BEST PRACTICES FOR MITIGATING FCPA RISK Prepared for Strafford Publications Teleconference “Foreign Corrupt Practices Act in China” April 1, 2008 ©2007 Kirkpatrick & Lockhart Preston Gates Ellis LLP All Rights Reserved Ed Fishman Kirkpatrick & Lockhart Preston Gates Ellis LLP 1601 K Street, NW Washington, DC 20006-1600 (202) 778-9456 ed.fishman@klgates.com Why is Risk Mitigation Important? Criminal Penalties Up to $2 million per violation for companies Up to $250,000 fine and 5 years in prison for individuals Alternative fines equal to twice amount of total profit Civil Penalties Injunctions against future violations Civil monetary penalties Collateral consequences (e.g., debarment) A company cannot indemnify an officer, director, employee or consultant for fines assessed in violation of the FCPA and insurance will not cover such fines or penalties. FCPA Risk Mitigation Essentials Three Core Elements: Internal Compliance Program Due Diligence on Third Parties/Transactions Prompt Response to Possible Violations U.S. Government will consider each of these elements in evaluating whether to bring enforcement action. FCPA Compliance Program Essentials FCPA Policy Framework Written and Clearly Defined Corporate Policy Regularly Updated and Improved Aim for Clarity and Simplicity Effectively Disseminated and Communicated Tailored To Local Risks and Practices Subset of Corporate Ethics Policies Addresses Local and Other Applicable Laws FCPA Compliance Policy (cont.) Substantive Content of FCPA Policy Explain Key Statutory Provisions and Risk Areas Provide Guidance on Permissible Behavior Tailor to Specific Operating Risks Gift Guidelines – No Cash; Nominal Value Meal and Entertainment – Legitimate Business Purpose, No Cash and Not Excessive Travel – Reasonable and Bona Fide Expenditures in Connection with Product Demonstration Donations and Lobbying – Seek Company Approval FCPA Compliance Policy (Cont.) FCPA Internal Controls Cash Handling Procedures Accounting and Financial Controls Recordkeeping Requirements Segregation of Duties Documentation Requirements Authorization Requirements FCPA Compliance Program (cont.) Training and Education Live Training Preferred Local Language If Necessary Must Be Understandable To Be Effective Initial Training Upon Hiring/Acquisition Periodic Refresher Sessions Supplemental Distributions of Policy/Law Changes FCPA Compliance Program (Cont.) Compliance Monitoring Training Completion Certification Annual Compliance Certification Audit Testing of High-Risk Areas Internal/External Compliance Audits Confidential Reporting System “Tone at the Top” FCPA Compliance Program (cont.) Third Party Agent/Partner Compliance Framework FCPA Certifications Contract Reps and Warranties FCPA Policy Communication and Training Third Party Due Diligence Steps (discussed further below) Range of Third Party Relationships At Issue Challenge is Finding Right Balance FCPA Third Party Due Diligence Determine the Competence, Expertise and Reputation of the Third Party Determine Third Party’s Relations With Government Officials through Family, Prior Employment or Political Activity Caution: Carefully Scrutinize “Success Fees” Maintain Records of Due Diligence Sources of Inquiry: Law Firms, Audit/Consulting Firms, U.S. Embassy, Commerce/State Department, Private Investigators, and Possibly Legal Opinions FCPA Third Party Due Diligence Red Flags A history of corruption in a country Any family relationship between participants and government officials Any unusual means of payment The size of the commission paid to the agent in relation to the services performed Apparent lack of qualifications on the part of the agent to perform services FCPA Third Party Due Diligence Red Flags (cont.) Refusal by any participants to sign certifications or make representations that they will not violate FCPA Any misrepresentations in connection with proposed transaction Requests for false or incomplete documentation Lack of transparency in financial records Lack of internal controls FCPA Red Flags in Plain English “Please Pay Me In Cash” “Pay Me Through My Offshore Bank Account” “My Close Relative Is A Government Official, and You Don’t Have A Chance Unless You Deal With Me” “I Have No Facilities or Staff, But I’ll Get the Job Done” “I Have Never Worked In Your Industry Before, But I Know The Right People” “While My Commission Rate is Twice The Market Rate, I’m Well Worth It” FCPA Transactional Due Diligence Evaluate the Target Company Competence and Expertise Business Model Relationships with Government Officials Family and Business Relationships Corporate Compliance Culture Management Structure FCPA Transactional Due Diligence Evaluate FCPA Compliance Risk Audit Books and Records Audit Internal Controls Examine FCPA Compliance History Review Due Diligence Practices Obtain Legal Opinion on Compliance with Local Laws Obtain Reps and Warranties Prompt Response to Potential Violations What to do if potential FCPA violation is suspected? Investigate through internal/external resources Maintain objectivity, confidentiality and privileges Conduct prompt and thorough investigation Comply with applicable employment/other laws Report findings to appropriate internal channels Evaluate voluntary disclosure issue Prompt Response to Potential Violations Voluntary Disclosure Considerations DOJ/SEC Cooperation for Credit Attorney-Client Privilege Waiver Prior Violations Clarity of Evidence Public or Private Company Considerations Prompt Response to Potential Violations What to do when you encounter Red Flags? Increase Level of Due Diligence Investigation Require Investigation by M&A Target Conduct Joint Investigation Evaluate Potential Successor Liability Weigh Business Risks of Transaction Prompt Response to Potential Violations What to do when you discover potential violation as part of M&A transaction? Require Disclosure Government Public Filings Require Resolution As Condition to Closing Delay Material Changes Accept Risk and Close Protection through Escrow Obligation to Continue Investigation Open-ended Liability QUESTIONS? Contact: Ed Fishman Kirkpatrick & Lockhart Preston Gates Ellis LLP 1601 K Street N.W. Washington, D.C. 20006 (202)778-9456 (direct) ed.fishman@klgates.com