International Business Partner Due Dilligence - Deloitte Forensic Center

777 views
701 views

Published on

While the need for conducting due diligence on international business partners is clear, there is no regulatory guidance specifying a minimum level to be conducted. This ambiguity can make it tempting for companies to take a cursory swipe at due diligence; review one database, check the “all-clear” box, and enter into a business agreement.
As evidenced by SEC and DOJ judgments, in which U.S. companies have been fined for not performing sufficient due diligence, a cursory approach will no longer suffice. Increasingly, companies will be expected to conduct a deeper, more systematic investigation of potential international business agents and partners. While this due diligence effort may lengthen the start-up time for a new business partner relationship, these recent judgments demonstrate that failing to do so can have considerable negative financial and operational repercussions for companies seeking to conduct business internationally.
This article, International business partner due diligence: How much is enough?, from the Deloitte Forensic Center, reviews regulatory guidance on the sufficiency of background research, explores options for information-gathering, and examines factors to consider in the due diligence process.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
777
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

International Business Partner Due Dilligence - Deloitte Forensic Center

  1. 1. International business partner due diligence How much is enough?Deloitte Forensic Center
  2. 2. Introduction Conducting due diligence on international business partners is now considered a leading practice for companies operating in international jurisdictions. The U.S. Foreign Corrupt Practices Act (FCPA), U.K. Bribery Act and multinational agreements all oblige companies to “know” their foreign counterparts. While the need is clear, there is no regulatory guidance specifying a minimum level of due diligence to be conducted. This ambiguity can make it tempting for companies to take a cursory swipe at due diligence; review one database, check the “all-clear” box, and enter into a business agreement. As evidenced by Securities and Exchange Commission (SEC) and Department of Justice (DOJ) judgments, in which U.S. companies have been fined for not performing sufficient due diligence, a cursory approach will no longer suffice. Increasingly, companies will be expected to conduct a deeper, more systematic investigation of potential international business agents and partners that involves collecting information from the business partner, verifying the data and following up on identified “red flags.” This article reviews regulatory guidance on the sufficiency of background research, explores options for information-gathering, and examines factors to consider in the due diligence process.As used in this document Deloitte means Deloitte Financial Advisory Services LLP, a subsidiary of Deloitte LLP. Please seewww.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain servicesmay not be available to attest clients under the rules and regulations of public accounting. 1
  3. 3. Common due diligence pitfalls Actions filed by the SEC and DOJ reveal some common due Failing to adequately verify information diligence pitfalls that should be considered when designing an provided by business partners effective compliance program: Verifying information disclosed on questionnaires completed by business partners is a critical step; numerous SEC and DOJ Failing to conduct timely and sufficient due enforcement actions have criticized companies for failing to do diligence so. In one case resulting from an enforcement action,3 Many companies fail to collect sufficient information on their company officials prepared an internal approval document for overseas business partner, often relying on their own a proposed agent in the United Kingdom which “contained employees to complete internal documents without requiring false statements as to, among other things, the UK Agents the business partner to answer specific questions. Companies place of business (falsely stated to be Monaco) and number of should create a thorough due diligence questionnaire that employees (falsely stated to be four).” The document was obliges a business partner to attest to understanding anti- signed for approval by senior company officials, yet “none of corruption regulations and controls. the senior [Company A] or [Company B] officials who signed the document undertook any independent review or asked SEC and DOJ enforcement actions have cited situations where any questions concerning the UK Agent.” companies engaged business partners and conducted due diligence after the fact. In one case,1 the DOJ faulted a In a previously cited case,4 the DOJ stated that a company company for hiring a Taiwanese consultant and only obtaining official would typically request a Dun & Bradstreet profile after a profile, which indicated the consultant had no relevant receiving internal documentation on a potential business experience, two years after the fact. In another case, court partner and noted that the company official “made no effort, papers state that the company “did not conduct any formal or virtually no effort, to verify the information provided by the due diligence regarding the … Agents background, consultant in the Consultant Profile, apart from using Dun & qualifications, other employment, or relationships with foreign Bradstreet reports to confirm the consultants existence and government officials before or after engaging him.”2 physical address.” In a previously cited case5, the SEC noted that the company’s attorneys knew that shareholders of a Gibraltar shell company that had received payments were held by two other offshore entities, yet the attorneys “never learned the identity of the beneficial owner[s] of the shares.”1 U.S. V. Alcatel-Lucent Trade Int’l, A.G.2 U.S. V Titan Corp.3 SEC V. Halliburton Company and KBR, Inc.4 U.S. V. Alcatel-Lucent Trade Int’l, A.G.5 SEC V. Halliburton Company and KBR, Inc. 2
  4. 4. Failing to act on identified red flags What do you need to know about your business The DOJ has also opined on the need for companies to act on partners? risk factors identified during the due diligence process. In a case cited above6, the DOJ faulted a company for failing to Effective international business partner due diligence requires follow up on what were considered obvious red flags that a company gather meaningful information, assess identified when hiring a consultant in Honduras for work in potential risk across the enterprise, and tailor risk mitigation the telecommunications industry. As stated in the case, the actions accordingly. Among key questions a company should consultant’s company profile, signed by the consultant and the ask regarding international business partners: U.S. company’s area president, listed the consultant’s main business as the distribution of "fine fragrances and cosmetics • Is this a "real" business partner with a business profile and in the Honduran market" and the Dun & Bradstreet report on is it experienced in the relevant industry? the consultant stated that the company was "engaged in • Is the business partner owned by company employees, or cosmetic sales, house-to-house.“ The same case further states do other potential conflicts of interest exist? that “there was no requirement for the provision of • Does the business partner, or its principals, have a track information regarding conflicts of interest or relationships with record of bankruptcy or solvency issues that might threaten government officials” and that “even where the Dun & the supply chain? Bradstreet report disclosed problems, inconsistencies, or red • Does the business partner, or its principals, have a history flags, typically nothing was done.” of serial litigation, criminal problems, counterfeiting, child labor, or product safety issues? • Is the business partner associated with organized crime, terrorist groups, money laundering, bribery, or corruption? • Is the business partner located in a country restricted by U.S. law from receiving payment, or does the vendor appear on sanction and embargo lists such as that of the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)?6 U.S. V. Alcatel-Lucent Trade Int’l, A.G. 3
  5. 5. Approaching due diligence There is no law or regulation specifying the process for or the • References for individuals knowledgeable about the sufficiency of international due diligence. However the business partner who can provide verification of business examples of enforcement actions discussed above do provide relationships and experience some guidance for what is expected of companies operating • Signature of a responsible party who attests to the veracity overseas. Generally, companies should consider taking three of the information and agrees to abide by all applicable steps in their investigation of a potential international business laws and policies of the company in carrying out its partner: activities. 1. Require the business partner to disclose information on a Background research methodology questionnaire. Once the above information is collected, the company should 2. Use a risk-based approach to verify the information conduct an assessment to determine the level of risk presented provided and independently identify adverse information. by each business partner. A number of factors should be 3. Take action on any identified “red flags” uncovered in the considered, including the type of relationship, corruption risk process. associated with the jurisdiction, interaction with government officials, compliance regime, and known adverse information Information disclosure about the business partner. These factors may also vary Companies should design an effective and thorough depending on the industry in which the business partner is questionnaire that asks reasonable questions and puts the operating. business partner “on the record” regarding certain key issues. Such a questionnaire should be designed in conjunction with Business partners typically are divided into three categories: legal counsel and may contain, at a minimum, the following high-, medium-, and low-risk. High-risk business partners elements: include those located in a country with a considerable risk of • Company background, including identifying and corruption, those having significant interaction with registration information government officials, or those for which red flags have been • Ownership and management, including beneficial owners identified in the due diligence process. Medium-risk business and others able to exercise influence over the entity and partners are those that may have a lesser degree of contact any relationships with government officials, as well as with government officials, such as lawyers or accountants, yet identifying information on these individuals are located in a high-risk jurisdiction. Low-risk business • Disclosure of any civil, criminal, and regulatory matters, to partners might include vendors of goods and services that are identify a history of issues that may present risk factors not acting in an official capacity for the company. • Anti-corruption knowledge and compliance, including questions about knowledge of laws and the company’s compliance regime and training efforts 4
  6. 6. The methodology for business partner background research Likewise, where public record research conflicts with thatwill depend on the subject’s risk ranking. Figure 1 shows provided in questionnaire responses about the status of aexamples of the factors involved in the risk-ranking process corporation, you may need to make further inquiries with theand three representative levels of background checks company or hire an outside investigator to conduct thoroughcommensurate with those risk levels. public record research and source inquiries. In all cases, however, the company should resolve issues and takeCompanies should strongly consider hiring an outside firm to appropriate steps to assure that they are conducting businessconduct background research to benefit from access to with reputable individuals and organizations and documentsources otherwise not available and to demonstrate these efforts.independence in the vetting process. When vetting arepresentative who has a high degree of contact withgovernment officials, or one located in a high-risk jurisdiction,single-database resources will likely prove to be insufficient. Data Source ConsiderationsSimilarly, public record resources in many countries may prove • PEP/Sanction listto be sparse and unreliable; instead, local resources may be Level 1 • Adverse media • Number of vendorsrequired for record retrieval and for human source inquiriesregarding the reputation and background of the subject. • Vendor activity • Includes Level 1 researchProfessional investigators may help lower the risk of • Identify website/media profile • Vendor contact withoverlooking important information and provide credibility that • Locate D&B government officialsthe approval process was conducted independently of • Corporate registry check Level 2 • Identify shareholders and directors • Known or priorcommercial interests. allegations • Credit report • Bankruptcy-civil litigation • Jurisdictional risk (CPIFollowing up on red flags • Criminal records (to the extent score)Finally, where the process does identify red flags, the company available) • Industry riskshould perform additional diligence. As referenced above,when companies have been put on alert by adverse or • Country-specific • Discreet source inquiries Level 3 common schemesconflicting information, regulators expect resolution. • Includes Level 1 and 2 researchIn many cases, resolving red flag issues may be as simple as an Figure 1inquiry with the business partner for clarification. For example,  if a company self-discloses involvement in litigation, the [PEP: Politically Exposed Person]company may want to inquire about the nature of the cases. [CPI: the Corruption Perception Index compiled by Transparency International] 5
  7. 7. Closing thoughts While the due diligence effort may lengthen the start-up time Deloitte Forensic Center for a new business partner relationship, recent SEC and DOJ The Deloitte Forensic Center is a think tank aimed at exploring judgments have demonstrated that failing to do so can have new approaches for mitigating the costs, risks and effects of considerable negative financial and operational repercussions fraud, corruption, and other issues facing the global business for companies seeking to conduct business internationally. It is community. far better to proceed slowly, carefully, and thoroughly with any new business relationship. The Center aims to advance the state of thinking in areas such as fraud and corruption by exploring issues from the perspective of forensic accountants, corporate leaders, and other professionals involved in forensic matters. The Deloitte Forensic Center is sponsored by Deloitte Financial Advisory Services LLP. For more information, scan the code below or visit www.deloitte.com/forensiccenter. 6
  8. 8. Deloitte Forensic Center The following material is available on the Deloitte Forensic • E-discovery: Mitigating Risk Through Better Communication Center Web site www.deloitte.com/forensiccenter or • White-Collar Crime: Preparing for Enhanced Enforcement from dfc@deloitte.com. • The Cost of Fraud: Strategies for Managing a Growing Expense • Compliance and Integrity Risk: Getting M&A Pricing Right Deloitte Forensic Center book: • Procurement Fraud and Corruption: Sourcing from Asia • Corporate Resiliency: Managing the Growing Risk of Fraud • Ten Things about Financial Statement Fraud - Third edition and Corruption • The Expanded False Claims Act: FERA Creates New Risks – Chapter 1 available for download • Avoiding Fraud: It’s Not Always Easy Being Green • Foreign Corrupt Practices Act (FCPA) Due Diligence in M&A ForThoughts newsletters: • The Fraud Enforcement and Recovery Act “FERA” • Internal Investigation Costs: Securing Elusive Insurance • Ten Things About Bankruptcy and Fraud Coverage • Applying Six Degrees of Separation to Preventing Fraud • The Tone at the Top: Ten Ways to Measure Effectiveness • India and the FCPA • Visual Analytics: Revealing Corruption, Fraud, Waste and • Helping to Prevent University Fraud Abuse • Avoiding FCPA Risk While Doing Business in China • Anti-Corruption Practices Survey 2011: Cloudy with a • The Shifting Landscape of Health Care Fraud and Chance of Prosecution? Regulatory Compliance • Fraud, Bribery and Corruption: Protecting Reputation and • Some of the Leading Practices in FCPA Compliance Value • Monitoring Hospital-Physician Contractual Arrangements to • Ten Things to Improve Your Next Internal Investigation: Comply with Changing Regulations Investigators Share Experiences • Sustainability Reporting: Managing Risks and Opportunities • Managing Fraud Risk: Being Prepared • The Inside Story: The Changing Role of Internal Audit in • Ten Things about Fraud Control Dealing with Financial Fraud • Major Embezzlements: How Can they Get So Big? • Whistleblowing and the New Race to Report: The Impact of the Dodd-Frank Act and 2010’s Changes to the U.S. Federal Sentencing Guidelines • Technology Fraud: The Lure of Private Companies 7
  9. 9. Deloitte Forensic Center Notable material in other publications: • Whistleblowing After Dodd-Frank: New Risks, New • Anti-Corruption Practices Survey Highlights Challenges Responses, WSJ Professional, May 2011 Facing Companies, Business Crimes Bulletin, January 2012 • The Government Will Pay You Big Bucks to Find the Next • Execs Not Confident In Corporate Anti-Corruption Madoff, Forbes.com, May 2011 Programs, FinancialFraudLaw.com, January 2012 • Major Embezzlements: When Minor Risks Become Strategic • 10 Ways to Measure the Tone at the Top, WSJ Threats, Business Crimes Bulletin, May 2011 Professional, January 2012 • As Bulging Client Data Heads for the Cloud, Law Firms • So You Want to be a Multinational?, ChiefExecutive.net, Ready for a Storm, and More Discovery Woes from Web December 2011 2.0, ABA Journal, April 2011 • Execs Lack Confidence in Anti-Graft Programs, Compliance • The Dodd-Frank Act’s Robust Whistleblowing Incentives, Reporter, November 2011 • Forbes.com, April 2011 • Bounty Hunting: Will New Regulations Create a New • Where There’s Smoke, There’s Fraud, CFO magazine, Incentive for Whistleblowers?, Perspectives (University of March 2011 Illinois), November 2011 • Will New Regulations Deter Corporate Fraud? Financial • The Hidden Risks of Doing Business in Brazil, Agenda, Executive, January 2011 October 2011 • The Countdown to a Whistleblower Bounty Begins, • Use of Third Parties’ Seen as Leading Source of Corruption Compliance Week, November 9, 2010 Risk, Ethikos, Sept/Oct 2011 • Deploying Countermeasures to the SEC’s Dodd-Frank • High Tide: From Paying For Transparency To ‘I Did Not Pay Whistleblower Awards, Business Crimes Bulletin, October A Bribe’, WSJ.com, September 2011 2010 • Executives Worry About Corruption Risks: Survey, Reuters, • Temptation to Defraud, Internal Auditor magazine, October September 2011 2010 • Whistleblowing After Dodd-Frank — Timely Actions for • Shop Talk: Compliance Risks in New Data Technologies, Compliance Executives to Consider, Corporate Compliance Compliance Week, July 2010 Insights, September 2011 • Many Companies Ill-Equipped to Handle Social Media e- • Corporate Criminals Face Tougher Penalties, Inside Counsel, discovery, BoardMember.com, June 2010 August 2011 • Mapping Your Fraud Risks, Harvard Business Review, • Follow the Money: Worldcom to ‘Whitey,’ CFOworld, July October 2009 2011 • Use Heat Maps to Expose Rare but Dangerous Frauds, HBR • Whistleblower Rules Could Set Off a Rash of Internal NOW, June 2009 Investigations, Compliance Week, June 2011 8
  10. 10. This article is published as part of ForThoughts, the Deloitte Authors Forensic Center’s newsletter series edited by Toby Bishop, the John Leonard is a senior manager in the Forensic & Dispute Services practice of Deloitte Financial Advisory Services LLP. Mr. director of the Deloitte Forensic Center. ForThoughts Leonard may be reached at jleonard@deloitte.com. highlights trends and issues in fraud, corruption and other complex business issues. To subscribe to ForThoughts, visit www.deloitte.com/forensiccenter or send an email to dfc@deloitte.com.This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering accounting,auditing, business, financial, investment, legal, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basisfor any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication.Copyright © 2012 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited 9

×