Presenting a live 90‐minute webinar with interactive Q&A

FCPA Compliance:FCPA Compliance:Auditing and Monitoring Third PartiesMinimizing Liability Risks When Using Sales Agents, Distributors and Other Intermediaries

T d ’ f l f

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

WEDNESDAY, NOVEMBER 16, 2011

Today’s faculty features:

Edward J. Fishman, Partner, K&L Gates, Washington, D.C.

George D. Martin, Partner, Faegre & Benson, Minneapolis

Joseph A. Spinelli, Managing Director, Global Investigations and Compliance, Navigant Consulting, Inc., New York

The audio portion of the conference may be accessed via the telephone or by using your computer's speakers. Please refer to the instructions emailed to registrants for additional information. If you have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

Conference Materials

If you have not printed the conference materials for this program, please complete the following steps:

• Click on the + sign next to “Conference Materials” in the middle of the left-hand column on your screen hand column on your screen.

• Click on the tab labeled “Handouts” that appears, and there you will see a PDF of the slides for today's program.

• Double click on the PDF and a separate page will open. Double click on the PDF and a separate page will open.

• Print the slides by clicking on the printer icon.

Continuing Education Credits FOR LIVE EVENT ONLY

For CLE purposes, please let us know how many people are listening at your location by completing each of the following steps:

• Close the notification box

• In the chat box, type (1) your company name and (2) the number of attendees at your location

• Click the SEND button beside the box

Tips for Optimal Quality

S d Q litSound QualityIf you are listening via your computer speakers, please note that the quality of your sound will vary depending on the speed and quality of your internet connection.

If the sound quality is not satisfactory and you are listening via your computer speakers, you may listen via the phone: dial 1-866-871-8924 and enter your PIN when prompted Otherwise please send us a chat or e mail when prompted. Otherwise, please send us a chat or e-mail sound@straffordpub.com immediately so we can address the problem.

If you dialed in and have any difficulties during the call, press *0 for assistance.

Viewing QualityTo maximize your screen, press the F11 key on your keyboard. To exit full screen, press the F11 key againpress the F11 key again.

FCPA Compliance:Auditing and Monitoring Third Parties

Ed FishmanPrepared for: Ed FishmanK&L GATES LLP

1601 K Street, NWWashington, DC 20006-1600

(202) 778-9456ed fishman@klgates com

Prepared for:Strafford CLE Webinar/TeleconferenceFCPA Compliance: Auditing and Monitoring Third PartiesNovember 16, 2011

5

ed.fishman@klgates.com©2009 K&L GATES LLP

All Rights Reserved

Overview of Presentation Topics

Statutory Authority for Third Party Liability

Increased Enforcement Actions Involving Third Party Liability and g y yMitigating Third Party Risk

Unique Risks Created by Different Third PartiesS l d M k ti A t Sales and Marketing Agents

Distributors and Resellers Freight Forwarders, Brokers and Logistics Companies Consultants Consultants Other Intermediaries

Third Party Risks in M&A Transactions and Joint Ventures

6

Third Party Risks in M&A Transactions and Joint Ventures

Third Party Liability: Statutory Authority The FCPA prohibits a U S domestic concern or issuer from making corrupt The FCPA prohibits a U.S. domestic concern or issuer from making corrupt

payments both directly and indirectly through third party agents, distributors or other third parties.

The FCPA can impose liability on a U.S. domestic concern or issuer if it transfers f d hi d i h k l d h h hi d ill ll f h funds to a third party with knowledge that the third party will use all or part of the funds to make a corrupt payment.

Knowledge can be established by:

Having actual knowledge that a payment will be made Having actual knowledge that a payment will be made.

Having constructive knowledge that a payment may be made due to the existence of “red flags.”

Failing to conduct adequate due diligence, which may cause the U.S. g q g yenforcement authorities to take the position that the knowledge element has been satisfied due to willful blindness/conscious disregard.

7

FCPA and UK Bribery Act Priority

The greatest FCPA risk facing U.S. companies today is “third party risk” (recent statement by Charles (“Chuck”) Duross, head of DOJ’s FCPA Section with the Fraud Division)FCPA Section with the Fraud Division)

UK Bribery Act holds any entity subject to its jurisdiction strictly liable for any improper payments made by any “associated persons” unless “adequate procedures” are in place to prevent such unless adequate procedures are in place to prevent such payments

Many of the recent FCPA enforcement actions in the U.S. have involved third party conductinvolved third party conduct

UK Bribery Act prohibits both public and commercial bribery, heightening the need for oversight of third party activity

8

Recent Enforcement Actions: Third Party Liability

In the past several years, some of the largest FCPA settlements (including fines and disgorged profits) have involved violations caused by or orchestrated through the use of third parties:

Panalpina (including customers) (2010): $230 million Daimler (2010): $185 million Alcatel Lucent (2010): $137 millionAlcatel Lucent (2010): $137 million Johnson & Johnson (2011): $69 million ABB Ltd. (2010): $58.3 million Innospec (2010): $40 million

Alli O (2010) $20 illi Alliance One (2010): $20 million Diageo plc (2011): $16 million Maxwell Technologies (2011): $15 million

9

Mitigating Third Party FCPA Risk: Benefits of Due Diligence

Corporate liability often turns on the extent to which a company undertook commercially reasonable efforts to detect and prevent violations.

S F d l S t i G id li Ch 8 P t B See, e.g., Federal Sentencing Guidelines, Ch. 8, Part B, Remedying Harm From Criminal Conduct, and Effective Compliance and Ethics Program

An effective compliance program includes due diligence to p p g gprevent and detect criminal conduct and taking reasonable steps to ensure the compliance program is followed, including monitoring and auditing to detect criminal conduct

Failure to conduct due diligence will be seen as turning a blind eye Failure to conduct due diligence will be seen as turning a blind eye to misconduct and lead to higher penalties.

Appropriate due diligence can mitigate the “knowledge” element of an offense if discovered later.

10

Unique Risks: Sales & Marketing Agents Commissioned sales agents have traditionally posed the highest risk under the Commissioned sales agents have traditionally posed the highest risk under the

FCPA due to their significant, often unchecked, interaction with customers on behalf of their principals.

U.S. enforcement authorities now expect U.S. companies to conduct some level of p pdue diligence into the activities of their foreign agents and to implement certain internal controls designed to monitor agents in order to detect “red flags” of bribery.

Baker Hughes (2007): Executives of Baker Hughes subsidiary were alleged to have known that its sales agent in Kazakhstan was passing along all or a portion of its known that its sales agent in Kazakhstan was passing along all or a portion of its commission to Kazakh officials to secure contracts for Baker Hughes. Baker Hughes paid $11 million in criminal fines and disgorged over $23 million in profits.

Lindsey Manufacturing (2011): Lindsey and two of its top executives were convicted of violating the FCPA after a five-week jury trial in May. The jury concluded that Lindsey’s sales representative in Mexico secured contracts for the company by passing a portion of his 30% commission to officials from Mexico’s state-owned electric utility.

11

Unique Risks: Distributors & Resellers Distributors and resellers traditionally perceived as posing less risk than sales agents y p p g g

because they obtain title to the goods from the manufacturer or retailer, but FCPA risk involving distributors and resellers can be significant in situations where the manufacturer/retailer relies on the distributor to identify specific sales opportunities.

A U S company that knows or suspects that its distributors or resellers are making A U.S. company that knows or suspects that its distributors or resellers are making corrupt payments to sell their products must take action to stop that conduct.

Johnson & Johnson (2011): Executives of J&J and its subsidiary, Depuy International, were alleged to have knowledge that a distributor in Greece was engaged in the g g g gwidespread bribery of public doctors in exchange for their use of J&J surgical implants. For this and other violations, J&J paid $21.4 million in criminal fines and disgorged over $48 million in profits.

Invision Technologies (2005): Invision executives were alleged to be aware of a “high Invision Technologies (2005): Invision executives were alleged to be aware of a high probability” that its distributors/resellers in China and Thailand were bribing foreign officials to secure contracts for the sale of baggage screening equipment to public airports. Invision paid $1.3 million in criminal and civil fines and disgorged over $600,000 in profits.

12

Unique Risks: Freight Forwarders, Brokers and 3PLs

Freight forwarders brokers and logistics providers have long been under scrutiny by Freight forwarders, brokers and logistics providers have long been under scrutiny by the U.S. enforcement authorities due to their frequent interaction with foreign officials at corruption hotspots, such as customs clearance facilities and ports of entry.

While the FCPA has an exception for facilitating payments, a pattern or practice of p g p y p ppaying facilitation payments might be viewed, in the aggregate, to be a violation of the FCPA and the UK Bribery Act has no such exception (e.g. recent SFO letter)

Panalpina (2010): Panalpina was charged with aiding and abetting its customers’ violations of the FCPA by acting as an agent of several U S issuers on behalf of violations of the FCPA by acting as an agent of several U.S. issuers on behalf of whom it made corrupt payments to expedite products through the customs processes of several countries. While Panalpina paid $70.56 million in fines and disgorged over $11 million in profits, five of its customers paid, in total, $51 million in fines and disgorged over $33 million in profits for Panalpina’s actions.

Vetco Gray (2007): Over a four year period, employees of three Vetco Gray entities allegedly were aware that their customs agent continuously bribed Nigerian customs officials to gain preferential customs treatment and clearance for Vetco Gray products. Vetco Gray, on behalf of the three entities, paid over $26 million in

f f

13

criminal fines and had to retain a compliance monitor for three years.

Unique Risks: ConsultantsU S f h i i ill i i l h i U.S. enforcement authorities will investigate consultants who are acting as “lobbyists” to determine if the fees paid to the consultants are for actual services that add value, or are just being routed to government officials.

Identifying a sales agent or business partner as a “consultant” will not relieve a Identifying a sales agent or business partner as a consultant will not relieve a company from the due diligence expectations of the U.S. enforcement authorities.

Diageo (2011): In addition to other violations, Diageo was alleged to have engaged a consulting firm to lobby the Thai government regarding various customs and tax di t d th h thi t i t l $600 000 i t t disputes and through this arrangement approximately $600,000 in corrupt payments were paid to a Thai official. Diageo paid a $3 million civil penalty and disgorged over $13 million in profits and interest for this and other violations.

Alcatel-Lucent (2010): Over a period of five years Alcatel allegedly continued to Alcatel Lucent (2010): Over a period of five years, Alcatel allegedly continued to engage numerous commissioned “consultants” in several countries, who paid for bribes, gifts, entertainment, and travel expenses of government officials to receive information and other business advantages on behalf of Alcatel, despite numerous “red flags” that these “consultants” were making corrupt payments. Alcatel paid $92 million in criminal fines and disgorged $45 4 million in profits

14

million in criminal fines and disgorged $45.4 million in profits.

Unique Risks: Other Intermediaries U.S. enforcement authorities will be suspicious if any transaction involves companies

that do not appear to be engaged in any substantive activities (so-called “shell companies”), particularly if they are located in off-shore banking jurisdictions. These companies often an used to make corrupt payments difficult to trace and to keep the payments off the books and records of the issuers and their subsidiaries who are payments off the books and records of the issuers and their subsidiaries who are making the payments.

Cinergy and Terra Telecommunications (2011): Cinergy and Terra executives allegedly used a series of shell companies to launder money to pay bribes to Haitian g y p y p ytelecommunications officials for favorable contract terms. Cinergy indicted for FCPA violations and Terra executive was sentenced recently to longest FCPA prison sentence in history (15 years).

Comverse Technologies (2010): Executives at Comverse’s Israeli subsidiary Comverse Technologies (2010): Executives at Comverse s Israeli subsidiary allegedly directed its agent to establish a shell company through which Comverse, Comverse employees, and the agent transferred money to Greek government officials. Comverse paid $1.2 million in criminal fines and disgorged $1.6 million in profits.

15

Unique Risks: M&A Transactions and Joint Ventures

B d i M&A i j i h h hi d Buyers need to ensure, prior to an M&A transaction or a joint venture, that the third party agents of their potential target or JV partner do not pose unacceptable FCPA risk.

Buyers must ensure that they implement adequate internal controls and compliance Buyers must ensure that they implement adequate internal controls and compliance measures into those third party relationships immediately following closing to avoid ongoing FCPA risk.

eLandia International/Latin Node (2009): eLandia discovered, post-acquisition, that L ti N d ll dl h d id $2 illi i b ib t bt i t l i ti Latin Node allegedly had paid over $2 million in bribes to obtain telecommunications contracts in Honduras and Yemen through third party agents. Latin Node was fined $2 million, but eLandia received substantial credit for self-disclosing conduct by Latin Node shortly after acquisition and cooperating with DOJ investigation.

RAE Systems (2010): RAE discovered, prior to forming two Chinese joint ventures, that its proposed JV partner employed sales agents who were making corrupt payments to secure sales. RAE proceeded with the joint venture despite this knowledge and then failed to implement controls to stop future corrupt payments. RAE paid $1 7 million in criminal fines and disgorged over $1 2 million in profits

16

RAE paid $1.7 million in criminal fines and disgorged over $1.2 million in profits.

QUESTIONS?

Contact:

Ed FishmanK&L Gates LLP1601 K Street N.W.Washington, D.C. 20006(202)778 9456 (di t)(202)778-9456 (direct)ed.fishman@klgates.com

17

Planning Third Party Audit & Compliance ReviewsAudit & Compliance Reviews

G D M tiGeorge D. Martingmartin@faegre.com

7575390

Audit Objectives & Scope of Work

• Can deter violations, can detect violations, but no compliance program can completely prevent violations from occurring

• Goal of periodic review and testing is to evaluate and improve effectiveness of compliance program

– It is expected by the U.S. agencies, helps establish an “adequate procedures” defense under the UK Bribery Act, and delivers value from a business perspective as well

19

Set-Up Successful Audit

• Begins with due diligence intake process and contract terms, setting expectations

• Next: business team buy-in—explain need and benefits and solicit their support

• Understand legitimate fears/concerns of third parties– Confidentiality of their proprietary business information– Disruptive to their business

U lik l th t d ill b bl t dit ti t • Unlikely that need or will be able to audit entire company; most interested in auditing third party’s compliance with contract

20

Audit Objectives & Scope of Work

• Firm performing audit should have forensic accounting expertise and FCPA-trained and experienced team (proficient in local language, customs and practices)

• They should undertake work “at the direction of counsel” to make privileged their findings and work product

• Objectives are to confirm the third party’s business bona fides, assess internal control environment and evaluate third party’s adherence to its key contractual obligations This need not and adherence to its key contractual obligations. This need not and cannot be an audit of the third party’s entire organization.

21

Audit Objectives & Scope of Work

• Auditing all third parties is not practical. So, assess relative risk t d b h l ti hi d i iti i df l th t th l i presented by each relationship and prioritize, mindful that the goal is

to deter and detect violations. Consider: – Geographic reputation for corruption riskg p p p– Nature of services being provided and compensation arrangements– Involvement in the business of any state owned, controlled or affiliated

organizationsg– Industry– Reputational and anecdotal information– Make reference to original intake diligence file g g– Use a numerical ranking system to prioritize

22

Designing the Audit: Areas of Priority Focus

Keep audit process as simple, non-disruptive and cost-effective as possible (while still being thorough). The process has to be affordable and sustainable. When scoping and designing the audit focus on obtaining information that:audit, focus on obtaining information that:

• Verifies that the third party is a real, operating company, with a physical address employees on site and relevant expertisephysical address, employees on site and relevant expertise

• Identity of all legal and beneficial owners (run names thru databases and confirm not government officials etc )databases and confirm not government officials, etc.)

• Company personnel assigned to your business are qualified to perform the necessary services and does so for other multinational perform the necessary services and does so for other multinational companies

23

Designing the Audit: Areas of Priority Focus

• Update information regarding any investigations, incidents or allegations involving bribery/corruption/fraud

• Review and test their Code of Conduct, Gift, Travel & Entertainment policy and related protocols and procedures to assure compliance therewith

• Transaction testing regarding documentation for use of petty cash, gifts, travel, entertainment, general marketing and any charitable or political contributions related to your businesscharitable or political contributions related to your business

• Examine any third party disbursements

24

Designing the Audit: Areas of Priority Focus (cont’d)

• Examine the use of any other third parties supporting the

Designing the Audit: Areas of Priority Focus (cont d)

business and scrutinize their fees and services

• Always beware round numbers; look for patterns

• Interview finance staff, general management, and those responsible for performing the contract

• If never performed intake diligence, cover those matters now

• Auditors should deliver privileged written report to lawyers; • Auditors should deliver privileged, written report to lawyers; include specific remediation recommendations, if any; retain files

• Take prompt action based upon findings• Take prompt action based upon findings

25

Final Steps

• Consider use of independent review committee to organize

Final Steps

process, conduct risk assessment and be responsible for remediation

• Use both an objective scoring methodology and subjective assessment

26

Conducting Third PartyConducting Third PartyAudit and Compliance 

ReviewsReviews

Joseph A. Spinelli646.227.4200

joseph.spinelli@navigant.com

Table of Contents

A. Interviews and Data Review

B. Managing the Process

C Common ChallengesC. Common Challenges1. Access to Data and Witnesses2. Local Law Restrictions3. Logistical and Cultural

D. Common “Red Flag” Findings

E P t R i A ti ItE. Post Review Action Items

F. Remediation Options

28

Conducting Third Party Audit and Compliance Reviews

A.   Interviews and Data Review

1. Identify and interview third party’s senior compliance personnel with direct access to the third party’s FCPA/anti‐corruption and bribery compliance program.

2. Request and review all necessary documentation regarding the program.

3. Identify vulnerabilities in the program and conduct follow‐up interview y p g pwith the third party’s compliance personnel.

29

Conducting Third Party Audit and Compliance Reviews

B. Managing the Process

1 Collaboration and communication with compliance personnel from the1. Collaboration and communication with compliance personnel from the inception of the business relationship.

1. Preparation and execution of contract/agreement that provides audit rights to th thi d t ’ d b k d d Th t h ld lthe third party’s program and books and records.  The agreement should also require an annual certificate of compliance.

2. Completion of a due diligence questionnaire that the third party must sign off on. 

3. Collection and organization of third party information.

4. Third party risk assessment and due diligence. 

5. Follow‐up discussions to address issues that may have surfaced.

30

6. On‐going training for all third party compliance personnel.

Conducting Third Party Audit and Compliance Reviews

C.   Common Challenges1. Access to Data and Witnesses1. Access to Data and Witnesses

a. Third party’s willingness to provide the information necessary to complete a program review and conduct a risk assessment/due diligence.g

b. Witness? [Third party’s willingness to allow for interviews of witness(es) with knowledge of possible violations of its program.]

2. Local Law Restrictions

a. Various laws regarding facilitating payments.

3. Logistical and Culturalg

a. Third parties in remote areas and possible need for physical security measures.

b. The local culture and political climate may impact access to 

31

e o a u u e a po i i a i a e ay i pa a e onecessary information.

.

Conducting Third Party Audit and Compliance Reviews

D.   Common “Red flag” Findings

1 Questionable character and reputations for paying or receiving bribes1. Questionable character and reputations for paying or receiving bribes2. A history of corruption in the country or industry3. No physical address for its business operations4 A a e t la k of ualifi atio o e ou e o the a t of the thi d a ty4. Apparent lack of qualifications or resources  on the part of the third party 

to perform the services offered5. Will not disclose the true ownership of the business.6 Family members and close friends are Government Officials6. Family members and close friends are Government Officials7. Unusual payment patterns or financial arrangements8. Refuses to include an audit clause9 Questionable and excessive commissions and expenses for which there is9. Questionable and excessive commissions and expenses for which there is 

no accounting10. Will not sign an anti‐corruption warranty that no corrupt payments will 

be made.

32

11. Third party was recommended by a Government Official

Conducting Third Party Audit and Compliance Reviews

E.   Post‐Review Action Items1. Establish and document the manner in which payments will be 

made and received with the third party.2. Follow‐up due diligence regarding possible issues identified during 

h k d d d lthe risk assessment and due diligence process.3. Conduct periodic updates regarding due diligence on third parties.4. Review of all travel, gifts and entertainment expenses annually5. Review of all business transactions with foreign officials6. FCPA/anti‐corruption and bribery training for all third party 

employees and acknowledgment of completion.7. Continuous monitoring of third party’s program, including but not 

limited to training efforts and whistleblower allegations.

33

. 

Conducting Third Party Audit and Compliance Reviews

F. Remediation Options

1. Gap assessment of third party program.

2. Annual completion of third party questionnaire to maintain an up‐to‐date profile.

34

Recent Enforcement Cases Involving 3rd Parties

Technip, S.A.– June, 2010

• Agreed to a deferred prosecution and to pay $240M criminal penalty related to the• Agreed to a deferred prosecution and to pay $240M criminal penalty related to the 

bribery of Nigerian government officials to obtain contracts to build a LNG facility 

on Bonny Island, Nigeria

• Technip authorized Jeffrey Tesler and a Japanese trading company to pay bribes to assist the joint venture to obtain contracts

Panalpina – November, 2010

• Panalpina and 5 of its oil and gas service customers will pay $156 5M for allegedly• Panalpina and 5 of its oil and gas service customers will pay $156.5M for allegedly 

bribing foreign officials on behalf of customers for customs clearance. This 

clearance was for temporary importation permits in connection with importing 

35

rigs and vessels into Nigerian waters.

.

Recent Enforcement Cases Involving 3rd Parties

UT Starcom– December, 2009

• Between 2001 and 2007, Company spent nearly $7M on approximately 225 trips for employees of government‐owned customers in  China

• Company also paid salaries and health benefits to Chinese officials for no‐show jobsj

• UT Starcom paid $3M in criminal and civil penalties and was mandated to self‐monitor and report its compliance improvementsmandated to self monitor and report its compliance improvements

. 

36

Recent Enforcement Cases Involving 3rd Parties

Johnson & Johnson – April, 2011

• J&J agreed to pay $21.4M to DOJ and $48.6M in disgorgement and prejudgment interest to SECinterest to SEC

• Allegedly paid bribes to doctors in Greece, Poland and Romania 

• Also paid kickbacks via an agent to Iraq to obtain 19 Oil for Food contracts• Also paid kickbacks via an agent to Iraq to obtain 19 Oil for Food contracts

IBM – March, 2011

• Paid $10M in fines and penalties

• SEC alleged from 1998‐2003, employees of IMB Korea, an IBM subsidiary and LG IMB 

PC Co., Ltd, a Joint Venture in which IMB held a majority interest, paid cash bribes, 

and provided improper gifts, travel and entertainment expenses to various government 

officials in South Korea to secure the sole of IBM products.

37

p

.