Search

Editors

Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Harry Cassin Managing Editor


Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor


FCPA Blog Daily News

« Company promises investors 2x payback if there's an FCPA investigation | Main | Daniel Patrick Wendt: Did the DOJ give SocGen an unofficial discount? »
Tuesday
Sep182018

Scott Shaffer: Due diligence isn't nice to have, it's a must have

After reviewing the FCPA Blog's post, “When do issuers disclose their FCPA problems?” which focused  on the seven resolved FCPA cases during the first half of 2018, I also examined each of the enforcement actions with a specific goal of determining the impact of due diligence in these cases.

Since I continually preach about the necessity of proper due diligence, I was not disappointed in my analysis.

Of the seven cases through the first half of this year, due diligence, or lack thereof, was a specific reference in five:

“There is no evidence to suggest that Plaza conducted any due diligence on the 2006 Consultant prior to entering into this agreement.” https://www.sec.gov/litigation/admin/2018/34-82849.pdf

“Kinross contracted with a politically-well-connected third-party consultant to facilitate contacts with high-level government officials without conducting the heightened due diligence required by the company’s policies and procedures.” https://www.sec.gov/litigation/admin/2018/34-82946.pdf

“PAC [Panasonic Avionics Corporation] recommended, but did not require, third-party due diligence reports concerning the consultants…While PAC historically conducted no meaningful due diligence on its sales agents, beginning in at least 1996, PAC started including audit rights in its contracts with sales agents.. . . However, PAC did not exercise its audit rights in order to avoid upsetting relationships with the agents. In early 2007, PAC began to put in place due diligence procedures for screening sales agents, including those agents with established relationships with PAC.” https://www.sec.gov/litigation/admin/2018/34-83128.pdf

“On or about November 8, 2012, the Libyan intermediary and an attorney representing him provided [Societe Generale] Employee 2 with answers they could use in responding to inquiries concerning Societe Generale's engagement of the Panamanian Company, including repeating the false representation that the Panamanian Company met Societe Generale's stringent due diligence requirements in effect in 2012. https://www.justice.gov/criminal-fraud/file/1072451/download

“Legg Mason did not timely institute appropriate risk-based due diligence and compliance requirements pertaining to the retention and oversight of such agents and business partners.” https://www.sec.gov/litigation/admin/2018/34-83948.pdf

Lessons learned:

  • Due diligence is not a “nice to have”; it’s a “must have.”
  • Basic due diligence is not sufficient for high risk engagements.
  • Due diligence may not prevent the issue, but, at a minimum, should alert of possible red flags or risk in the engagement.
  • The DOJ and SEC consider due diligence (or lack thereof) when reviewing cases and determining punishments.
  • Proper due diligence is a fundamental step in a well-structured compliance program.

Challenges:

  • Proper due diligence takes time and money.
  • Determining the proper level of due diligence, given the situation.
  • There is no due diligence program that can perfectly address every possible scenario.
  • Due diligence is critical, but must be supplemented with other compliance initiatives and internal controls.

____

Scott Shaffer, pictured above, is the Managing Director for the Kreller Group in Cincinnati, Ohio. For the past 23 years he has consulted with clients to address due diligence objectives, customizing due diligence programs for new clients, and analyzing current trends regarding regulatory compliance.

Reader Comments (1)

Need for Continuous DD

Terrific examples to prove a most valid premise, Scott. And Microsoft appeared to do no due diligence on its partner relationships in Hungary, terminating 4 of them after the SEC and DOJ investigation began. Your lists are spot on but I would like to add that it's important to keep monitoring throughout the lifecycle of the relationships, having a program which continuously picks up changes in third party risk triggering a risk reassessment and perhaps a change in the level and or intensity of the control activities undertaken. Am a firm believer of undertaking a complete third-party entity review on a risk based schedule. Given the PAC had the protagonists subbing for established intermediaries, it would have been interesting to see how questionnaires to those intermediaries would have been responded to, in regard to use of sub-contractors; had that activity been performed.
September 18, 2018 | Unregistered CommenterMark Speck
Comments for this entry have been disabled. Additional comments may not be added to this entry at this time.