Tag: DD

Categories
Compliance Into the Weeds

Stericycle FCPA Enforcement Action


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take a deep dive into the recently released Stericycle FCPA enforcement action. Highlights include:

  • What is a business strategy based upon corruption?
  • Over-expansion and under due diligence in M&A.
  • Document Document Document
  • The Monaco Doctrine at work.
  • Lessons learned going forward.

Resources
DPA
SEC Order
Matt in Radical Compliance
Tom in FCPA Compliance and Ethics Blog

Categories
FCPA Compliance Report

John Katsos – Due Diligence in Conflict Zones


In this episode of the FCPA Compliance Report, I visit with John Katsos, Assistant Professor and Scholar at American University of Sharjah. John has researched and performed due diligence in conflict zones in the Middle East and Africa. He was part of a research team that published a series in the Big Idea section of the Harvard Business Review entitled Preparing for the Era of Uncertainty, which is a must read for every compliance professional. He brings a unique perspective to a variety of compliance topics. Highlights of this podcast include:

  1. Academic and professional background.
  2. Why due diligence in conflict zones so difficult?
  3. What are some of the important differences in performing DD in conflict zones?
  4. What are some keys to successfully performing DD in conflict zones?
  5. Key lessons you observed on DD in Cyprus?
  6. Where did you come up with the idea for this series of articles, Preparing for the Era of Uncertainty?
  7. A discussion of each article in the series.?
  8. What is it like teaching anti-corruption and other forms of compliance outside the US?
  9. How do you see your work tying into a broader ESG discussion?
  10. How does climate change and migration across borders influence your thinking?

Resources
Preparing for the Era of Uncertainty-Harvard Business Review
John Katsos website, including some great research and papers
John Katsos LinkedIn profile

Categories
Compliance Into the Weeds

FinCen DD Pronouncements-Did they Hurt More than Help?


Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode Matt and Tom go into the weeds to look at two recent pronouncements by FinCen on customer and PEP due diligence. We ask the question: Is the Guidance so vague as to actually hurt the efforts of a compliance practitioner.
Resources
See Matt’s blog posts on Radical Compliance
Regulators Talk PEPs and Due Diligence
FinCen Gives Guidance, Says Little

Categories
The Affiliated Monitors Expert Podcast

Eric Feldman on the Why’s, What’s and How’s of a M&A Compliance Assessment


In this episode I visit with Eric Feldman on the why’s, what’s and how’s of an independent assessment of a target. Feldman began with the observation that most of the issues in the M&A context come from the target or acquired company and most usually from the acquiring entity simply not paying enough attention during the pre-acquisition phase and making a discovery post-closing. This one of the reasons the Department of Justice (DOJ) has put such important stock in the pre-acquisition phase where a company needs to perform compliance due diligence and a risk assessment which will inform the entire process.
Near and dear to my mantra of Document, Document, and Document, was Feldman’s thoughts on keeping a thorough record of your entire process. Not only should the target (or at least you would hope) have a documented process of all of the above issues, but you should be sure to document your entire pre-acquisition process as well. This could be important if you discover any nefarious conduct in the pre-acquisition phase which you should report to the DOJ or if such discovery occurs after closing. If it happens after closing you will need to be able to document the reasonable steps you took in pre-closing and how you will remediate the issue(s) going forward.
Finally, your pre-acquisition investigation and due diligence will inform your post-acquisition steps. Hallmark 10 of the Ten Hallmarks of an Effective Compliance Program mandates that companies will develop and implement policies and procedures for mergers and acquisitions requiring the company to conduct appropriate risk based due diligence on potential new business entities including Foreign Corrupt Practices Act (FCPA) and anti-corruption due diligence. Obviously, this should be a documented process. By having an independent third party do this, with a documented process, it can lower the risk if there is a problem. As problems are identified, the acquiring entity can decide whether to go forward with the M&A. If there is a very specific identification of misconduct, the company can make a disclosure to the DOJ. By using this process, there is a road map created for remediating the issue as a part of your post-acquisition steps after closing.

Categories
31 Days to More Effective Compliance Programs

Levels of due diligence


Due diligence is generally recognized in three levels, each of which is appropriate for a different level of corruption risk. The key is for you to develop a mechanism to determine the appropriate level of due diligence and then implement that going forward.
There are many different approaches to the specifics of due diligence. By laying out some of the approaches, you can craft the relevant portions into your program. The Level I, II and III trichotomy appears to have the greatest favor and one that you should be able to implement in a straightforward manner. But the key is that you must assess your company’s risk and then manage that risk. If you need to perform additional due diligence to answer questions or clear red flags you should do so. And do not forget to “Document, Document, and Document” all your due diligence.
Three key takeaways:

  1. A Level I due diligence should only be used where there is a low risk of corruption.
  2. A Level II due diligence is sufficient in a high-risk jurisdiction if there are no red flags to clear.
  3. Level III due diligence is deep dive, boots on the ground investigation.
Categories
31 Days to More Effective Compliance Programs

Due diligence


Most companies fully understand the need to comply with the requirements around third-parties as they represent the greatest risks for bribery and corruption. However, most companies are not created out of new cloth but are ongoing enterprises with a fully up and running business in place. This means they may need to bring resources to bear to do so while continuing operating an ongoing business. This can be particularly true in the area of performing due diligence on third-parties. Many companies understand the need for a robust due diligence program to investigate third-parties but have struggled with how to create an inventory to define the basis of third-party risk and, thereby, perform the requisite due diligence required.
Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner. The information that you gathered in Steps 1-Business Justification and 2-Questionnaire of the third-party management process should provide you with the initial information to consider the level of due diligence needed. This leads to Step 3 of the third-party management process: due diligence. The 2020 Resource Guide stated, “as part of risk-based due diligence, companies should understand the qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.”
Three key takeaways:

  1. Risk rank your third-parties and use this as a basis to begin with an adequate level of due diligence.
  2. Any red flags which appear must be cleared and there must be documented evidence of such clearance.
  3. There must be documented evidence of review of the due diligence.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties-Evaluation of Due Diligence With Candice Tal

An important part of the job duties of any compliance practitioner is clearing red flags which might appear for a proposed third-party relationship during the due diligence process. It is mandatory that not only must all red flags be cleared but there also be evidence of the decision-making process to show to a regulator if one comes knocking. Around third-parties, consider what risks you face in both your sales and supply chain. If there is a key player several tiers down the line who creates or builds a key component or delivers a critical service, you may want to put more management around that relationship from the compliance perspective.

For anything below a tier 2; you may be able to manage your risks through having your direct tier one counter-party take the lead in managing such compliance risks. But make sure that the expectation is communicated to your direct counter-party so that if the government comes knocking you can show that not only did you contractually obligate your direct counter-party to do so but that you provided them the tools and training to do so. Finally, you will need to be able to show that your direct counter-party did so.

Three key takeaways:

  1. There is no set formula for clearing of red flags or the evaluation of due diligence.
  2. Know when to say enough has been done.
  3. You must “Document, Document, and Document” your evaluation of any red flags.
Categories
FCPA Compliance Report

Tony Charles on Managing a 3rd Party Process

In this Episode, I visit with Tony Charles, Chief Client Officer at Steele Compliance Solutions, Inc. In this podcast we discuss the firm’s recent article 3rd Party Due Diligence: Creating a Credible and Defensible Program. We use it as an entrée into the topic of 3rd party due diligence.

Some of the highlights include:
·      What was the genesis behind the article 3rd Party Due Diligence: Creating a Credible and Defensible Program?
·      Where should a company begin due diligence?
·      What are the levels of due diligence?
·      What is investigative tiering?
·      What is an investigative framework?
·      What are the critical components of automated due diligence program?
For a copy of the article 3rd Party Due Diligence: Creating a Credible and Defensible Program, click here.