Compliance professionals have known for decades that intermediaries are involved in nearly all FCPA anti-bribery violations. The DOJ and SEC say plainly that FCPA enforcement actions “demonstrate that third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions.” And yet, many companies still retain intermediaries, and some of those companies still end up as FCPA defendants. It’s weird, right?
Third-party intermediaries, often multiple agents or consultants, participated in the bribery in every corporate FCPA enforcement action since 2020 and every case on the FCPA Blog’s current top ten list.
For example . . . . .
Deutsche Bank used hundreds of so-called “business development consultants” between 2009 and 2016 and predictably became an FCPA defendant in 2021.
Prosecutors identified at least eight consultants Alstom retained around the world. Alstom landed on our top ten list in 2014 and is still there.
Glencore joined the top ten list in 2022. During a ten-year period, the company paid over $100 million to third-party intermediaries. It knew “a significant portion of these payments would be used to pay bribes to officials in Nigeria, Cameroon, Ivory Coast, Equatorial Guinea, Brazil, Venezuela, and the Democratic Republic of the Congo (DRC),” the DOJ said.
Without belaboring history, let me repeat: Every corporate FCPA enforcement action since 2020 and every case on the top ten list involved agents, consultants, or distributors. And yet it keeps happening. Most active FCPA investigations that companies or agencies have disclosed involve intermediaries. How can we understand this recurrent compliance breakdown?
It’s even more weird because most corporate FCPA defendants today have compliance programs. They have compliance officers dedicated to their work, with budgets adequate to get the job done. So, why do intermediaries keep leaving their fingerprints all over FCPA violations?
Some of the blame goes to an unlikely source — the DOJ and SEC. Their FCPA Resource Guide says (with my emphasis) that “companies should have an understanding of the business rationale for including the third party in the transaction.”
Similarly, the DOJ’s Evaluation of Corporate Compliance Programs says, “Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction, and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials.” (my emphasis)
The phrase “business rationale” creates problems for compliance. First, the phrase is a blueprint for commercial people who want to retain intermediaries. Looked at simplistically, the feds are blessing intermediaries when there’s a “business rationale” for them. So, commercial people provide the business rationale and receive the blessing. Who are compliance to question it?
Second, the phrase “business rationale” frames the issue as commercial, which gives commercial folks an argument why compliance should have little or no say. “The decision to retain third parties rests on a business rationale,” the argument goes. “We’ve provided the business rationale. Therefore, it’s a business decision, not a compliance decision, and is thus outside compliance’s jurisdiction.”
If the DOJ and SEC had used another phrase, such as “intermediary justification,” I think compliance officers today would have an easier task and be more effective.
Another problem is the common failure to distinguish between knowing the business rationale for retaining third parties versus knowing the accuracy and validity of that business rationale. Commercial folks might be able to provide excellent justifications for retaining third parties. But are those justifications true and relevant? Said another way, is compliance allowed to test a business rationale, or must compliance accept the rationale at face value?
Earlier, I mentioned FCPA defendants Glencore, Alstom, and Deutsche Bank. Consider this: Glencore’s payroll includes about 135,000 employees and contractors. Yet it retained intermediaries for Nigeria, Cameroon, Ivory Coast, Equatorial Guinea, Brazil, Venezuela, and the DRC. Alstom has 75,000 employees; it retained at least eight agents around the world. Deutsche Bank has more than 80,000 employees but still used hundreds of so-called “business development consultants.” Something’s wrong with this picture.
Shouldn’t global companies with tens of thousands of employees be able to do business anywhere, using their employees’ vast accumulated skills, knowledge, energy, and creativity? With very few exceptions, why should industry-leading giants like Glencore, Alstom, and Deutsche Bank want or need a business rationale to retain third-party intermediaries?
There’s a lazy presumption in some companies that even a boilerplate business rationale is all that’s needed to retain intermediaries, and whenever there’s a business rationale, that’s reason enough to exclude or marginalize compliance.
It’s a serious problem, but it’s solvable. As part of Novartis’ voluntary remedial action described in its 2020 FCPA settlement order, the SEC said (with my emphasis) that Novartis “improved its due diligence and business justification process for third parties.” I’m guessing Novartis’ remedial action reset the relationship between commercial lines and compliance and, by doing so, brought true change.
Any company can do what Novartis did, and every company should. Otherwise, agents, consultants, and distributors will continue to leave their fingerprints all over many more FCPA violations. And that’s weird.
Comments are closed for this article!