FCPA 3 rd Party Management for M&A Activity

Transcription

1 FCPA 3 rd Party Management for M&A Activity Tom Fox Tom Fox Law Greg Dickinson CEO, Hiperos

2 Presenters: Thomas Fox, Tom Fox Law Greg Dickinson, CEO Hiperos Hiperos All rights reserved.

3 Who is Hiperos? Leader in 3 rd Party Management (3PM) Manage 3 rd party compliance, risk and performance Hiperos FCPA implemented at fortune 500 organizations SaaS Solution provides flexibility and efficiency to manage FCPA Hiperos All rights reserved.

4 Mergers and Acquisitions Under the FCPA

5 What We Will Cover DOJ/SEC Guidance Pre-Acquisition Steps Post-Acquisition Steps Team Make Up Time-tables Hiperos All rights reserved.

6 Lessons Learned On Compliance and Ethics Hiperos All rights reserved.

7 Pre-Acquisition Steps Hiperos All rights reserved.

8 Risk Assessment It should all begin with a risk assessment. An objective view of the risks faced and the level of risk exposure, such as best/worst case scenarios. It is the lens through which to view the feasibility of the business strategy and help to value the potential target Hiperos All rights reserved.

9 Pre-Acquisition Due Diligence 1. Risk review the high risk geographic areas where your company and the acquisition target company do business. 2. Obtain from the acquisition target company a detailed list of sales going back 3-5 years, broken out by country and, if possible, obtain a further breakdown by product and/or services. 3. If the acquisition target company uses a sales model of third parties, obtain a complete list, including Joint Ventures (JVs). It should be broken out by country and amount of commission paid. 4. Interview the acquisition target company personnel who are responsible for its compliance program to garner a full understanding of how they view their program Hiperos All rights reserved.

10 Pre-Acquisition Due Diligence (cont d) 5. Review the travel and entertainment records of the acquisition target company s top sales personnel in high risk countries. 6. You may need to self-disclose any violations that you discover. 7. When performing FCPA due diligence, also look for AML and export control issues Hiperos All rights reserved.

11 Who Should You Talk To Start with your own employees if the geographic markets overlap as they may be your best source of intelligence. Engage in discussions with the target company's general counsel, vice president of sales, and head of internal audit regarding all corruption risks, compliance efforts, and any other major corruption-related issues that have surfaced at the target company over the past ten years. Talk to the highest volume sales people to get an idea of their views on compliance Hiperos All rights reserved.

12 Sales Agreement Provisions Indemnity Clawbacks Reps and Warranties, including Absence of Government Ownership; All transactions are permitted under local law; Target has made no corrupt payments; Books and records are accurate Hiperos All rights reserved.

13 Key Takeaways Your pre-acquisition actions allow you to properly evaluate and assess the target. Review and scoring of third parties is critical. It also prepares your company for post-acquisition integration. The documentation of your actions and analysis is critical for post-acquisition and any regulatory review Hiperos All rights reserved.

14 Post-Acquisition Steps Hiperos All rights reserved.

15 Post-Acquisition Steps 1. Conduct thorough risk-based FCPA and anti-corruption due diligence on potential new business acquisitions; 2. Apply as quickly as is practicable code of conduct and compliance policies and procedures to newly acquired businesses or merged entities; 3. Train the directors, officers, and employees of newly acquired businesses or merged entities, and when appropriate, train agents and business partners, on the FCPA, company's code of conduct and compliance policies and procedures; 4. Conduct an FCPA-specific audit of all newly acquired or merged businesses as quickly as practicable; and 5. Disclose any corrupt payments discovered as part of its due diligence of newly acquired entities or merged entities Hiperos All rights reserved.

16 Integration of Compliance Program The acquiring company should ensure that its policies, standards and procedures regarding anticorruption laws and regulations apply as quickly as is practicable to newly-acquired businesses but in any event no more than one year post-closing Hiperos All rights reserved.

17 Training Train directors, officers, employees, agents, consultants, representatives, distributors, joint venture partners, and relevant employees thereof, who present corruption risk to, on the acquiring company s policies and procedures and any applicable anti-corruption laws and regulations. Risk ranking is the key Hiperos All rights reserved.

18 FCPA Audit (a) On-site visits by an FCPA audit team comprised of qualified personnel from the Compliance and Legal Divisions who have received FCPA and anti-corruption training. (b) Participation in the on-site visits by qualified auditors; either internal audit or outside forensic expert consultant. (c) Review of a representative sample, appropriately adjusted for the risks of the market, of contracts with and payments to individual foreign government officials or health care providers, as well as other high-risk transactions in the market Hiperos All rights reserved.

19 FCPA Audit (cont d) (d) Creation of action plan for remediation resulting from issues identified during FCPA audit. These action plans should be shared with appropriate senior management, including when appropriate the Chief Compliance and will contain mandatory remedial steps designed to enhance anti-corruption compliance, repair process weaknesses, and deter violations; and (e) Where appropriate, feasible, and permissible under local law, review of the books and records of a sample of distributors which, in the view of the FCPA proactive review team, may present corruption risk. (f) Self-disclose any FCPA violations uncovered in the audit Hiperos All rights reserved.

20 Who Should be on the team 1. Compliance Team members 2. Legal Team Members 3. Auditing Team-including both company internal audit and expert subject matter expert 4. Remember privilege Hiperos All rights reserved.

21 Time-Tables Time Frames Halliburton J&J DS&S FCPA Audit 1. High Risk Agents 90 days 2. Medium Risk Agents 120 Days 3. Low Risk Agents 180 days 18 months to conduct full FCPA audit As soon as practicable Implement FCPA Compliance Program Immediately upon closing 12 months As soon as practicable Training on FCPA Compliance Program 60 days to complete training for high risk employees, 90 days for all others 12 months to complete training As soon as practicable Hiperos All rights reserved.

22 Key Takeaways Tight time frames demand adequate and accurate documentation of actions and remediation plans. Documented analysis of third parties, scoring and risk assessment is necessary. Document training, Document scoring, Document evaluation, Document everything. Documented pre-acquisition steps are critical as they will inform your steps going forward. Pre-acquisition steps will lower your post-acquisition costs Pre-acquisition steps will smooth and make more efficient your post-acquisition efforts Hiperos All rights reserved.

23 Hiperos AB/FCPA 3 rd Party Management Greg Dickinson CEO, Hiperos

24 The Reality of 3 rd party management The majority of FCPA investigations involve a company s 3 rd parties 60% have no system in place for monitoring high-risk 3 rd parties after they ve put a contract in place with them. Almost 90% have no technology in place to assess, monitor, manage and report on the FCPA risk of their 3 rd parties (spreadsheets, SharePoint, inadequate technology) Tight timelines for M&A activity Thousands of suppliers Hiperos All rights reserved.

25 Pre-Acquisition 3 rd party management Traditionally - FCPA focus is mainly on sales channel only looking at agents - Limited focus on the supply chain Initial due diligence - quickly segment by spend, geographical location Use your internal controls to quickly score (risk rank) 3 rd parties without incurring millions of dollars in spend Hiperos All rights reserved.

26 Post Acquisition 3 rd party management One source of truth - An objective and consistent way to incorporate the acquired co s 3rd parties Speed - implement in months, not days Automation and Workflows Alerts/notifications of changes in risk FCPA compliance is a continuous event not a snap shot in time Contract Management Training Hiperos All rights reserved.

27 3 rd Party Management Process Due Diligence O N B O A R D I N G 3 rd Parties Agents Suppliers Channel Partners Resellers Segment By Profile Attributes Preferences: Category Spend Country Initial Due Diligence Request Deeper Due Diligence Due Diligence Analysis Distribute High Risk Profiles & Findings to Key Stakeholders Assess and Review Relationships to Continue or to Terminate Contracts Monitor & Manage Contracts Contract Manufacturers Hiperos All rights reserved.

28 Q & A Hiperos All rights reserved.

29 Thank you for Attending Thomas R. Fox ph: Follow me at Follow my blog at Hiperos ph: View past FCPA webcasts: Hiperos All rights reserved.