Due diligence is a common subject, so it’s natural to think of it as an easy subject as well. But it’s not. There’s no black-letter law anywhere describing due diligence, or what type is needed for an effective compliance program under the Foreign Corrupt Practices Act, or how much should be done. Surprisingly, the FCPA itself never mentions it. The statute describes what behavior constitutes an offense, and lists a few things that don’t — facilitating payments, promotional expenses and payments allowed under the written laws of the host country. But it doesn’t mention due diligence.
Where, then, does due diligence come from? As with so many aspects of compliance, the Federal Sentencing Guidelines are the fountainhead. They leave no doubt that due diligence is an essential ingredient of compliance. But even the Guidelines don’t give examples, checklists, or timetables. They leave the “details” to those who know the organization best — its directors, officers and executives. Instead of being a compliance how-to, the Guidelines describe the hallmarks of an organization whose intention is to comply. One hallmark — you guessed it — is due diligence. There’s even some case law on the topic that’s helpful.
In re Holland Furnace Company et al., 341 F.2d 548 (7th Cir., 1965) is a leading decision. Paraphrasing its holding and applying it to FCPA due diligence, the case says an organization must be able to demonstrate, on the basis of the entire record, and through the acts of certain of its officers, agents, representatives and employees, that it didn’t knowingly, willfully or intentionally violate any prohibitions found in the law. And doing all that is the job of the due diligence.
Another leading case on the evidence of an organization’s intention to comply is U.S. v. Greyhound Corporation. There, the Seventh Circuit was referring to compliance with a court order. But it could have been talking about a company’s legal duty to comply with the FCPA (or any other criminal statute). In distinguishing between genuine and bogus compliance, the court said:
“Similarly, while actions showing a good faith effort to comply with the order will tend to negate willfulness, . . . delaying tactics, indifference to the order, or mere ‘paper compliance’ will support a finding of willfulness. In re Holland Furnace Co., 341 F.2d 548, 551 (7th Cir. 1965), cert. denied, 381 U.S. 924, 85 S.Ct. 1559, 14 L.Ed.2d 683. The very issuance of the order puts the party on notice that his past acts have been wrongful. ‘No concept of basic fairness is violated by requiring a person in this position to be more than normally careful in his future conduct.’ United States v. Custer Channel Wing Corp.,247 F.Supp. 481, 496 (D.Md.1965), aff’d, 376 F.2d 675 (4th Cir. 1967), cert. denied, 389 U.S. 850, 88 S.Ct. 38, 19 L.Ed.2d 119.”
U.S. v. Greyhound Corporation, 508 F.2d 529 (7th Cir., 1974).
So an organization accused of criminal conduct can show that it intended to comply with the law by being “more than normally careful.” For the FCPA, that means there has to be due diligence that’s appropriate to the circumstances. If the host country is known to tolerate public corruption, for example, then being “more than normally careful” will involve more due diligence. Again, the more risk of an FCPA offense, the more effort is needed to keep the offense from happening.
Finally, then, the record of the company’s due diligence (of its being “more than normally careful”) becomes the evidence that the company didn’t knowingly, willfully or intentionally violate the law. An FCPA offense requires willful and knowing conduct, so a record of due diligence demonstrating a lack of willfulness and knowledge might be the organization’s best and only defense. That’s why due diligence has to be at the center of any effective compliance program. It’s the proof that the company intended to comply all along.
There’s no doubt that due diligence is woven into the fabric of any true compliance culture. For readers wanting to know a bit more, we set out below the references to due diligence in the Federal Sentencing Guidelines under “Effective Compliance and Ethics Program.” Here’s what the Guidelines say:
— To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation – Organizations), an organization shall—
(1) exercise due diligence to prevent and detect criminal conduct . . . .
* * *
— Due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law within the meaning of subsection (a) minimally require the following:
(1) The organization shall establish standards and procedures to prevent and detect criminal conduct.
(2) (A) The organization’s governing authority shall be knowledgeable about the content and operation of the compliance and ethics program and shall exercise reasonable oversight with respect to the implementation and effectiveness of the compliance and ethics program.
(B) High-level personnel of the organization shall ensure that the organization has an effective compliance and ethics program, as described in this guideline. Specific individual(s) within high-level personnel shall be assigned overall responsibility for the compliance and ethics program.
(C) Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority. . . .
* * *
— The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.
* * *
— High-level personnel and substantial authority personnel of the organization shall be knowledgeable about the content and operation of the compliance and ethics program, shall perform their assigned duties consistent with the exercise of due diligence, and shall promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.
* * *
— [T]he organization shall hire and promote individuals so as to ensure that all individuals within the high-level personnel and substantial authority personnel of the organization will perform their assigned duties in a manner consistent with the exercise of due diligence and the promotion of an organizational culture that encourages ethical conduct and a commitment to compliance with the law . . .
View Chapter 8 – PART B – §8B2.1. (“Effective Compliance and Ethics Program”) of the 2005 U.S. Federal Sentencing Guidelines here.