This piece was originally shared on Ethisphere and is republished here with permission.
Rethinking FCPA Due Diligence
It looks as if 2016 will be a transformative year for ethics and integrity. The Unaoil and Panama Papers leaks, and their consequences, are still playing out. However, one conclusion is already unavoidable – FCPA due diligence as currently conducted is no longer fit for purpose. Given the dramatic evolution in the transparency environment, and a new era for stakeholder expectations, it is time for a radical rethink.
Companies now face a series of unenviable choices in their attempts to manage third-party risk. Cost considerations have driven the growth of a semi-automated due diligence process based on database public records. However, although this is an essential compliance process, it is frequently of little use in helping companies establish the integrity risk presented by a third party. The teams that conduct this work are necessarily poorly paid young graduates with a limited track record in evaluating complex risk. Press and blacklist searches can have little meaning in anything but the most low-risk environment, and public records can be patchy and unreliable everywhere – much has been written in recent weeks about the opacity of U.S. corporate records, and litigation filings are equally difficult to obtain in much of Europe. It is understandable that compliance officers have jumped at the chance to purchase tools that promise a cost-effective and comprehensive solution. But in measuring corruption risk, these tools have well-acknowledged limits.
The limits of the commoditized public record approach are well understood by sophisticated companies – so, when third-party risk is elevated, they ask for “deep dive” due diligence based on “human source” information. The growth of confidential source inquiries based on intelligence methodologies was initially a logical response to FCPA due diligence, given the limits of overt interviews and reference checks in detecting corruption, which is by its nature covert and hidden. Here, however, pricing pressure is just as severe, and “boots on the ground” information-gathering has suffered from a decline in quality and rigor as a result. In many developing countries, business communities are small, and market rumors about the access and integrity (or otherwise) of potential third parties are easy to come by.
But while this can be a good way to measure risk, it is too often used to recycle local gossip for easy money, and the lack of transparency in reporting findings means that clients are often unable to evaluate the information, which means they can’t use it.
This lack of rigor has become a concern, and company legal counsel have grown increasingly demanding about understanding the professional role of the confidential source and the provenance of the information, especially in sensitive transactions where the cost of the due diligence can run to several thousand dollars. But this can give rise to a paradox. In order to give clear direction, lawyers need information from sources who have firsthand knowledge of a corrupt transaction – either because they saw a bribe being paid or can describe the event with a reasonable degree of certainty and detail. But anyone that has this level of genuine access may themselves be highly politically exposed or implicated in the questionable practice, which may itself generate an FCPA violation.
Basic public record compliance checks will not disappear, but approaches to reputational and integrity risk need to model the same transparency expected of the subjects of the due diligence. The advantage for overstretched company budgets is that they can answer a far larger range of questions than current FCPA due diligence approaches and address risks in a more constructive and transparent way.
One element of a new approach to due diligence lies in the use of big data and social media analysis. Even in countries where corporate filings are unreliable and the media is restricted, there is often a thriving social media to provide revealing market insights. But the more important and constructive move would be to introduce engagement strategies that gather and measure stakeholder trust in a company, using transparent methodologies. Stakeholder trust can be measured using anonymous input from a large group of diverse individuals and can provide insight into the overall sustainability of company operations – that is, whether it has local respect, responds to market conditions and has broad and deep enough relationships throughout a community. Whether a company is known to conduct business ethically and is trusted is likely to be a better proxy measurement for corruption than whether a well-placed anonymous insider can come up with a problematic rumor.
Not only is stakeholder trust likely to be a useful way of gauging corruption risk, but it would also assist companies in assessing performance on a host of other social responsibility issues, such as modern slavery, environmental performance, social impact and labor rights. Abuses in these areas often correspond with corruption abuses, as corruption is an organizational characteristic that can signal a wider lack of response to market dynamics and a disregard for customers, shareholders and the wider public. By understanding wider reputation and market profile, company due diligence approaches would be better placed to address identified problems and build lasting relationships, as well as protecting their own integrity.
The Business for Social Responsibility (BSR) is a global nonprofit organization that works with its network of more than 250 member companies to build a just and sustainable world. From its offices in Asia, Europe and North America, BSR develops sustainable business strategies and solutions through consulting, research and cross-sector collaboration. Our mission is to work with business to create a just and sustainable world. We envision a world in which everyone can lead a prosperous and dignified life within the boundaries of the Earth’s natural resources. More on BSR here.