Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Paul T. Oki: Knowing who to run from is half the compliance battle

Doing business in countries perceived to be high risk for corruption and FCPA compliance issues (and unhappily my country Nigeria sits squarely within that category) requires a clear picture of who your local partners are, and whether associating with them represents any sort of risk to you from a compliance perspective.

If you’re dealing with a local company you want to confirm, at a minimum, who the shareholders and directors are and the physical location of the business. Identifying the individuals behind the business is the first of several steps you need to take as you seek to map any relationships they might have to local government officials (i.e “foreign officials” under the FCPA) for compliance purposes.

As recently as three years ago, it was not a requirement in Nigeria for directors and shareholders of local companies to submit copies of their identity documents as part of the company registration process. Individuals could (and sometimes did) register companies claiming to be two or more different directors and shareholders, and the public would be none the wiser.

Regulations were introduced in 2013 requiring subscribers to submit copies of their drivers license, national identity card or the information page of their passports in confirmation of their identity. Unfortunately, companies registered prior to January 2013 do not have those identity documents on record, requiring a bit more effort in confirming the true identity of the named subscribers.

However, the more interesting challenge lies in identifying, understanding and mapping the relationships that might exist between your business partners and local government officials.

It’s been my personal experience that transparent links or access to government officials are not necessarily the problem. After all, major multinational oil companies operating in Nigeria do have entire departments focused on maintaining links with key government officials as part of their stakeholder engagement policies.

Your partners may well be ex-staff of such companies seeking to leverage their industry experience and government connections in starting something new. From their perspective, their local knowledge, access and influence within government circles are rather valuable assets which they bring to the table. But valuable or not, what you don’t want is an unethical partner that could exploit that access on your joint behalves in ways that expose you to very serious risks under the FCPA.

So what to do? And where to begin?

The personal, “word-on-the-street” reputation of your business partner is very important. You need to get an accurate sense of whether this is someone who cares about doing business ethically, or someone you should be very worried about.

Unfortunately information like this is never immediately obvious (“it’s not written on the forehead”, as we say locally) so you’re going to have to ask around. And because word goes round when a foreigner asks around, you need to be careful about word getting back to your partner. That could be very embarrassing.

Print and social media searches can be very helpful, but your best bet is to learn all you can from the locals. There are very successful business people here who others would warn you to flee from, leaving cloak and staff behind. You should listen to them.

Next comes your traditional relationship-mapping exercise.

Again in my experience, typical mapping exercises tend to focus too narrowly on the more direct relationships between individuals and government officials, for example whether “A is a known or suspected business associate of B” or if “C is a political associate of D” or “E is a spouse, sibling, child or other biological relation of F.” If there’s no direct, documented relationship between A and B or C and D then it is obvious that there’s no compliance risk involved. The boxes are ticked, the file is closed and everyone is happy.

But this approach sometimes misses other non-linear relationships and links that may be much more relevant for compliance purposes. We live and operate within very complex social networks here. It is therefore vitally important to understand how private individuals within those networks could influence, benefit from, or act as proxies for Foreign Officials in a corruption or compliance context.

Your partner’s business relationship with the younger brother of the trusted dressmaker to the wife of the President could be the real reason your company wins or retains that government contract.

Hopefully somebody mapped that.


Paul T. Oki is an experienced lawyer based in Lagos, Nigeria and the founder of a leading web-based Due Diligence Service that assists the international business community with due diligence enquiries about Nigerian companies. He can be reached at [email protected].

Share this post



  1. Excellent post.

    Due Diligence at a distance is incomplete and dangerous.

    I, like you, operate in a "high risk" country but belong to that "last mile" in the chain called "Agent" and "Consultant" again the higher that normal risk in the relationship. We get to face the music.

    I recently went through, again, just another due diligence and FCPA induction process with a US based company that I found it to be very "lite". I was not asked the right questions.
    Unless you are deep rooted into the business and social fiber of a country, it is nearly impossible to do a relationship map that might show signs of potential conflicts. There has to be knowledge of the history, trajectory and character of an individual and a company to be able to assign a risk factor. No tools exist to ascertain character from a distance. The internet archives on most countries is not complete and social media is very young to contain al the needed information. A local person that knows what to look for and that is deep rooted in a particular society must be engaged to do that evaluation properly. If not done the FCPA program is just to have "plausible deniability".

    Again, great post.

  2. Many thanks for this, Ramon.

    As you so aptly put it, there is a real danger of FCPA and other compliance programs becoming more about plausible deniability than achieving genuine compliance. Local Agents and business partners very quickly discern a company's real motives and adapt themselves accordingly, and thus the seeds of eventual disaster are sown.

    I am curious about the "lite" induction process you mentioned: did the program provide any opportunity at all for receiving your important feedback? I believe compliance officers in US and other companies reading this can gain a lot from observations like yours in improving their induction programs. Again as you pointed out, due diligence at a distance is an incomplete and dangerous business.

    Thank you so much.


Comments are closed for this article!