I recently spoke with Tom Fox, The Compliance Evangelist on The Compliance Podcast Network regarding insights from recent enforcement actions, where we considered various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data. We looked at actions that help us through that maelstrom to find useful and actionable information for your compliance program. In Episode 2, we consider some recent Foreign Corrupt Practices Act (FCPA) enforcement actions wherein insufficient due diligence was a key takeaway.
Excerpted from Tom Fox’s blog: The vast majority of FCPA enforcement actions over the past 10 years have involved some form of inadequate, insufficient or even a total lack of due diligence. We began by exploring how a company can perform sufficient due diligence without breaking the bank. Candice Tal noted that most companies perform Level I due diligence, which of course provides limited information. Typically in Level I, companies find less than 1% of the issues that are out there. When you couple that with the realization that 90% of FCPA enforcement actions are against companies who engaged third parties and third party vendors, it leads Tal to opine, “I would say that you’re not finding the needle in the haystack most of the time you should be concerned.” Now if you add due diligence in the Supply Chain component where there can be 5,000 or even 10,000 companies, you can begin to see the daunting nature of getting your arms around these risks.
Another key feature of almost all FCPA enforcement actions is that companies that sustained enforcement actions most usually had ‘check-the-box’ compliance programs. We considered this implication in the context of due diligence. To increase the percent of information about the troubling 1% figure Tal noted above, she said companies need to “start looking at incorporating deep media searches, into their due diligence.” Deep media typically looks at aggregated data from companies that amass millions and millions of digitized records, journals, newspapers, articles, periodicals or other similar information. Now overlay global watch lists, with some basic corporate financial information, and you might be able to move from finding only 1% to up to 5% of the corruption and bribery related issues that exist amongst the parties. However, when you further expand that and do a deeper level search on online, beyond simply adverse keyword searches, it can move your discovery rate up to as much as 35% of the corruption and bribery related information.
We next turned to key executive searches for senior management and even Board members. Tal notes that most information suggests that between 10 to 20% of all such persons have adverse information in their backgrounds, which is often not reported and not uncovered. This means that if you have 100 senior managers and Board members, you can reliably estimate that 10 to 20% of that group has a red flag in their background which should be cleared before hiring or even promotion. If you have 1,000 such people in your organization, simply do the math. You may well have hundreds of senior executives with bribery related issues or issues in their backgrounds that you would not want to be responsible for causing nightmares for an organization down the road.
Another issue which Chief Compliance Officers (CCOs) and compliance officers struggle with is the number of red flags. Tal said that a key element is to consider a deep dive of internet searches different from a deep dive due diligence. This is because the deep dive due diligence provides a much fuller and richer picture of a candidate’s background; whether that candidate be an entity or individual. When you couple this with risk ranking it can lead to a more cost-effective approach to due diligence.
The regulators have made clear a check-the-box approach to due diligence is insufficient because it will not provide sufficient information as required by them. A company must rank its third parties based on a variety of factors such as where they are doing business, who they are doing business with, how they are doing business, financial strength and even political risks. The recent Vantage Drilling Co. FCPA enforcement actions drove home this need. The company’s largest supplier was a drilling ship supplier who was so important to the organization that he was not only put on the Board of Directors but was also granted so much stock he became the largest single shareholder in the organization.
The problem was this supplier, Board of Director and shareholder, had lied to the company about his ability to deliver as he had no assets. A deep dive due diligence investigation was certainly in order for any of the roles he held during his relationship with the company. It would have revealed that he actually had no assets to provide to Vantage Drilling. Further, it would have also indicated a propensity to skirt ethical niceties such as not paying bribes in violation of the FCPA. The company paid a very high price for its due diligence failures.
Episode 2 (audio) can also be found here. Next, we will consider what is and what is not working in due diligence investigations today.