind’ that the company is conducting business ethically. But if red flags are raised as a result of the assessment, then it provides a process for undertaking a more detailed examination.

And hence the MRI analogy we have used before – the Catelas 360 degree assessment provides an MRI into your foreign business operations – answering the question “How well do you know your 3rd parties?”. To learn more take a look here or give us a call. I would love to hear your views.

Advertisements

A new age of Whistle-Blowers


I read an interesting article last week by Joelle Scott about the “secret” whistle-blower at BNY Mellon. It turns out that Grant Wilson was the undercover whistle-blower who detailed how the bank had allegedly overcharged investors in their currency trades and defrauded investors for years.

This from the article… “So what is shocking about the BNY whistleblower is not that he exists but rather that he worked in conjunction with attorneys, regulators and fraud heroes to provide evidence for a massive lawsuit against his employer (the Justice Department and the NY Attorney General are seeking over $2billion from the bank).  This is almost as shocking as when the government used wiretaps to confirm and reveal the enormous insider-trading ring orchestrated by Raj Rajaratnam and his cohorts.”

In a shady world of fraud and corruption, law enforcement is to be applauded for making inroads by planting undercover agents into corporations or getting increased help from insiders.

But coming from the Information Security business, it does make me think about the people we work with that we take for granted on a day-to-day basis. Not if they are potential whistle-blowers, but the opposite. Are any of these colleagues working on the dark-side: do they have relationships with corrupt organizations, are they providing sensitive information to competitors? Do they have relationships that might be harmful to the company? Bar a cursory background check when an employee enters a company, the truth is, we really don’t know.

Worse, we only potentially find out once a crime has been committed, long after the horse has bolted from the stable.

And that is why Catelas is all about Relationships – it all comes down to ‘who you know’.

Voluntary Disclosure of FCPA violations


To disclose or not to disclose… that is the question. Definitely a thorny issue which Compliance Officers have to deal with. From my standpoint, I am seeing more voluntary disclosures hitting the press – here Maxwell and here Analogic, which is a good thing. Right?

Personal Disclosure – I have never been inside a Compliance Officer’s shoes when he or she is being chewed out by the CEO, so my opinion may not count for much. But what I have observed over the last few years being around corporate FCPA investigations is the following:-

1. We will investigate, prioritize and disclose potential violations that are brought to the Compliance Team’s attention:  what this means is that most companies have an investigation process in place and when they find something wrong and potentially serious, for the most part they will voluntarily disclose. Clearly, this begs the question what is “serious”, but most companies I would hope will not deliberately try to hide blatant stuff.

2. I don’t want to know what I don’t need to know: this is really about proactive monitoring or going out and finding potential violations. We work with a few companies in highly regulated industries where this is a must, but for most companies it is a step too far – ie I don’t want to uncover stuff that I don’t need to know about. This does not mean that these companies have blinders on, simply that they are doing what is necessary from a compliance and enterprise risk perspective. They feel they no not need to go the extra 9 yards.

3. Cover my backside principle:  this is about policies, processes, employee training, ‘walking the walk’, ‘top down approach’, etc. It’s what all good Compliance Teams do: they enforce and remind employees, partners, etc about good business practices. Often this is driven by past experiences – has the company been investigated by the authorities before, have they had whistle-blower incidents, etc?

4. Who is the target?  The company or the Executive: this is probably the one dynamic that has changed the most in the last 2 years. The charges are becoming personal, in that CEO’s (SEC charges CEO $20M in fraud case) or Compliance Officers are being charged for violations, resulting in possible jail time. No longer is it simply the company that stands to be charged.

Of course each company is different, but the underlying theme is reputation risk – enterprise and personal. Voluntary disclosure provides an avenue for ‘coming clean’, for putting some level of  ‘positive spin’ out of a bad situation and hopefully ultimately saving the company money in fines, etc. To all Compliance Officers – are you feeling the disclosure heat? Or is it still business as usual? I would love to hear your views.