Even though Trump’s administration has promised to deregulate many provisions of the FCPA, those provisions are still in place at this time, so FCPA compliance must remain a top priority for firms. However, as a wise business owner, you’re probably wondering how much is too much when it comes to managing the risks associated with FCPA violations. After all, if you’re so focused on compliance that you fail to make a profit, then your business isn’t working. Striking the right balance is about knowing who to trust and who to verify.
Knowing when to complete a deep vetting investigation on someone is just as important as the investigation itself. After all, investigations aren’t cheap and not every person you work with is going to open you up to potential risks. Take a measured approach, triage potential business connections, and deep vet the ones who are a potential risk.
Assessing Your Firm’s Connections and Risks
Your company is exposed to risk on a number of fronts, but for FCPA purposes, your vetting focus should be on your employees, agents, and any third parties that put you at risk. This can get a bit complicated, as often when FCPA actions are taken, they encompass hundreds or even thousands of individuals from different companies and entities.
Broken down to its simplest form, the FCPA is designed to prevent businesses from paying foreign governments for favorable treatment. Many view this as someone paying a foreign official for a government contract, but it covers a lot more than that. A business will be in violation if they pay money to someone in order to:
- Win a contract
- Influence a bidding process
- Get around rules and regulations for certain products
- Avoid taxes and penalties
- Get special exceptions to rules not granted to other companies
- Influence legal officers responsible for court actions
- Prevent the end of a contract
Knowing who to vet is as easy as looking at those tasks. You might assume that certain individuals will be directly involved in the negotiation with foreign officials but you need to go beyond sales people and company representatives to also vet the ones who support them.
Who to Vet to Protect Your Firm From FCPA Violations
Blanket extreme vetting doesn’t work because it gets too unwieldy. Not everyone needs an extreme level of vetting. For the most part, basic background checks and credit reports can give you a good idea of a floor-level employee’s risk. However, when someone has a lot of control over your business, and has the potential to cause an FCPA violation, that’s when extreme vetting is needed. When you’re trying to decide who needs this vetting, you will need to ask the following questions:
- Do they have direct contact with decision-making officials? – If you’re looking for someone who has the potential to impact your business on an FCPA level, then direct contact with foreign officials is an obvious risk. The FCPA is designed to prevent the bribing of officials as well as the concealment of those bribes. While direct contact with a foreign official is often an aspect of that, it’s not entirely necessary.
- Do they have direct control of banking, tax, or customer financial information? – If they have control of information that could be used to launder money used for bribery, that’s a potential risk. They might not be directly involved in a bribe, but they could pose the potential to conceal one.
- Are they acting as an authorized agent of your company? – Sometimes, the relationships businesses form with third parties are unclear. For example, if you hire a vendor to provide janitorial services, that vendor could be considered your agent. However, if that vendor hires an agency to manage their employment checks, is that agency also considered an agent of yours? Make sure that you clarify any relationships you have through your legal team and vet any individuals who could be considered your agent.
- Do they have a high level of autonomy? – The more control someone has over the financial decisions of a company, the more thoroughly they need to be vetted. On the other hand, there may be cases where an individual does not have enough autonomy to pose a risk. As an example, consider someone assigned to a salesperson overseas, who is mainly completing administrative tasks. This person might have access to financial information and contact with foreign officials, but they don’t have the power to make business decisions. As such, extreme vetting may not be necessary.
- Does their job responsibility create a conflict of interest with tasks related to FCPA? – As an example, the person charged with FCPA compliance at your company must have complete control of the program and be answerable only to the board of directors. That means that allowing them to do other tasks, like negotiate a new contract with a foreign official, would be inappropriate. Their job responsibility is to enforce the rules and they are the final authority. They should not be put in positions where they’re essentially expected to act as their own compliance officer.
While someone might meet one or two of the criteria, that doesn’t necessarily mean they’re a risk. For the most part, to pose a risk to your firm, that individual needs both access and some level of autonomy in business decisions. Those are the individuals you need to vet on an extreme level.
One extreme vetting tool which allows you to significantly expand the scope of your investigations is Remote Risk Assessment (RRA). Often, when dealing with FCPA-related issues, we’re working with international partners. RRA allows you to remotely interview and assess these individuals for risk and to ensure compliance with anti-corruption laws.
If you’re interested in adding RRA to your vetting process, AC Global Risk can help. We offer this unique technology for a range of diverse vetting and screening purposes and can implement the program quickly. For more information on RRA, contact us today.