Contracts between companies and third parties might be the usual bailiwick of lawyers. But any robust program should give compliance officers a chance to know what compliance-related language is in those contracts, or what’s missing, and have a voice in the contract approval process.
What are some compliance-related clauses? Audit rights are the starting point. They’re an essential safeguard for exposing third-party bribery.
Other relevant clauses are duties to comply, train employees, monitor compliance, and disclose breaches. Termination and special damage clauses can be important, along with promises to cooperate in any investigation, and so on.
The clauses serve multiple purposes. They impose compliance-related obligations on third parties. They grant companies the legal authority to monitor and detect bribery and take remedial action if there are breaches.
There’s something else. Those clauses evidence an intent to comply. They’re a signal to everyone — third parties, enforcement agencies, regulators, stakeholders, and others — that compliance matters. If a problem arises notwithstanding the company’s efforts, evidence of intent will be a crucial part of its defense.
What do the DOJ and SEC say about contract provisions?
In the FCPA Resource Guide, a hypothetical scenario about successor liability includes this:
Company A also requires Foreign Company’s third-party distributors and other agents to sign anti-corruption certifications, complete training, and sign new contracts that incorporate FCPA and anti-corruption representations and warranties and audit rights.
A due diligence discussion says:
[C]ompanies should undertake some form of ongoing monitoring of third-party relationships. Where appropriate, this may include updating due diligence periodically, exercising audit rights, providing periodic training, and requesting annual compliance certifications by the third party.
A section about managing risks with consultants says companies should ensure that . . .
. . . the contract spells out exactly what services and deliverables (such as written status reports or other documentation) Consultant is providing; training Consultant on the FCPA and other anti-corruption laws; requiring Consultant to represent that he will abide by the FCPA and other anti-corruption laws; including audit rights in the contract (and exercising those rights); and ensuring that payments requested by Consultant have the proper supporting documentation before they are approved for payment.
The DOJ’s Evaluation of Corporate Compliance Programs is equally explicit. It directs prosecutors to “analyze whether the company has ensured that contract terms with third parties specifically describe the services to be performed, that the third party is actually performing the work, and that its compensation is commensurate with the work being provided in that industry and geographical region.”
A section in the Evaluation headed Management of Relationships asks:
“Does the company have audit rights to analyze the books and accounts of third parties, and has the company exercised those rights in the past?. . . How does the company incentivize compliance and ethical behavior by third parties? “
Compliance officers shouldn’t tell lawyers how to do their jobs. And no one is suggesting compliance officers replace lawyers when it comes to drafting and negotiating third-party agreements.
But as part of any robust program, compliance officers should have a well-delineated role that includes reviewing agreements with third parties and joining in final approval. Between lawyers and compliance officers, there can always be a sensible division (and sharing) of labor.