This article was republished with permission from Tom Fox’s FCPA Compliance and Ethics Blog.
We continue our celebration of all things Star Wars, at least as they pertain to the original trilogy, as today we honor Episode V – The Empire Strikes Back, which is my personal favorite of the original three movies. The film begins with a cool battle on the ice planet of Hoth; has some great HR lessons as Darth Vader executes officers for workplace errors; demonstrates some dangers involving ineffective training for Luke Skywalker on the tropical plant of Dagobah, where he travels to learn under the Jedi master Yoda, who utters the immortal line “Try not! Do, or do not. There is no try;” and ends in Cloud City, a floating gas mining colony in the skies of the planet Bespin run by Han Solo’s old buddy, Lando Calrissian. It also has one of the greatest movie lines of all-time, thundered by Darth Vader to Luke Skywalker, “I AM YOUR FATHER,” toward the end of the film.
Solo and Calrissian go way back, and Solo trusts him. Of course, Solo won his starship, the Millennium Falcon, from him, but they are still good friends. This friendship is sorely tested when Vader and his Imperial Troops arrive to entice Luke to come to save his friends and battle Vader, which is where the reveal of fatherhood occurs.
I thought about these last two points in the context of knowing who you are doing business with under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof.
One of the areas I still receive questions about are the different levels of due diligence. Based upon the information provided by the Department of Justice (DOJ) over the years, from deferred prosecution agreements (DPAs) to opinion releases and enforcement actions, I break due diligence down into three stages: Level I, Level II and Level III. Candice Tal, Founder and Chief Executive Officer (CEO) of Infortal Worldwide, in an article entitled “Deep Level Due Diligence: What You Need to Know,” laid out some of these concepts.
First-level due diligence typically consists of checking individual names and company names through several hundred global watch lists comprised of anti money laundering (AML), anti-bribery, sanctions lists and other financial corruption and criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures, demonstrating a broad intent to actively comply with international regulatory requirements.
Level II due diligence encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries, plus detailed Internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties. I believe that Level II should also include an in-country database search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records, use of in-country sources to provide assessments of the third party, a check for international derogatory electronic and physical media searches and English and foreign-language repositories searches in its country of domicile; if you are in a specific industry using technical specialists, you should also obtain information from sector-specific sources.
This level is the deep dive. It will require an in-country “boots-on-the-ground” investigation and is designed to supply your company “with a comprehensive analysis of all available public records data, supplemented with detailed field intelligence to identify known and — more importantly — unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.” Further, the “direction of the work and analyzing the resulting data is often critical to a successful outcome … and key to understanding the results both from a technical perspective and understanding what the results mean in plain English. Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”
But more than simply an investigation of the company, critically including a site visit and coupled with on-site interviews, Tal says that some other things you investigate should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business and public perceptions of impropriety should they be disclosed publicly.”
Further, you may need to engage a foreign law firm to investigate the third party in its home country to determine the third party’s compliance with its home country’s laws, licensing requirements and regulations. Lastly, and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance, as one of the most important inquiries is not legal, but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or if they objected to the scope, coverage or purpose of the FCPA, you can use a Level III to determine if the third party is willing to stand up under the FCPA and if you are willing to partner with them.
The Risk Advisory Group created a handy chart of its Level I, II and III approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence.
May the force be with you. If Han Solo had done a deep dive into his friend Lando Calrrisian, he might have well determined that the Empire had arrived at the Cloud City before he and his team did. Then again, we might not have heard that seminal line, “I AM YOUR FATHER.”
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business advice, legal advice or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The author gives his permission to link, post, distribute or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at [email protected]