This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.
Bobby Keys died last week. What you probably did not know was that Keys was a Texan, so we get to claim him. He was the saxophonist for the Rolling Stones and a number of other serious rockers. As Bruce Weber wrote in his New York Times obituary, entitled “Bobby Keys, Hard-Living Saxophonist for Rolling Stones, Dies at 70,” Keys “was a rock ’n’ roller in every sense of the term. Born (almost literally) in the shadow of Buddy Holly, he was a lifelong devotee and practitioner of music with a driving pulse and a hard-living, semi-law-abiding participant in the late-night, sex-booze-and-drug-flavored world of musical celebrity.”
But Keys was far more than just another rock and roll party animal. He “recorded with a Who’s Who of rock including Chuck Berry, Eric Clapton, John Lennon, George Harrison, Carly Simon, Country Joe and the Fish, Harry Nilsson, Joe Cocker and Sheryl Crow. He toured with Delaney and Bonnie and was recording with them in 1969.” For me, his most famous work was with the Stones and his soaring sax solo in Brown Sugar. He worked on the albums Sticky Fingers, Exile on Main Street, Goats Head Soup and Emotional Rescue. He also joined the Stones for “almost a dozen tours over more than 30 years.” I was lucky enough to see Keys play with the Stones on their farewell tour last spring. Most interestingly, he felt an instant kinship with Keith Richards, about an un-Texan a person as one can imagine.
I thought about Keys — both his life and his relationship with Keith Richards — when I read a couple of recent articles in the Financial Times. The first one was by Luke Johnson and entitled “Trust can seem risky – but its absence is far more perilous.” Johnson said, “For commercial life to function at all, there has to be a general assumption of trust – that partners, staff, suppliers, customers and the authorities will do the right thing by each other. It is impossible to verify every transaction and check each task: delegation is essential for all operations of scale. Those who are suspicious of everyone have to limit their ambitions, because they assume deceit is endemic. Such a pessimistic approach is a sorry and unprofitable state of human affairs. As Samuel Johnson said: ‘It is … happier to be sometimes cheated than not to trust.’”
Trust is certainly important, but as President Reagan said, “Trust but verify.” In a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act anti-corruption compliance program, this means that you need to obtain a full battery of information about any third party with which you might be doing business. Obviously performing due diligence is a well recognized step for any third-party management protocol under the FCPA, but with certain data and privacy restrictions coming out of locations as diverse as China and the EU, it may be the situation that you cannot perform full due diligence on third parties you may wish to do business with or through.
I have previously written extensively about the need for the management of the third-party relationship after the contract is signed. However, there are other steps that you can use to help in this process. These include steps one and two, which are the business justification and the questionnaire. Viewed from another angle, they can provide further internal controls to your anti-corruption compliance program.
I believe it should be common sense that you have a business justification to hire or use a third party, but it is also an important financial control. If that third party is in the sales chain of your international business, it is important to understand why you need to have this particular third party represent your company. This concept is enshrined in the FCPA Guidance, which says, “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.” Conversely, if a business representative cannot articulate a reason why you should have a new or another third-party representative, your company probably does not need that third party.
The questionnaire fills several key roles in your overall management of third parties. Obviously it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as a lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. The information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform. But the final requirement of your questionnaire provides an important internal control. It is one of the most basic controls and is what internal control expert Henry Mixon calls the “stop and think” control. Your questionnaire should require a signature that all of the information included is true and correct. It is something else under the “pains and penalties for perjury,” but nonetheless it should give anyone signing it outside the United States pause before they put their name on the line.
In his article, Johnson ends with: “Confidence in the other party is the magic ingredient that empowers an entrepreneurial business to succeed. An absence of trust leads to paralysis. Straight dealing, accountability and transparency are much more about truth and candor than box-ticking and an obsession with regulations. Any partner can betray you and stay within the law if they are assiduous and devious enough. Integrity in your working relationships consists of a broader understanding than the letter of the law. In the end, all that any entrepreneur can do is obey their gut instinct and, perhaps, follow the example of Charlie Munger, Vice Chairman of Berkshire Hathaway and Warren Buffett’s partner, who said, ‘By the standards of the rest of the world, we overtrust. So far it has worked very well for us.’”
Even if you cannot perform the level of due diligence that you might otherwise like to do because of country or regional regulations, you can still talk to your prospective third-party business partner. This can go quite a long way in helping you determine whether you can trust them. You can visit them in their office to get a better feel for the size of their operations. In addition to talking with the principals of the third party, you can visit with the employees who will work on your account, if it they are different from the principals.
Just as Bobby Keys and the Rolling Stones had an ultimate level of trust that lasted well over 40 years, you can learn to develop one with your third parties. And just as such trust is absolutely key in making great music, it is also required to make any successful business relationship.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.