As the drumbeat continues with observers predicting robust FCPA enforcement against private equity firms and on the eve of ACI’s 2nd Summit on FCPA, AML & OFAC Risks for Private Equity and Hedge Funds, it is a fitting time to overview some specific compliance strategies that private equity firms are employing to manage FCPA risks.
This post offers 10 tips for oversight of the compliance programs of their portfolio companies.
- Risk mapping the portfolio. FCPA enforcement officials understand that compliance resources are not unlimited. They expect compliance strategies to be meaningful but also risk-based, as discussed here. To approach portfolios in a risk-based way, private equity firms can formally map the bribery risks that each company presents. They do this by considering such factors as geography, interactions with government officials, use of third parties, the extent of business partnerships, and current compliance practices. Based on the resulting map, firms can take risk-based approaches to oversight, prioritizing the highest risk companies first and then going down the list from there.
- Leveraging the benefits of risk assessments. FCPA enforcement officials expect companies to base the design of their compliance programs on formal corruption risk assessments. These assessments not only provide an opportunity to understand the FCPA risks associated with a portfolio company, they also facilitate the identification of practices that are not in the best interests of the investment (e.g., opportunities for fraud, misuse of funds, over reliance on third parties, etc.). Moreover, risk assessments can be educational and create an opportunity to introduce company leaders and staff to the FCPA and best practices.
- Conditioning bonuses on compliance. FCPA enforcement officials say that one of the most effective ways of encouraging compliance is through incentives. For private equity firms, during the acquisition phase when they are drafting investor agreements, they can condition executive bonuses at the portfolio level on the existence of no FCPA issues and/or the speedy adoption of compliance program enhancements.
- Negotiating preferred rates for compliance services. To implement effective compliance programs, portfolio companies will inevitably need to rely on compliance-related services from outside providers. These needs might include on-line training, third party due diligence reports, hotline solutions, or other services. Purchasing these services can be a challenge, especially since portfolio companies are usually under pressure to cut costs. To address this issue, private equity firms can use the volume of their overall demand to negotiate preferred rates with providers through master services agreements. Once a discounted rate is established, the providers can contract directly with each portfolio company for the service.
- Using approval authority to verify compliance. Private equity firms often reserve the right to review and either approve or reject more important and higher valued activities of the portfolio company. This oversight might extend to acquisitions of other companies, use of suppliers over a certain cost threshold, or the launching a new business line. The private equity firm can use these opportunities to review FCPA risk implications as well as commercial ones, and ensure that the portfolio company has adequately addressed compliance needs related to such issues.
- Requiring CCOs to attend compliance courses. Private equity firms will want to ensure that each portfolio company has an individual chief compliance officer (CCO) in place who is responsible for program design and implementation. To improve the quality of compliance, firms can also require each CCO within the portfolio to attend a certain number of hours of training each year. This enables CCOs to stay abreast of FCPA developments by attending compliance conferences, webinars, or other classes on a periodic basis. The strategy helps prepare compliance personnel to do their jobs better and serves to keep compliance alive and on people’s minds at the portfolio level. It gives CCOs an opportunity to stay on top of best practices and build relationships with compliance communities.
- Conducting portfolio-wide webinars. It is highly likely that most companies within a portfolio will face at least some common types of FCPA risks, especially for private equity firms that specialize in specific industries and sectors. To provide enhanced training in these risk areas, private equity firms can organize webinars that CCOs, general counsel, and other executives and managers of portfolio companies can attend.
- Training private equity firm dealmakers. It is not enough for a private equity firm to focus solely on the portfolio itself. The firm must also prepare its own deal people, the ones who sit on portfolio company boards, analyze business trends, and have regular contact with portfolio company managers, to spot FCPA red flags and evaluate compliance efforts. These individuals are the ones best positioned to ensure that corruption risks are adequately addressed.
- Collaborating with other investors. Often times, the private equity firm is only one of various institutional investors in a portfolio company. The odds are that other investors will have their own compliance expectations as well. This creates the opportunity for investors to work together, leveraging combined knowledge and resources, to help the portfolio company assess risks, develop policies, and implement a program. A collaborative approach also helps ensure that each investor’s requirements are met. It reduces the need to reinvent the wheel.
- Tracking key compliance elements. It is helpful for the private equity firm to maintain an ongoing database tracking essential data for portfolio compliance in real time. Relevant data might include the names and contact information of current CCOs, the dates that each company last conducted training, and the last time companies reviewed and updated their written policy frameworks.
As DOJ/SEC scrutiny grows, it will be increasingly important for private equity firms to be ahead of the game with respect to portfolio compliance.
The opinions expressed in this post are those of the author in his or her individual capacity, and do not necessarily represent the views of anyone else, including the entities with which the author is affiliated, the author’s employers, other contributors, FCPAméricas, or its advertisers. The information in the FCPAméricas blog is intended for public discussion and educational purposes only. It is not intended to provide legal advice to its readers and does not create an attorney-client relationship. It does not seek to describe or convey the quality of legal services. FCPAméricas encourages readers to seek qualified legal counsel regarding anti-corruption laws or any other legal issue. FCPAméricas gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to FCPAméricas LLC.
