Today, I continue my five-part series on the life cycle of third party management under an anti-bribery/anti-corruption regime such the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act, reviewing Step 2, which I label as the “Questionnaire”. The term ‘questionnaire’ is mentioned several times in the FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. I believe that this requirement is not only a key step but also a mandatory step for any third party that desires to do work with your company. I tell clients that if a third party does not want to fill out the questionnaire or will not fill it out completely that you should not walk but run away from doing business with such a party.
In the 2011 UK Ministry of Justice’s (MOJ), discussion of Six Principals of an Adequate Procedures compliance program, they said the following about the Questionnaire, “This means that both the business person who desires the relationship and the foreign business representative commit certain designated information in writing prior to beginning the due diligence process.” Indeed, the use of a Questionnaire was one of the key findings of Kroll’s “2012 FCPA Benchmark Report”. As reported in the FCPA Blog, in a post entitled “Compliance Officers Troubled By Third-Party Risk”:
One of the key requirements of any successful anti-corruption compliance program is that a company must make an initial assessment of a proposed third party relationship. The size of a company does not matter as small businesses can face quite significant risks and will need more extensive procedures than other businesses facing limited risks. The level of risk that companies face will also vary with the type and nature of the third parties it may have business relationships with. For example, a company that properly assesses that there is no risk of bribery on the part of one of its associated persons will, accordingly, require nothing in the way of procedures to prevent bribery in the context of that relationship. By the same token the bribery risks associated with reliance on a third party agent representing a company in negotiations with foreign public officials may be assessed as significant and, accordingly, requires much more in the way of procedures to mitigate those risks. Businesses are likely to need to select procedures to cover a broad range of risks but any consideration by a court in an individual case of the adequacy of procedures is likely necessarily to focus on those procedures designed to prevent bribery on the part of the associated person committing the offence in question.
So what should you ask for in your questionnaire? Randy Corey, Executive Vice President (EVP), Global Compliance Officer at Edelmen Inc. said in a presentation at Compliance Week 2012, entitled “3rd Party Due Diligence Best Practices in Establishing an Effective Anti-Corruption Program”, that his company has developed a five-step approach in evaluating and managing their third parties. In Step 3 they ask What Do You Need To Know?Initially, Corley said that Scope of review depends on risk assessment, High Risk, Medium Risk or Low Risk. This risk ranking will determine the level of information collected and due diligence performed. The key element of this step is data collection. The initial step is to have the third party complete an application which should include requests for information on background and experience, scope of services to be provided, relevant experience, list of actual and beneficial owners, references and compliance expertise.
Below are some of the areas which I think you should inquire into from a proposed third party include the following:
One thing that you should keep in mind is that you will likely have pushback from your business team in making many of the inquiries listed above. However, my experience is that most proposed agents that have done business with US or UK companies have already gone through this process. Indeed, they understand that by providing this information on a timely basis, they can set themselves apart as more attractive to US businesses.
The questionnaire fills several key roles in your overall management of third parties. Obviously it provides key information that you need to know about who you are doing business with and whether they have the capabilities to fulfill your commercial needs. Just as importantly is what is said if the questionnaire is not completed or is only partially completed, such as the lack of awareness of the FCPA, UK Bribery Act or anti-corruption/anti-bribery programs generally. Lastly, the information provided (or not provided) in the questionnaire will assist you in determining what level of due diligence to perform. So tomorrow I will discuss due diligence.
Visit the FCPA Compliance and Ethics Blog, hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2014
For more information about LexisNexis products and solutions connect with us through our corporate site.