M&A and FCPA due diligence – the stakes are high
February 2017 | SPECIAL REPORT: CORPORATE FRAUD & CORRUPTION
Financier Worldwide Magazine
The stakes are high when orchestrating an acquisition or retaining third parties to represent your business, especially outside the US. The lack of proper due diligence can cost an organisation money and reputation. For example, in 2016, 27 companies paid about $2.5bn to resolve Foreign Corrupt Practices Act (FCPA) cases where employees and third-party agents paid bribes. In this article, we review why due diligence is so important to organisations. Firstly, due diligence processes should be based on complying with the FCPA, the UK Bribery Act (UKBA), and laws regarding bribery and corruption. Under these laws, due diligence is not an option, it is a requirement, and all countries have enacted similar laws. Any person or entity that acts on your organisation’s behalf must be ‘diligenced’, including vendors, sales agents, brokers, customs agents, logistic companies, consultants, attorneys and tax advisers.
How to define the risks?
The common factors that drive most third-party due diligence projects include: analysis of the proposed role of the vendor party that will provide goods or services; conflicts of interest; contact with government entities and individuals; risk of corruption and bribery; and the materiality of the relationship to the client’s financial interests. Mergers and acquisitions due diligence projects are driven by the nature of the relationship being considered, the monetary amounts at issue and the risks to the organisation.
The level of due diligence should be elevated if any party has contact with government, or is active in a country with a high risk of corruption and bribery (think China, Russia and India as examples), and industries known to have a history of corruption or FCPA violations like construction and engineering. Other reasons to elevate due diligence are if the principals or shareholders are registered or incorporated in offshore tax havens like the British Virgin Islands. These havens are often solely used to conceal the identity of company shareholders that could include a government official or a person on a sanctions or watch list, as well as conceal the true recipient of illicit funds. This is a problem in certain states in the US as well, such as Delaware, New Mexico, Wyoming and Nevada.
Where should you start?
The first step is to develop and issue a pre-due diligence intelligence questionnaire. The questionnaire should require vendors and acquisition targets to provide: detailed contact and incorporation and registration details; full names of the entity and related entities; identities and biographical background of shareholders, key managers and directors; the target’s code of conduct; history of compliance violations; person responsible for compliance; bank and other commercial references; and identification of employees with current or former government ties. If the party is considered a low risk, then low level due diligence can be performed. Additional risk and due diligence levels can be added when needed. This approach will maximise risk analysis, minimise costs and help protect your organisation under compliance laws.
One approach does not fit all when conducting due diligence. The process should address your organisational risks and must take into consideration the jurisdiction where the target conducts business.
What due diligence should be done at each level?
Low level or Level I diligence is performed when considering the use of a vendor or partner to perform relatively simple tasks, and where there is no substantial compliance or related risk. Level II and Level III diligence projects should be considered for higher risk activities, including mergers and acquisitions and joint ventures. Level II and III may require analysis, interviews, site visits, and verification of qualifications and credentials. Level I may include research of databases and government records repositories.
Why all of this diligence?
In our experience, failure to perform diligence is akin to buying a house but getting no insurance with the hope that nothing bad happens like a fire. Many companies have lost tens and hundreds of millions of dollars that could have been saved if due diligence had been performed. People and businesses are often not who or what they claim to be. It is quite simply easy to commit fraud. Remember Mr Madoff? Enron? And these are just two that come to mind among the thousands and thousands.
Relying solely on data gleaned from global database services can result in missing significant adverse information. Available information can be limited, especially in less transparent markets, such as Africa, China, India, Russia and others. Making site visits and conducting industry source interviews are often essential in jurisdictions which are known to have significant corruption risk. Site visits may uncover that a reported major goods supplier is actually a trading company operating out of an apartment, or the business address is a vacant lot, or even a front for an agent involved in corrupt or fraudulent activities.
Identification and interviews of knowledgeable sources can be vital to assess whether the target is reputable and suitable. In many instances, sources are privy to non-public information such as unethical conduct. Be sceptical when you find that an entity is registered in Panama, BVI, Belize, Cayman Islands, Seychelles, and others, where the ownership data is hidden.
With high stakes – such as an expensive government investigation and fines, and possibly jail – you must be prepared to perform effective, risk-based due diligence on vendors and acquisition targets based upon, among other things, the FCPA and UKBA, and other global anti-bribery laws.
David P. Nolan is vice president of Klink & Co. He can be contacted on +1 (212) 292 5116 or by email: firstname.lastname@example.org.
© Financier Worldwide
David P. Nolan
Klink & Co.