Small and medium-sized enterprises (SMEs) are increasingly trading outside their local regions to access the opportunity and potential for high growth in emerging markets overseas. In Europe, for example, a survey authorised by the European Commission highlights that about half of SMEs in the European Union have been involved in international business outside the European Internal Market over the last three years.
A direct consequence of this internationalisation of commerce is that SMEs are often finding themselves engaging with third parties around the globe to facilitate their business operations. In the wake of the UK Bribery Act 2000 (Bribery Act), and under the extensive reach of the US Foreign Corrupt Practices Act 1977 (FCPA), liability for corruption can be triggered when a bribe is paid indirectly through a third party. This opens up significant risks, and SMEs, unlike their blue chip counterparts, may not be so well versed with anti-corruption procedure and may lack dedicated compliance teams.
The vast fines consistently levied by the US Department of Justice (DoJ) and Securities Exchange Commission (SEC), and those imposed by the United Kingdom’s Serious Fraud Office are a clear reminder that the importance of effective third-party due diligence cannot be understated. Indeed, following a recent prosecution, the chief of the SEC Enforcement Division’s FCPA Unit noted that
This is a wake-up call for small and medium-size businesses … when a company makes the strategic decision to sell its products overseas, it must ensure that the right internal controls are in place and operating.
Although recent enforcements and media attention may dissuade SMEs from participating in international commerce and establishing valuable relationships with third parties in overseas territories, such a response would be an overreaction; with appropriate measures in place, there is a way forward.
What is effective due diligence?
Both the United Kingdom and the United States recognise that, to be effective, due diligence does not always require a “kitchen-sink” approach; the extent of corruption risks will vary and, accordingly, so will the level of due diligence required.
Under the Bribery Act, a company will not be guilty of failing to prevent an act of bribery carried out by a third party on their behalf if they have “adequate procedures” in place to prevent such conduct. To demonstrate the presence of these adequate procedures, guidance from the Ministry of Justice recommends that the level of due diligence should be proportionate to the risk of corruption faced by the company and conducted using a risk-based approach.
DoJ and the SEC, through enforcement policies and Opinion Releases, have provided guidance on the FCPA, stating that the degree of due diligence necessary may vary depending on a number of factors, such as the industry, location, size and nature of a transaction, and the historical relationship with the third party.
Identifying risk
The engagement by a company of any third party agent poses a risk, but the level of that risk will vary.
For example, a UK company contracting with a distributor based in Denmark to resell products to Denmark-based retailers does not present the same level of risk as a UK company engaging a business consultant in Kazakhstan chosen by an official of the contracting company, for the sale of equipment to a large state-owned oil company.
These contrasting scenarios highlight that risk factors such as industry, geographical location and the nature of the third party relationship are all relevant in assessing what will be required for due diligence to be effective.
[ Continue reading → ]