FCPA Due Diligence in Private Equity: Effective Risk Management
The growing size of criminal penalties imposed on U.S. companies, including under the U.S. Foreign Corrupt Practices Act, which rohibits bribery of foreign (non-U.S.) government officials and can also reach private commercial bribery, is attracting increasing attention. But could an FCPA enforcement action actually wipe out the value of your investment?
That is what happened to one unfortunate acquirer a few years ago after it signed a deal to purchase a company that had operations in emerging markets. After the eal closed, the acquiring company discovered that the target had paid bribes to officials in Honduras and Yemen in exchange for government concessions. After the problem was disclosed to U.S. regulators, the company paid a $2 million fine.1 But that was just the beginning. Once the bribes ended, business dried up. The acquiring company eventually wrote off most of the purchase price as a direct charge to operations due to the costs of investigations, fines, and loss of business. And the target? It filed for assignment for the benefit of creditors, a Florida state law process analogous to bankruptcy.
Private Equity and FCPA Risk
This cautionary tale highlights twin risks that private equity firms and other acquirers face when purchasing or investing in a company with operations outside of the United States. First, a portfolio company may create FCPA liability for itself and, potentially, also for the parent private equity firm. In both public fora and private settings, regulators continue to articulate expansive theories of liability under which parent companies can be held liable for the acts of their affiliates. Second, corrupt business practices that are discovered postacquisition can impair the value of the investment, require investments of time and money to fix, and divert management resources from other priorities. A bribery problem can also discourage potential buyers down the road.
FCPA regulators are already focusing on banks, hedge funds, and private equity, and the FCPA risks that face the industry. In January 2011, it was reported that the SEC sent letters to around a dozen major financial firms inquiring about their relationship with government-affiliated sovereign wealth funds. The letters were early signs of a broad review of the financial services industry’s relationship with foreign governments under the FCPA that remains ongoing.
Due Diligence as Compliance Insurance
The most effective tool that private equity firms have to protect themselves from FCPA liability is anti-corruption due diligence. U.S. regulators have identified two forms of anti-corruption diligence as “hallmarks” of an effective compliance program: due diligence prior to an acquisition or other major investment, and due diligence when evaluating potential third-party agents, consultants, and other higher risk representatives.2
There are a number of reasons to perform anti-corruption diligence, not least of which is that these days regulators expect it. And they expect more than “paper” diligence – they expect a serious inquiry into the potential business partner. Although the FCPA’s anti-bribery provisions require knowledge of an improper payment for liability, awareness of a substantial likelihood of a bribery problem can be enough to trigger the statute. In other words, “willful blindness” – purposefully avoiding knowledge of bribery – which may require no more than ignoring red flags, is enough for “knowledge” under the FCPA. In one notable case, a federal appeals court upheld an FCPA conviction on the basis that the defendant investor avoided confirming suspicions expressed to his lawyer and another investor that a business partner might be paying bribes to government officials.3 As one of the SEC’s top regulators has explained, “[A] lot of times, what we find and where you’re going to see us bring cases is where the red flags were seen, and [the firm] did some . . . due diligence but they stopped before they . . . got the answer.”4 In the FCPA context, ignorance is not bliss.
By embedding anti- corruption diligence in the transaction process, and taking appropriate action based on the knowledge gained from the diligence, companies can reduce the risk of being held responsible for ignoring red flags. Conducting anti-corruption diligence can also present opportunities. If detected early, some compliance issues can be corrected before closing the deal. If not, the acquiring firm can account for the problem when valuing the deal, address the issue in transaction documents, prepare to fix the problems quickly, or–if the problem is too deeply rooted to correct–walk away. Diligence of agents and other third party representatives allows for similar avoidance of risky relationships.
Without adequate diligence, an investor can unknowingly assume significant civil or criminal liability, while overpaying for the company. Corruption problems at a portfolio company can also make it more difficult to sell the company down the road and, if serious enough, could impact valuations.
How to Do Effective Diligence
Effective diligence requires three R’s: (A) responding to risk; (B) recording your work, including in your contract; and (C)
renewing regularly the diligence that has been done.
Respond to Risk
Effective due diligence is risk-based. By focusing on the specific risks most relevant to a given transaction, a PE firm can minimize costs of diligence, while maximizing the value of the diligence in identifying real problems before the Government does. Starting with data such as Transparency International’s Corruption Perceptions Index to assess the risk of the given geography, the investor should review data on the target’s compliance framework, revenues, sales channels, joint ventures, recent acquisitions, and third party relationships. For third party diligence, companies should understand the third party’s qualifications, reputation, and associations with government officials, and the rationale for the third party’s role in the particular transaction.5
Regulators recognize that there is no one-size-fits-all approach, and that diligence should vary depending on “industry, country, size and nature of the transaction, and historical relationship with the third party” or portfolio company.6 Not surprisingly, “[t]he degree of scrutiny should increase as red flags surface.”7 Common FCPA red flags include:
• A government official who recommends a specificperson or company;
• A business partner that has unusually close ties to a
government decision maker;
• A representative that objects to the due diligence or a
standard anti-corruption contract provision;
• A representative that requests a substantial upfront
payment or contingency fee without a solid commercial
• A representative that asks that payments be made to
another person or company, to a third party bank
account, to an account in another country, or through
some other unusual financial arrangement.
Diligence tools can be adapted to the risks identified. For instance, for lower risk counterparties, review of documents and basic public records may be sufficient, or they could be supplemented by reference checks. As risks increase, a more in-depth process is prudent, including employee interviews and possibly targeted forensic transaction testing. Sophisticated companies leverage other investment related diligence, such as financial and legal diligence, in conducting anti-corruption diligence. It is essential to have well trained resources performing the diligence. For more complex diligence projects, hiring an experienced outside resource–a law firm, an accounting or forensic audit firm, an investigative firm, or some combination of these–can make the diligence more effective and efficient.
Record Your Work
Those performing diligence should document each step of their work. Using questionnaires for third parties and checklists confirming the legitimacy of the responses provided by the third party can help maintain consistent documentation. This documentation generally should be held for at least five years beyond the end of the transaction or engagement to account for the FCPA’s statute of limitations.
It is also important to embed compliance obligations in the contract with the counterparty. But a target’s or third party’s willingness to sign an anti-corruption representation in a contract is no substitute for due diligence. PE firms would be better off dropping boilerplate aspirational representations, and instead focusing on targeted representations that are informed by effective due diligence and that focus on specific risks.
Finally, the work of due diligence is not done as soon as the contract is signed. The Government expects ongoing monitoring that may include providing regular training, updating diligence, requiring an annual certification of compliance, and in appropriate circumstances, exercising audit rights on a targeted, risk-based basis.
As the Government sharpens its focus on anti-corruption enforcement in the private equity sector and the financial sector more broadly, firms operating in emerging markets, where bribery and corruption may be widespread, need to anticipate this risk and prepare themselves. Managing anticorruption risk requires smart and effective diligence.
About the Authors
Don Ridings is a Partner at Covington & Burling LLP
Philip Levitz is an Associate at Covington & Burling LLP
1 Press Release, Latin Node Inc., Pleads Guilty to Foreign Corrupt Practices Act Violation and Agrees to Pay $2 Million Criminal Fine, DEP’T OF JUSTICE (Apr. 7, 2009).
2 U.S. Dep’t of Justice and U.S. Sec. & Exch. Comm’n, A Resource Guide to the Foreign Corrupt Practices Act, Nov. 14, 2012, at 60-62 (“Resource Guide”).
3 See United States v. Kozeny, 667 F.3d 122 (2d Cir. 2011).
4 Jennifer Koons, FCPA Enforcers Warn Against Perfunctory Diligence and Elevating Sales Over Compliance, MAIN JUSTICE (Mar. 17, 2014).
5 Resource Guide 60.