look carefully before you leapassets.corporatecompliance.org/portals/1/...character risk due...

Diligence International, LLC,Risk and Compliance Consultants

Designing a Cost-Effective Reputation Risk Due Diligence Program for Overseas Markets

Diligence International, LLC, January 2009, Confidential

Look carefully before you leapLook carefully before you leap……

AA good good ““reputation risk due reputation risk due

diligence programdiligence program”” (RRDD) is (RRDD) is

the thread that binds all successful the thread that binds all successful

compliance and risk management compliance and risk management

efforts.efforts.


What is Reputation Risk Due Diligence?AKA “Integrity Risk” or “Character Risk” Due Diligence

• Identifies strategically important information on such matters as family ties, liens and litigation history, and location of assets.

• Identifies red flags such as allegations of fraud and corruption, unfavorable associations, politically exposed persons, and links to terrorism and money laundering.

What is Reputation Risk Due Diligence?AKA “Integrity Risk” or “Character Risk” Due Diligence

• Enables a company to make informed business judgments about potential transactions and relationships.

• Seeks out relevant background and business intelligence information on potential partners, intermediaries and other project parties.

• Identifies integrity data points such as past violations, sanctions, fraud and corruption convictions, investigations, and credit issues.


• U.S. Government self-sustaining development bank

• Provides loans, loan guarantees and political risk insurance

• Operates in over 160 emerging market countries

• U.S. taxpayers are shareholders

• Undersecretary-level public and private sector Board of Directors

• Co-lends with other financial institutions (e.g. IFC, IDB)

• $13 billion in finance and insurance exposure

• Debt provides to approximately 40 private equity funds

• OPIC is “additional” to the private sector

OVERSEAS PRIVATE INVESTMENT CORPORATION

COUNTRIES WITH OPIC SUPPORTED PROJECTS

INCLUDE PAKISTAN, AFGHANISTAN, IRAQ,

BANGLADESH, INDONESIA, NIGERIA …

Project Team Member: We have got a problem with our new project partner. His background info report came out clean but his father was convicted 10 years ago for narcotics and arms trafficking.

Project Manager: Didn’t you just say that our partner was clean? Why are we concerned with his father?

Project Team Member: Our partner’s equity is coming from a company that is owned by his father.

Project Manager: So what? Who is going to bring that up? Besides, all money is grey in that part of the world. Leave thatout of the due diligence report.

OPIC Case HistoryWhat is wrong with this picture?

Why did this happen at OPIC?

• Finance officer bonuses were based in large part on the number of deals closed.

• Project teams have difficulty walking away from their deals and may rationalize negative character risk due diligence info.

• Due diligence guidelines were unwritten, inadequate and didn’t provide for independent review and assessment.

– Potentially negative due diligence info should have been brought to the attention of the General Counsel and upper management.

– The final decision on going forward should have been made by CEO or Board.

Best practices Reputation Risk Due Diligence (RRDD) is a necessity…

• Protects your Company’s reputation

• Key element in successful risk management and compliance programs

• Provides vital business decision information

• FCPA and anti-corruption law prosecutions are on the increase

• Sentencing Guidelines now take RRDD into consideration

• Board priority area (Caremark Case;

FCPA settlement costs)Diligence International, LLC, January 2009, Confidential

The Rewards are High in Emerging Markets… but so are the Risks


Heightened Due Diligence can Help You Manage Overseas Risks:

• Political risks• Weak rule of law (ROL)• High corruption levels• Partner/fraud risk• Multi-jurisdictional legal compliance requirements

(Corruption, AML, Anti-Boycott, Export-Import)• Complex tax and legal issues• International governance standards• Issues related to corporate social responsibility• Security concerns• Different business cultures• IP and trade secret protection concerns


Good Compliance ProgramsHelp with Prevention and Sentencing

§8B2.1. Effective Compliance and Ethics Program

(a) To have an effective compliance and ethics program, for purposes of subsection (f) of §8C2.5 (Culpability Score) and subsection (c)(1) of §8D1.4 (Recommended Conditions of Probation - Organizations), an organization shall—

(1) exercise due diligence to prevent and detect criminal conduct; and (2) otherwise promote an organizational culture that encourages ethical conduct and a commitment to compliance with the law.

Such compliance and ethics program shall be reasonably designed,implemented, and enforced so that the program is generally effective in preventing and detecting criminal conduct. The failure to prevent or detect the instant offense does not necessarily mean that the program is not generally effective in preventing and detecting criminal conduct.

2007 Federal Sentencing Guidelines


Failure is not an Option…

FCPA Prosecutions 2003-2007


Case Study: Baker Hughes, 2007

• On April 26, 2007, Baker Hughes, the Texas-based oil field products and services company announced that it was settling a federal probe alleging that it violated the Foreign Corrupt Practices Act (FCPA).

• Fines and penalties were paid in excess of $44 million – one of the largest combined punishments under the FCPA.

• The company reported that the five-year internal probe cost over $50 million, involved 330 lawyers and 31 forensic accountants.

• The settlement materials identified key findings, including the failure to perform due diligence on intermediaries

around the world (including local sales agents),

failure to monitor employees and failure to follow

up on Red Flags.

How are U.S. Companies doing?Recent Ernst and Young Studies show improvement is warranted:

2006 “Board Members on Risk” 148 Global Multinationals:

40% see compliance as primary risk area independent audit

69% want to see formal processes committee members

72% believe risk levels have increased

2008 “Managing Risk, Stakeholders Perspectives” 700 large companies:

100% see risk management as high priority but only… senior decision makers

33% believe that their companies are adequately managing risk

2008 “Corruption or Compliance” 1186 large companies:

25% have experienced an incidence of bribery senior decision makers

45% claim to conduct routine anti-corruption due diligence

44% indicated basic anti-corruption compliance lacking

2008 “Risk Management in Emerging Markets” 936 Global Multinational:

25% US companies develop risk strategies for emerging markets but …. senior decision makers

46% European companies develop risk strategies for emerging markets

52% Far Eastern companies develop risk strategies for emerging markets


Can you answer YES to these questions?

• Are your current due diligence procedures adequate to protect your company’s reputation and its investments?

• Are you using due diligence procedures that constitute best practices for your industry?

• Is your due diligence process mandatory, comprehensive and consistent across all business lines for all international transactions?

• Do you audit and benchmark your internal due diligence procedures periodically?


Anatomy of a Typical Overseas Joint Venture Project

Foreign Joint-Venture

U.S. Investor

Foreign Corporation Partner I

Contractors Suppliers Off-taker Lenders

Foreign Agents

Foreign

Management

Foreign Corporation Partner II

Subsidiary

Diligence Int’l, LLC, January 2009, Confidential

How would you conduct integrity due diligence?

Potential number of search targets? More than 100.

Can I afford to run background checks on multiple entities and individuals?

Search targets should include potential partners and their subsidiaries, foreign agents, consultants, contractors, distributors, suppliers, investors and other key parties.

Entity searches should cover key officers, directors, major shareholders, lenders and other investors.

Potential partners, borrowers and acquisition targets should be reviewed for internal controls, compliance and due diligence programs.


KEY SOURCES OF BACKGROUND INFO DATAYour domestic and international on-line search capabilityinclude data from all of the following sources

• Government and multilateral sanction lists

• Regulatory authority actions

• Risk relevant media reports

• Records connecting Politically Exposed Persons (PEPs) Personal background information

• Business intelligence

Caution: not all relevant overseas public databases can be accessed through the internet or online.

SELECT DUE DILIGENCE DATABASE AND DUE DILIGENCE SERVICES PROVIDERS*

Some of the Essential Elements of a Global Best Practices RRDD program:

• Integration of multiple due diligence database subscription services providing redundancy and broad Level 1 (primary) coverage.

• Same day customized Level 1 report generation.

• Outsourcing of Level 2 (secondary) due diligence and investigations.

• Follow-up on all Red Flags.

• Enterprise-wide mandatory internal written procedures governing all aspects of the RRDD process.

• Use of USG resources and free on-the-ground resources.

• Integration with company’s general risk mitigation and global compliance efforts.

• Use of local counsel to obtain due diligence opinions.


• Develop a checklist and electronically file all information obtained.• Background and character risk due diligence should be done as

early as possible before personal relationships are developed.• Obtain sufficient search target identifying information.• When you go forward despite negative due diligence information,

develop a crisis/PR plan.• Make your process broad enough to identify and address not only

the usual suspects (e.g. fraud, corruption, anti-money laundering) but also other character and reputational risks and lurking corporate social responsibility issues.

• Ensure best practices with benchmarking and periodic reviews

Lack of a formalized process is a lack of an important internal control.

CRDD process recommendations for overseas business:

Obtain sufficient search target identifying information:

Mother’s Surname

Lopez

Father’s Surname

Dominguez

Given Name

Juan

Hispanic

Given Name – first name

Sun

Generation Name

King

Family Name - surname

Chang

Chinese

Surname

Kotov

Middle Name (patronymic)

Petrovich

Given Name

Sergei

Russian

Tribal name

Al-Dosari

Grandfather’s name

Assad

Father’s name

Abdul Hakim

Individual’s name

Mustafa

Arabic

Companies can save money by setting up an in-house due diligence and information search center…

Assumption: 300 background info searches per year;

4 detailed outsourced reports

In-House: Est. cost/yr. of subscriptions to database products* $80,000

Salaries: two information specialists $120,000

Outsourcing of four Level 2 reports** $60,000

Equipment and software (early years) $20,000

Total $280,000

Outsourcing: 300 Level 1 searches at $2,000*** each $600,000

Outsourcing of 4 Level 2 reports $60,000

Total $660,000

Savings: Approximately $380,000

* Allows 24/7 access to business intelligence and due diligence information

** Based on average cost of $15,000 for Kroll type report

***Based on quoted prices per search from 10 search firms


Ancillary Advantages of an In-house Background Information Center

• Staff available for due diligence and for general research activities

(e.g. business intelligence, library services)

• Centralizes flow of RRDD information

• Forces uniformity

• Researchers are familiar with business

• Facilitates benchmarking

• Facilitates recordkeeping

• Customized same-day reports possible


Small Medium Enterprise (SME) Option

• SME’s generally operate on tight budgets and can’t afford to subscribe to multiple databases;

• SME due diligence needs are often too sporadic to justify an extensive in-house program;


Diligence International is currently developing proprietary software for release in 2009 that will enable users to search multiple commercial data-base products simultaneously and create same-day customized RRDD reports on individuals and entities. Companies will be able to use our on-line interface and pay on a per search basis.

Diligence International’sReputation Risk Due Diligence Services:

• Assessments of your current practices

• Audits, reports and benchmarking

• Customized best practices background information search programs that can lower current costs

• Due diligence and compliance solutions

• Integration of database service providers and in-country investigators

• Software and training

• Risk management for emerging markets

• Best practices certifications


Diligence International, LLCOur general services include:

• Comprehensive emerging market risk management plans

• Compliance programs

• Reputation risk due diligence programs

• Risk assessments

• Market reports and project assistance

• Crisis management

• Government relations

• Ethics and governance advice


Diligence International, LLC

For more information, please contact:

Mark Garfinkel, Esq.

Managing Director

Diligence International, LLC

[email protected]

240.603.5673


look carefully before you leapassets.corporatecompliance.org/portals/1/...character risk due...

Documents