Sunday, March 7, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Unknown Known: The Knowledge Standard for Bribes by Third Parties

by Wendy Wysong
May 19, 2014
in Compliance, Featured
The Unknown Known: The Knowledge Standard for Bribes by Third Parties

with contributing author Michelle Mizutani

Unfortunately for companies seeking a way to avoid liability in countries known for corruption, not knowing what a third party is doing on the company’s behalf can be more dangerous than knowing. A company can protect itself against what it actually knows: the “known knowns.” But a company must also seek to anticipate and protect against what it doesn’t know—the “known unknowns” and the “unknown unknowns,” by assessing risks, conducting due diligence and monitoring the third parties very carefully. However, what the company truly is going to get in trouble for is ignoring what it knows the third party is doing, i.e., pretending that the known is unknown.1

The question of how a company can “know” what is being done by individuals and entities on its behalf frequently arises in the context of bribery in Asia-Pacific. If a company does not actually know what a third party is doing, how can the company be held responsible for what the third party does? Or alternatively, can a company avoid responsibility by not knowing what is really going on?

Generally, these questions are asked in relation to a company’s subsidiaries operating in distant places, third-party agents handling the bureaucratic maze of government approvals, permits and licenses, or distributors and sales persons who promise to penetrate emerging markets.

Hiring a third party in order to insulate the company from knowledge about bribes being paid on its behalf is not a viable strategy for avoiding liability under the UK Bribery Act (UKBA), the U.S. Foreign Corrupt Practices Act (FCPA) or other countries’ anti-corruption laws. Here’s why.

The FCPA Knowledge Standard for Third-Party Conduct

The FCPA was drafted to ensure that companies could not use third-party agents in bribery schemes to avoid actual knowledge of a bribe.2  Accordingly, a company is deemed to know about a bribe if there is awareness of a “high probability of the existence of such a circumstance.” This means that liability is imposed on those who purposefully avoid actual knowledge.  As the U.S. Congress wrote in passing the FCPA,

“[T]he so-called ‘head-in-the-sand’ problem—variously described in the pertinent authorities as ‘conscious disregard,’ ‘willful blindness’ or ‘deliberate ignorance’—should be covered so that management officials could not take refuge from the Act’s prohibitions by their unwarranted obliviousness to any action (or inaction), language or other ‘signaling device’ that should reasonably alert them of the ‘high probability’ of an FCPA violation.”

A “signaling device” refers to a red flag associated with the third party, such as excessive commissions, a lack of relevant expertise or a close relationship with a foreign official. A company that is aware that the market it is entering is highly corrupt or requires frequent government interaction may increase the probability that bribery is likely to occur.

Moreover, recent civil and criminal enforcement cases suggest that U.S. enforcement agencies are holding companies strictly liable under the FCPA accounting provisions. These provisions require issuers to make and keep reasonably accurate books, records and accounts and to maintain adequate internal controls. Companies are penalized for knowingly falsifying or causing the falsification of books and records or for circumventing or failing to implement internal controls, but the requirement of knowledge seems to be disappearing.

The April 2014 settlement with California technology company Hewlett-Packard (HP) and three of its subsidiaries illustrates this trend. One of HP’s subsidiaries, for example, created a slush fund through a channel partner and intermediary company. It used the fund to pay for travel, cars and other luxury goods through a shell company linked to a government director responsible for awarding an automation contract to the subsidiary. The subsidiary kept two sets of books, secret spreadsheets describing the recipients of the corrupt funds and a sanitized version that hid the corrupt payments so that HP management never knew. Its other two subsidiaries falsified their books and records and circumvented internal controls: one, by paying inflated commissions (called “influencer fees”) via a “pass through company” to a consultant with ties to a state-owned petroleum company; and the other, by paying cash to a government official to win technology contracts through its public sector sales manager from off-the-books accounts. The SEC charged that the parent company’s books and records falsely reflected the payments as legitimate commissions and expenses. HP agreed to pay $34 million in disgorgement and prejudgment interest in addition to the criminal fines levied against the three subsidiaries for a total of $108 million, even though it had no knowledge of the schemes.

The UKBA Knowledge Standard for Associated Persons

Under the UKBA, the Section 7 provides that a commercial organization is guilty of the offense of failing to prevent bribery if an individual or company “associated with the company” (an “Associated Person”) offers, promises or gives a bribe intending to obtain or retain business or an advantage in the conduct of business for the organization. A person is associated with a commercial organization if that person “performs services” for it or on its behalf. Employees are presumed to be Associated Persons of their employer. Agents, intermediaries, consultants, subsidiaries, affiliates and joint venture partners (among others) may all amount to Associated Persons of an organization.

The corporate offense does not require any showing of knowledge, misconduct by or intent on the part of the commercial organization (i.e., a “strict liability” offense). There is only one possible defense to the corporate offense – that the organization had “adequate procedures” in place designed to prevent bribery.

The Knowledge Standard under Other Asia-Pacific Laws

Knowledge of a third party’s conduct is necessary for liability under the anti-bribery laws of other jurisdictions. For example, a company is automatically liable for acts of bribery of its employees under Japan’s Unfair Competition Prevention Act (the UCPA deals with the bribery of public officials belonging to non-Japanese governmental/official bodies).  However, for an employee to be liable for the bribery of an intermediary (which will, in turn, result in liability for the company under the UCPA), the employee must have had knowledge of the intermediary’s acts. However, such knowledge can be recognized impliedly on the basis of the circumstances. In Indonesia, a company can be held liable for payments made by intermediaries if the company knew or should have reasonably known that the intermediary was making an illegal payment in connection with the provision of goods or services to or from the company. India is considering an amendment to its Prevention of Corruption Act to explicitly deal with liability for intermediaries’ conduct.

Recommendations

Hiring intermediaries in order to avoid actually knowing about a bribery scheme is not viewed as an effective risk mitigation strategy by enforcement authorities, particularly where the risk is well-known. Rather, searching out and recognizing the risks allows a company to put in place methods to demonstrate that it has attempted to assess and address those risks directly. Due diligence, training, certifications and monitoring are far better strategies than denial and conscious avoidance.


1 Paraphrasing Donald Rumsfeld, U.S. Secretary of Defense, 2002 U.S. Department of Defense News Briefing: Reports that say that something hasn’t happened are always interesting to me, because as we know, there are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.
http://www.defense.gov/transcripts/transcript.aspx?transcriptid=2636

2 A Resource Guide to the U.S. Foreign Corrupt Practices Act, page 22, available at
http://www.justice.gov/criminal/fraud/fcpa/guide.pdf


Previous Post

Positioning the CRO to Succeed

Next Post

China’s Aggressive Enforcement of Domestic Corruption Laws

Wendy Wysong

Wendy L. Wysong is a partner at Steptoe & Johnson. She served previously as a litigation partner with Clifford Chance, offering clients advice and representation on compliance and enforcement under the Foreign Corrupt Practices Act, the Arms Export Control Act, International Traffic in Arms Regulations, Export Administration Regulations, and OFAC Economic Sanctions. She was appointed by the State Department as the ITAR Special Compliance Official for Xe Services (formerly Blackwater) in 2010. Wendy combines her experience as a former federal prosecutor with the United States Attorney for the District of Columbia for 16 years with her regulatory background as the former Deputy Assistant Secretary for Export Enforcement at the Bureau of Industry and Security, U.S. Department of Commerce. She managed its enforcement program and was involved in the development and implementation of foreign policy through export controls across the administration, including the Departments of Justice, State, Treasury and Homeland Security, as well as the intelligence community. Wendy received her law degree in 1984 from the University of Virginia School of Law, where she was a member of the University of Virginia Law Review.

Related Posts

green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
Thinking Outside the Tick Box

Thinking Outside the Tick Box: Compliance Training as a Competitive Advantage

March 3, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Next Post
Kaliva / Shutterstock.com

China’s Aggressive Enforcement of Domestic Corruption Laws

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights