After reviewing the FCPA Blog’s post, “When do issuers disclose their FCPA problems?” which focused on the seven resolved FCPA cases during the first half of 2018, I also examined each of the enforcement actions with a specific goal of determining the impact of due diligence in these cases.
Since I continually preach about the necessity of proper due diligence, I was not disappointed in my analysis.
Of the seven cases through the first half of this year, due diligence, or lack thereof, was a specific reference in five:
“There is no evidence to suggest that Plaza conducted any due diligence on the 2006 Consultant prior to entering into this agreement.” https://www.sec.gov/litigation/admin/2018/34-82849.pdf
“Kinross contracted with a politically-well-connected third-party consultant to facilitate contacts with high-level government officials without conducting the heightened due diligence required by the company’s policies and procedures.” https://www.sec.gov/litigation/admin/2018/34-82946.pdf
“PAC [Panasonic Avionics Corporation] recommended, but did not require, third-party due diligence reports concerning the consultants…While PAC historically conducted no meaningful due diligence on its sales agents, beginning in at least 1996, PAC started including audit rights in its contracts with sales agents.. . . However, PAC did not exercise its audit rights in order to avoid upsetting relationships with the agents. In early 2007, PAC began to put in place due diligence procedures for screening sales agents, including those agents with established relationships with PAC.” https://www.sec.gov/litigation/admin/2018/34-83128.pdf
“On or about November 8, 2012, the Libyan intermediary and an attorney representing him provided [Societe Generale] Employee 2 with answers they could use in responding to inquiries concerning Societe Generale’s engagement of the Panamanian Company, including repeating the false representation that the Panamanian Company met Societe Generale’s stringent due diligence requirements in effect in 2012. https://www.justice.gov/criminal-fraud/file/1072451/download
“Legg Mason did not timely institute appropriate risk-based due diligence and compliance requirements pertaining to the retention and oversight of such agents and business partners.” https://www.sec.gov/litigation/admin/2018/34-83948.pdf
- Due diligence is not a “nice to have”; it’s a “must have.”
- Basic due diligence is not sufficient for high risk engagements.
- Due diligence may not prevent the issue, but, at a minimum, should alert of possible red flags or risk in the engagement.
- The DOJ and SEC consider due diligence (or lack thereof) when reviewing cases and determining punishments.
- Proper due diligence is a fundamental step in a well-structured compliance program.
- Proper due diligence takes time and money.
- Determining the proper level of due diligence, given the situation.
- There is no due diligence program that can perfectly address every possible scenario.
- Due diligence is critical, but must be supplemented with other compliance initiatives and internal controls.
Scott Shaffer, pictured above, is the Managing Director for the Kreller Group in Cincinnati, Ohio. For the past 23 years he has consulted with clients to address due diligence objectives, customizing due diligence programs for new clients, and analyzing current trends regarding regulatory compliance.