Mitigating Corruption Risk When Acquiring Companies in High-Risk Jurisdictions

Transcription

1 Mitigating Corruption Risk When Acquiring Companies in High-Risk Jurisdictions By Bill Olsen, Scott Nemeroff, Dan Reynolds and Alex Koltsov Grant Thornton The hallmark of merger and acquisition activity in 2016 was the rugged resiliency of deals, especially in relation to cross-border transactions. Moving into 2017, the M&A market faces regulatory uncertainty as deal-makers await the fallout from global elections. However, it is clear one goal will remain unchanged: private equity groups and corporations will continue to look for growth in new and emerging markets. As a result, bribery and corruption regulatory risks will remain a primary concern. See Successor Liability in the Spotlight With Mondelēz s $13M FCPA Settlement After Purchase of Cadbury India (Feb. 1, 2017). Why Conduct Pre-Acquisition Due Diligence? In an acquisition, the successor (Buyer) assumes the predecessor s (Target) liability. Therefore, the DOJ and SEC have encouraged organizations to conduct risk-based pre-acquisition due diligence and post-acquisition integration procedures that specifically address bribery and corruption risk. Challenges Companies Face During the pre-acquisition phase, the Buyer often is limited in its ability to assess the Target s bribery and corruption-related risk profile. The availability of information provided to the Buyer varies and is often dependent on the leverage the Buyer has with the Target as well as a function of the time pressures related to the deal. Furthermore, Targets may provide only summary-level financial data and limited information on customers and vendors, given that third parties may be hesitant to interact directly with Buyers. The DOJ and SEC, however, make it clear that doing nothing is not an option. Given this, organizations need an efficient and cost-effective methodology to identify potential bribery and corruption risks, particularly when Targets are in high-risk geographies or industries. Risk-Based Diligence Solutions Applying a structured, risk-based framework to effectively minimize bribery and corruption risks protects the Buyer and is therefore critical to increasing the likelihood of a successful transaction. A key tenet of a risk-based approach is the use of data analytics during the pre-acquisition due-diligence process. Doing so allows companies to identify risks on the front end and provides transparency before the deal closes. There is no one-size-fits-all approach when it comes to anti-corruption/anti-bribery (ABAC) due-diligence procedures. Evaluating bribery and corruption risk of the Target will allow the Buyer to weigh the inherent risk of the potential acquisition against the cost of the deal and strategic intent of the post-acquisition relationship between Buyer and Target. In short, pre-acquisition due diligence is the first opportunity to identify the risk of bribery and corruption to either gain comfort with the risk and move forward or avoid the risk altogether and walk away from the deal. Companies often ask us questions like: How much can I realistically get done before a deal closes? and What if I cannot obtain certain detailed financial information? To address such concerns, this article provides a risk-based framework that contemplates both qualitative and quantitative procedures that Buyers should consider during the pre-acquisition phase. The framework is adaptable, allowing for the fact that every deal is different and that the timeline 1

2 and availability of information directly impacts the procedures that can be performed prior to the closing of a deal. The procedures within this framework can be executed concurrently or in a linear fashion, as appropriate given the nature of the deal in question. Information Gathering Qualitative Due Diligence A likely first step in the ABAC due-diligence process is to request information from the Target, often in the form of questionnaires, surveys or interviews with management. Information gathered in this phase typically includes the following categories: Ownership Structure: Information regarding the Target s ownership structure, including beneficial owners, should be examined to determine if the Target has relationships with any public officials or state-owned entities. Policies and Procedures: The Target s ABAC related policies and procedures should be obtained and reviewed by the Buyer. Examples include, but are not limited to, the Company s Code of Ethics, ABAC policy and policies relating to gifts and entertainment, international conduct, travel and expense, charitable donations, political contributions, third party due diligence, whistleblower and investigation protocols. Existing Anti-Corruption Program: To the extent the Target has an ABAC compliance program, details regarding the program should be obtained and evaluated. Information to obtain includes details regarding training provided to employees and third parties, risk assessments performed, results of monitoring activities, and audits of third parties, including information about past bribery and corruption issues and how they were resolved. Direct Government Interaction: Determine if the Target has any direct interactions with government officials as part of their day to day operations. These interactions could include sales to government entities, pursuing government contracts or filing for licenses or permits. Identifying direct government interaction will assist in understanding the operational risk of the Target and help focus the scope of additional due-diligence procedures. Third Parties: Inquire about the Target s use of third parties. This includes identifying third parties that have interactions with customers and prospects and/or have interactions with government officials on behalf of the Target. Open-Source Intelligence Primary Procedures Based on the information gathered, the Buyer should execute procedures to verify the information provided by the Target and to identify any additional information about the company, its owners, and critical third parties that may affect the Target s overall risk profile. There are a number of commercially available tools that screen selected entities (and individuals, if appropriate) against hundreds of public sources to determine if the company and/or its owners are subject to economic sanctions or past criminal or regulatory enforcement actions. Furthermore, open-source intelligence (i.e., the collection and analysis of information from publicly available sources) may help identify state ownership, relationships with politically exposed persons or specially designated nationals. Open-Source Intelligence Enhanced Procedures When acquiring organizations, particularly in high-risk geographies, open-source intelligence may be of limited utility. Not only does the information available in the public domain vary from country to country but privately-held organizations may have a limited digital footprint in publicly available records. In these scenarios, Buyers should consider performing a deeper dive by conducting enhanced procedures, such as those below: validating the ownership structure of the company by obtaining registration records and corporate filings (this process will also identify beneficial owners that may not have been identified in the open source due diligence phase); 2

3 identifying subsidiaries and other affiliates of the Target and performing open-source intelligence procedures on the newly identified entities and/or individuals; reviewing for adverse media (in the local language) in both local and global publications; and interviewing business references to corroborate Target-provided information. See Due Diligence in Africa: The Human Intelligence Factor (Apr. 12, 2017). Examining Information Received Armed with external information gathered during the aforementioned phases, organizations can begin to draw inferences as to the Target s commitment to compliance and to glean insight into the organizational culture. In this phase, the Buyer should consider whether there is any information identified that the Target failed to disclose in the questionnaire or during interviews, or if there are specific fact patterns or findings identified that require follow-up. These findings and fact patterns lead to the development of tailored, risk-prioritized work plans to analyze, identify, and test financial transactions that may validate exposure. As always, a trust-but-verify mindset is key throughout the due-diligence process. See Anti-Corruption Due Diligence Checklist for Mergers and Acquisitions (Jun. 12, 2013). Quantitative Due Diligence: Pre-Acquisition ABAC Analytics In a perfectly transparent world, the Target would provide all transaction-level financial information to the Buyer and highlight areas of known risks and concerns. The reality is that the availability and robustness of a Target s transactional data often depends on the leverage the Buyer has, the stage of the acquisition, the goal of the acquisition (i.e., strategic vs. financial), and the proximity of the closing date. Assuming that financial due-diligence procedures are ongoing, Buyers can use analytics to highlight bribery and corruption risks that typical quality-of-earnings procedures may not capture. By prioritizing resources on areas of elevated risk, the Buyer can gain more confidence that it has reasonably evaluated and mitigated bribery- and corruption-related risk. Data analytics are a component of the broader pre-acquisition due diligence framework. Analytics allow for the identification of a baseline of behavior for vendors, employees, and departments. This baseline permits the further identification of patterns and outliers that may constitute red flags requiring further investigation. We have observed companies leverage a risk-scoring methodology to assist in identifying elevated bribery and corruption risk. The methodology incorporates input from both internal and external data sources as well as the necessary industry and subject-matter expertise. A proper risk-scoring methodology first needs to assess what population of data is being analyzed. For example, it is of limited utility to analyze payments made to sales agents in Russia against supplier discounts in Brazil. Model Analytics There are an infinite number of ways companies can use analytics to uncover corruption-related risks. Below are several examples of pre-acquisition analytics that may be combined with typical fraud analytics (e.g.,round dollar and duplicate payments) to identify potential bribery and corruption red flags. These analytics are not inclusive but rather are intended to provide considerations for future procedures. As referenced previously, analytics must be contained within their appropriate dimensions to ensure that outliers actually do represent potential red flags. 3

4 Identification of Potentially Hidden Payments to Third-Party Agents By nature, illicit payments are hidden within the books and records of an entity. But it is unreasonable to expect a Buyer to review every payment a Target has made to third parties. Instead of examining each payment tothird-party agents, a company could consider using analytics. For example, analysts could disaggregate the total payments tothird-party agents to identify the amounts associated with products, services, contractual fees and taxes. Then the analysts can compare the above categories acrossthird-party agents. This can highlight the average composition of the fees, allowing for the ready identification of outliers which may be considered a red flag. For those third-party agents whose fee compositions are not within a defined acceptable range, additional procedures may be warranted to identify the support available for the payments in question. See below for further guidance on transaction testing. Comparison of Profit Margins for Products Sold Into a Distribution Channel One reason for acquiring a company is to gain entry into a new market. In many scenarios, companies that operate in higher-risk geographies depend on distribution partners. Companies can use analytics to identify the Target s product cost and the associated sales price to a distributor. The difference between these two figures will provide a de facto profit margin. Analyzing the Target s distribution partners and the associated profit margins can identify distribution partners with favorable terms and, by extension, be indicative of potential side deals. Likewise, calculating a change in profit margin across similar products by distributor over a longer period can highlight certain time periods that may be subject to additional scrutiny. If outliers are identified during these procedures, additional investigation of the individuals involved in those distributor relationships may be warranted. This investigation could include reverting to enhanced open-source intelligence procedures to ascertain potential connections between Target employees and distribution partners. See No Good Deed Goes Unpunished: Possible Unintended Consequences of Enforcing Supply-Chain Transparency (Part One of Two) (Apr. 26, 2017); Part Two (May 10, 2017). Payment Trends to Third-Party Agents Third-party relationships pose numerous corruption risks. Analytics can be used to examine payment trends to third-party agents as compared to the overall activity of the company or department. For example, if a Target s sales are declining, it may be reasonable to expect that payments tothird-party agents would also decline. Payment evidence to the contrary should be investigated. This concept should not only incorporate the Target as a whole, but such inquiries should contemplate specific product lines or departments as well as the third-party agents that are associated with those sub-sections of the Target s overall business. Additional analysis should consider a shift in third-party agents that provide seemingly similar services that may be indicative of side deals or illicit behavior that resulted in third-party termination and subsequent onboarding. For example, if a freight forwarder in China that historically received a fee of 3 percent of the freight value was terminated and replaced by new freight forwarded who now charges the company 5 percent of the freight value, that contract and the shift in third-party agents should be analyzed to understand the true business need around the arrangement. 4

5 Risk Scoring Based on Analytics and Other Intelligence The information identified during pre-acquisition ABAC analytics should then be analyzed and compared to information gathered during interviews and alongside the Target s experience in the typical order of business in that industry and in that geography. In addition, analytical procedures can be performed and the results can be incorporated into the risk-scoring methodology. Routine analytics can serve as key inputs within the overall risk score. Incorporating a risk-scoring methodology across the Target s business transactions can provide a comprehensive analysis of the Target s bribery and corruption risk. The risk-scoring process will provide insight into virtually all business interactions and allow a Buyer to evaluate areas where it appears that the Target has engaged in risky behavior. In such cases, focused transaction-testing procedures can be established to address the areas identified as presenting an elevated risk. See Using Data Analytics to Meet the Government s Anti-Corruption Compliance Expectations (May 4, 2016). Transaction Testing Conducting transaction testing is a great way to identify possible illicit activity as well as provide insight into the maturity of the Target s financial controls. Transaction testing must go beyond matching journal-entry data points to a transaction s supporting documentation. Understanding the business purpose in concert with the nature of interactions among the parties to each transaction is key when trying to identify possible bribery or corruption activity. Often, reviewing supporting documents alone will not allow a due diligence practitioner to achieve these goals, and further inquiries may be required to clarify an observation. For the most part, a review of the supporting documentation provides only a quick assessment of the financial control environment and any ABAC compliance procedures implemented by the Target. Leveraging information gathered during the qualitative and quantitative due-diligence processes, the Buyer can target transactions for testing that have been identified as having elevated bribery and corruption risk characteristics. For the selected sample, transaction details are then analyzed to determine: compliance with the terms of the contract with third parties; compliance with related organization policies and procedures; compliance with applicable ABAC regulations and best practices; invoices or other supporting documentation are included, transparent, and appear reasonable; the amount paid matches the invoice amount and appears to be reasonable based on the business environment; and that no additional unusual or suspicious activity exists. Conclusion The early identification of a weak ABAC compliance program at the Target organization and the identification of potential red flags during due diligence will allow the acquiring organization to assess the ABAC-related risk associated with an acquisition. In addition, the early identification of possible corruption-related activity could save the Buyer from successor liability issues and the regulatory concerns and inquiries that may follow as a result. We encourage companies to review their M&A playbook to ensure that it includes pre-acquisition due-diligence procedures designed to assess bribery and corruption risk. In addition, companies should ensure that anti-corruption compliance professionals have a defined role in the M&A process to mitigate bribery- and corruption-related risk. These professionals are typically members of the legal or compliance department. Defining the roles in the M&A playbook helps to demonstrate the 5

6 organization s commitment to compliance. By incorporating an analytical, risk-based approach to address corruption and bribery risk, organizations can remain agile in the deal process and provide the basis for informed decisions in the M&A deal life cycle. Remember, the regulators are expecting organizations to not only consider bribery and corruption risk during a deal but also be able to demonstrate how these risks were identified and addressed. Defining a risk framework that memorializes how risks were identified and what procedures were performed allows Buyers to quickly respond to regulatory inquiries. The depth and timeliness of a regulatory response can be the difference between a peek under the table cloth or a long, drawn out, costly investigation and remediation process. Bill Olsen is a principal and practice leader for the Atlantic coast forensic advisory services practice of Grant Thornton. He is also the national practice leader for cross-border investigation and anti-corruption services. Olsen is the author of the Anti-Corruption Handbook and was a contributor to the World Bank Institute s Fighting Corruption Through Collective Action guidelines. Scott Nemeroff is a senior manager in Grant Thornton s forensic advisory services practice specializing in matters involving bribery and corruption risk. He has assisted his clients with multi-national FCPA investigations and regularly consults with his clients regarding the assessment, development, implementation and execution of anti-bribery/anti-corruption programs. Nemeroff has experience conducting third-party due diligence, risk assessments, acquisition due diligence and monitoring procedures as they relate to bribery and corruption risk. Nemeroff is certified fraud examiner and certified internal auditor. Dan Reynolds is a manager in Grant Thornton s forensic advisory services practice specializing in third-party risk and anti-corruption regulations. He has helped multinational companies establish third-party due-diligence procedures, perform risk assessments and establish monitoring functions to mitigate ABAC and other regulatory risks associated with expanding into the global marketplace. Reynolds is a certified public accountant, certified fraud examiner and a certified anti-money laundering specialist. Alex Koltsov is a manager in Grant Thornton s forensic advisory services practice. He serves clients on a variety of engagements including fraud and corruption investigations and complex data analytics and visualization. He has deep expertise of forensic accounting principles, asset tracing techniques and fraud detection procedures. Koltsov is a certified fraud examiner and is trained in the REID technique for investigative interviewing and advanced interrogation. 6