Within minutes of the FCPA becoming law, lawyers developed two compliance tools that were instantly popular and that companies still use today. Due diligence questionnaires and compliance certifications are short and easy to administer and evaluate. Both are relatively non-intrusive and inoffensive, and there’s practically zero cost involved. You can’t describe more appealing compliance tools. No wonder they’re ubiquitous.
It’s curious, then, that the DOJ and SEC issued a specific warning about due diligence questionnaires and compliance representations.
The FCPA Resource Guide says:
Relying on due diligence questionnaires and anti-corruption representations is insufficient, particularly when the risks are readily apparent.
What’s the context for the warning?
It’s a hypothetical case (but a common scenario in real life). A company’s sales executive wants to retain a distributor. During due diligence, a compliance officer learns the distributor’s local partner has opened an offshore bank account and has no expertise in the industry. A background check also reveals that the distributor’s principal is a former college roommate of a senior official of the Ministry of Immigration.
Despite the red flags, the sales executive convinces (browbeats) the compliance officer and finance executive to approve the deal. The sales executive argues that an agreement with the distributor would be “the region’s most important contract and that the detailed FCPA questionnaires and robust anti-corruption representations in the contracts placed the burden . . . to act ethically” on the distributor.
(Sometimes compliance representations are only in the contract; often, there are also free-standing representations in compliance certifications. I’m referring to representations and certifications interchangeably.)
Against this backdrop, the DOJ and SEC issued their warning. I repeat that warning here: Relying on due diligence questionnaires and anti-corruption representations is insufficient, particularly when the risks are readily apparent.
What’s behind the warning? These two compliance tools — questionnaires and representations — have a permanent underlying flaw: They are self-certified. That is, the third party alone provides the responses. In the vast majority of cases, most of those responses are truthful and verifiable. But in some cases, some responses are unreliable. They’re crafted not to reveal the truth but to meet the company’s compliance expectations and requirements.
In the feds’ hypothetical, the distributor (perhaps with help from the sales executive) provided clean answers to the due diligence questionnaire and signed strong compliance-related representations. But some of the answers and representations were clouded by red flags and turned out to be false.
If the distributor then paid bribes, the DOJ and SEC said, both the sales executive and the company could face prosecution for various criminal and civil FCPA violations. The feds didn’t discuss potential charges against the compliance officer and finance executive.
What’s all this mean?
Due diligence questionnaires and compliance certifications are practical and largely effective compliance tools. Many companies have used them to learn facts that stopped dangerous deals from going forward. Even a third party’s refusal to answer a questionnaire or provide representations can be clear evidence of potential compliance problems. At most companies, if an intermediary refuses to respond after three requests, compliance will pull the plug on any ongoing business or proposed deal.
But questionnaires and certifications will always have that underlying flaw. They’re self-certified. For that reason, the common temptation to rely too much on them endangers any compliance program. Just ask the DOJ and SEC.