Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RANE_Interview_Hugo_Williamson_June14
1. [Type text] [Type text] [Type text]
RANE Interview | www.ranenetwork.com | insight@ranenetwork.com
Conducting FCPA Transactional Diligence
Hugo Williamson, IPSA International
The Department of Justice and Securities and Exchange Commission (SEC) have
emphasized the importance of companies conducting FCPA due diligence before
entering into transactions with third parties or buying another company. Both
regulators have imposed heavy fines on companies once violations of the FCPA have
been discovered. So how should a company go about conducting effective FCPA due
diligence before a transaction is completed? To help shed light on the issue, RANE
recently spoke with Hugo Williamson, a Senior Managing Director at IPSA International
with oversight for the firm’s EMEA region. Williamson has over 15 years of experience
running complex investigations and supporting senior corporate, finance and
government clients on major transactional and political risks in Europe, the Middle
East, Africa and Asia. Excerpts from the interview are featured below.
On understanding the risk profile of a target
When companies examine their FCPA risks prior to a transaction the first thing they
must do is to assess the significance of that particular relationship. The more
substantial the relationship, the higher proportion of due diligence resources should
be committed.
A good starting point in understanding the particular relationship is to look at the
corporate structure of the parties, their industry, relevant geographies and compliance
history. In a multinational transaction, the parties likely will want to concentrate their
efforts and perform a heighted level of due diligence on affiliates and subsidiaries
operating in countries with high perceived corruption risk. Similarly, parties operating
in industries that have been the focus of anti-corruption authorities such as oil and
gas, pharmaceuticals, construction, or engineering should account for potential
regulatory scrutiny in evaluating the risk profile of a transaction.
Ultimately, while due diligence can significantly minimize the risk of an FCPA problem,
it can never fully eliminate it. The question is always: can the entity demonstrate that
they went to all reasonable lengths, proportionate to the risks of the transaction, to
gain the necessary visibility and comfort in the integrity of the engagement?
On the internal struggle between compliance and the deal side
This well trodden duel exists in big global banks all the way down to SMEs. Often
times, the compliance side of an organization may determine a potential relationship
to have a much greater risk profile than others in the firm would be willing to admit.
Increasingly these days the compliance side is winning this battle, as fines for FCPA
violations have gotten bigger and the rules are getting clearer.
On the different levels of due diligence
Regardless of the level of due diligence that is required, an absolute starting point is
the screening of Politically Exposed Persons (PEPs) and sanctions databases.
“The question is always:
can the entity demonstrate
that they went to all
reasonable lengths,
proportionate to the risks
of the transaction, to gain
the necessary visibility and
comfort in the integrity of
the engagement?”
RANE Interview | June 14, 2016
2. RANE Interview | www.ranenetwork.com | insight@ranenetwork.com
Depending on how fleshed out the company is thinking about the potential risk,
monitoring negative news immediately becomes another good place to start.
The next level of compliance checks involves desk-based research of as much
information that can be found which can include negative media, online reviews of the
company, litigation history, solvency and bank issues, corporate records and corporate
holdings. This practice can throw up a large amount of information that can help an
organization determine ether not proceed any further with the transaction or to
launch a targeted inquiry to better understand specific issues that have come to light.
To further mitigate FCPA risks, companies can adopt a deeper level of compliance
checking that involves obtaining records from relevant registries in local countries.
These documents provide the most enhanced level of visibility to ensure that clients
are not dealing with individuals who are considered criminals or have compromising
backgrounds. However it is important to keep in mind that record keeping in emerging
markets is quite poor, and lags behind more developed markets.
The final component and deepest level to pre transactional due diligence in terms of
FCPA risk involves discreet human inquiries. This practice provides privileged insight
on specific areas of interests, which can include information on governance or integrity
concerns of a target company. Previous employees, former business partners, or
other firms within the industry can usually provide the best information. However it is
not worth doing this type of human intelligence work unless the risk posed by the new
potential relationship is proportionate.
On appropriate timing for due diligence
Very often the due diligence component of a deal is left to the last moment due to the
cost incurred. As a result the players involved usually want to make sure that all other
parts of the transaction are lined up before the due diligence phase is implemented.
Instead of waiting until the last moment, a better practice would be to conduct a very
high level screening early on in the process, which can identify major red flags and
concerns before a client gets too entrenched in a transaction. Then greater levels of
due diligence can be conducted as necessary.
On successor liability issues
Preventing FCPA successor liability in cross border deals requires an assessment of the
target’s overall risk profile in order to design and implement an appropriate response
to the identified red flags. The critical factor in this discussion is if those individuals
involved in a historical problem are still at the company and to what extent has the
company taken pro-active measures to address the sort of behavior so the incident
doesn’t occur again. One must also understand to what extent past issues were
isolated events versus systemic issues.
If there are historical issues and the deal does go through, certain controls can be
implemented to protect the acquirer from FCPA risk. Demanding audit rights, putting
an individual from the host company in the compliance department, or implementing
a training program for key individuals are all ways for an organization to defend itself
from issues of the past.
On third party and counter party risk
Another question many organizations face is how many degrees of separation to look
at when scrutinizing a company they are engaging with, and whether to conduct due
“Very often the due
diligence component of a
deal is left to the last
moment due to the cost
incurred.”
3. RANE Interview | www.ranenetwork.com | insight@ranenetwork.com
diligence into third parties of the target company. While it is often deemed
unnecessary in lower risk partners and targets the larger the deal or the more
significant the relationship, the greater inclination companies will have to understand
the network of ancillary business and individuals whose reputations and backgrounds
might negatively impact the reputation of the company in question.
Key concerns when looking at third party and counter party risks are issues connected
to the bribery of government officials in obtaining business deals, bid rigging to
influence tenders, the inappropriate diversion of business opportunities and assets,
and more generalized reputational risk.
On ownership
When conducting due diligence to mitigate FCPA/bribery issues, a key element is
confirming ownership, and assessing if there are any beneficial owners. In emerging
markets it is common for political figures and prominent business people to place
nominees on the board or among the shareholders. Sometimes these are high profile
people who are “known” to be fronts for political figures, and sometimes these are low
profile people, who can turn out to be distant family. Thus a common FCPA red flag
when conducting due diligence into companies, particularly in more emerging
economies, is having overly low profile people among the leadership or shareholders
of high value companies.
On proving bribery has occurred
When looking at bribery issues, it is often very hard to prove conclusively during the
due diligence process that bribery has occurred unless there have been legal
proceedings, as it is rarely a simple case of passing “brown envelopes”, and even if it is,
they are passed behind closed doors. Thus due diligence can throw up suggestions,
rumors, and allegations of bribery without providing 100 percent precise details.
Often times this becomes a frustration for clients, who want a binary answer to a
question that is often more analogue and opaque. One way to address this is by
filtering out baseless allegations, and being as explicit as possible about the sources of
the information or comment, ideally seeking to multisource the same insight. A
constant danger that poor due diligence practitioners can make is to inadvertently
legitimize propaganda – both good and bad, through either repeating as fact items
that are reported in the media from unreliable sources, or restating comments
delivered by human sources who are themselves biased or wrong in their assessment.
Quality due diligence requires having a methodology based on robust training to
address this, from scrutinizing the media sources and the journalists who write them
to ensure they are credible, to seeking multiple sources that converge on the same
finding to minimize the threat of bias.
On regulatory scrutiny of overseas hiring of relatives of foreign officials
For more than a decade, US companies, notably banks, have hired relatives and
associates of government officials in hope that these people can help open doors in
the relevant countries.
In recent years however, the SEC has started clamping down on this practice. The
most high profile of this has been their investigation into JP Morgan’s hiring of people
linked to members of the Chinese government. The SEC has shown its full willingness
to engage in this type of investigation viewing it as an extension of the FCPA, giving
“anything of value” to a foreign business official to win an “improper advantage”.
“When conducting due
diligence to mitigate
FCPA/bribery issues, a key
element is confirming
ownership, and assessing if
there are any beneficial
owners.”
4. RANE Interview | www.ranenetwork.com | insight@ranenetwork.com
While banks have argued in their defense that as their business is built on
relationships, these people are well connected and thus in their own right legitimate,
the SEC is increasing the pressure, and senior figures at JP Morgan have had to leave
the bank due to their association with the hirings.
The message to banks and business now is that the SEC views hiring relatives of
government figures as fair game, and unless there is a very robust argument for
brining them on board in their own right, doing so may open the bank or company up
to investigation.
ABOUT THE EXPERT
Hugo Williamson joined IPSA International in September 2014, as Senior Managing Director in the
company’s London office. In his role at IPSA, Williamson is responsible for business growth
opportunities and client relations throughout Europe, the Middle East and Africa, and plays a key
advisory role on new emerging market opportunities and initiatives. He is an expert on FCPA and UK
Bribery Act compliance matters. He is widely published on the topic, and has worked with a number
of corporations to design proportionate anti-bribery and corruption process, and in-house due
diligence and risk assessment frameworks.
Williamson joined IPSA following the absorption by IPSA of Williamson’s previous company, the Risk
Resolution Group (R2G), an award winning emerging markets risk consultancy which he founded in
2011. Prior to founding R2G, Mr. Williamson spent over 8 years working for a global risk consulting
firm, initially in their London offices, and then subsequently as deputy head of their South Africa office,
and finally as a Director in their Asia region, spending 4 years living and working in Hong Kong,
Singapore and Indonesia.
ABOUT IPSA International
IPSA International, a root9B Technologies, Inc. company, provides valued services that help our clients
mitigate risks and assist them in making better decisions affecting business opportunity, corporate
consequence and corporate or individual litigation strategy.
ABOUT RANE
RANE is an information services and advisory company serving the market for global enterprise risk
management. We provide access to, collaboration with, and unique insights from the largest global
network of credentialed risk experts covering over 200 categories of risk. Through our collective
insight, we help enterprises anticipate emerging threats and manage today’s most complex risks more
effectively.