Compliance in Business and Investor Due Diligence
Recent anti-corruption laws have had a significant impact on business operations in Canada. The laws have created an environment where comprehensive due diligence has become mandatory, specifically in the context of mergers and acquisitions and joint ventures.
New measures along with increased enforcement, particularly in the resource extraction industries such as energy and mining, have raised the stakes for those investing in Canadian companies. Today, it is becoming more common for potential suitors or investors to walk away from deals because of actual or perceived compliance failures in operations.
A misstep in compliance can have significant ramifications. In addition to criminal prosecution and penalties, compliance failures can also result in significant costs to internal investigations and operational restrictions such as the inability to move product or transfer technology cross-border, delayed or canceled customer orders, disqualification from doing business with government, and substantial reputational costs in relationships with business partners, including banks, investors, customers, suppliers and other stakeholders. Further, the now well-established pattern in the United States of shareholder class action suits being launched following allegations of management failure to implement proper internal controls has begun to take hold in Canada.
In recent years, Canadian authorities responsible for implementation and enforcement of trade controls and anti-corruption laws (including the Royal Canadian Mounted Police, the Canada Border Services Agency, Foreign Affairs and International Trade Canada, and Crown prosecutors) have stepped up their game.
Canada’s experience in the anti-corruption sphere is a good example. After many years without any significant enforcement, in 2008 the RCMP formed a special unit responsible for the enforcement of the Corruption of Foreign Public Officials Act (CFPOA). In June of 2011, Niko Resources was convicted of violating the CFPOA and penalized $9.5 mm. In January of this year, Griffiths Energy was also convicted and fined $10.35 mm. Currently the RCMP is rumoured to be conducting over 35 investigation of Canadian companies and individuals suspected of CFPOA violations.
Some questions which warrant special consideration when performing due diligence include;
Where is the target doing business?
Identifying countries with which the target does business is critical to assessing risk exposure from both the anti-corruption and trade control perspective. Where are their customers, suppliers, licensees/licensors, creditors and other business partners located?
Location also plays a significant role in assessing anti-corruption compliance risk. Developing or newly industrialized countries in Africa, the Middle East, Asia, and areas of Latin America are particularly vulnerable to corruption risk. Independent country rankings of corruption risk, including Transparency International’s Corruption Perceptions, Index 4 are a helpful starting point.
What are the target’s local government concerns?
Understanding how your target deals with government on a daily basis helps assess the exposure to potential opportunities for government corruption. This includes dealings with government owned entities, including commercial enterprises. Getting a list of the target’s government customers and suppliers is an obvious and important starting point.
It is also necessary to determine what licenses or permits are required for the target’s operations and review its negotiation of and ongoing activities under concessions, production sharing agreements and investment agreements with government. The extent to which the target imports or exports product, and therefore its dealings with customs authorities, is an important but often ignored point. This is especially the case for oil, gas and mining companies that need to move heavy, high-value equipment in and out of the host country.
What is the nature of their products, services and technology?
Canada controls the export and transfer of goods services and technology, under both export control laws and economic sanctions. These measures are not restricted to military or nuclear items but include many commercial use items used in industry every day, including goods, software and technology for relatively low-level encryption and decryption. Goods and technology controlled for export or transfer from Canada are set out Canada’s Export Control List. Economic sanctions measures also impose similar requirements based on the nature of the goods and technology being supplied. For example, Canada’s sanctions against Iran prohibit the transfer to Iran of any items, including technical data, used in the petrochemical, oil or natural gas industry.
In addition to understanding what product and services your target ultimately provides to its customers, you should consider what inputs are used in the process, how product research and development occurs, and what, if any, after sales service and support is provided. Keep in mind that these controls are not limited to physical export shipments, but include cross-border transfers of information that occur via email transmissions and server upload/download activity or during technical discussions with persons outside of Canada.
What is the target’s exposure to similar measures of other jurisdictions?
Depending on the circumstances, Canadian companies can be subject to anti-corruption and trade control laws of other jurisdictions. The U.S. Foreign Corrupt Practices Act (FCPA) is notoriously enforced on a broad, extraterritorial basis often ensnaring Canadian companies that may have considered themselves to have little connection to the United States. For example, a Canadian company that causes, directly or through agents, a corrupt payment to take place within the territory of the United States is subject to the jurisdiction of the FCPA.
The FCPA obligations are in large part similar to those in the CFPOA. However, the United Kingdom’s Bribery Act 2010 contains some important differences, including the prohibition of private commercial bribery and no exclusion for facilitation payments.
What compliance measures does the target have in place?
While there is seldom enough time in the heat of an merger and aquisition transaction to conduct a thorough audit of the target’s compliance with anti-corruption and trade controls, there are basic minimum steps that can be taken to get a good sense of the target’s compliance profile and potential exposure. Basic elements in any anti-bribery, economic sanctions and export control compliance programs include; written compliance manual and procedures, screening of transactions and all involved parties against Canadian and other lists of sanctioned or designated entities and individuals, appointment of compliance officers, internal compliance auditing, non-compliance reporting, correction and voluntary disclosure, training programs, contract and project review, and procedures for dealing with inconsistent or conflicting laws.
Obtaining a description of the target’s anti-bribery and trade control procedures and a copy of the compliance policy manuals is an obvious start, but it is not enough.
It is also critical to review evidence of implementation of these measures across the operation. How often are employees and executives are trained on these policies? When are internal audits conducted and what are the results? How often are potential non-compliance events being reported internally? Is an employee hotline being used and what kind of reports are being made? What voluntary disclosures have they submitted to government authorities? Have they been subject to government investigations or audits and with what results? What is their process for reviewing and determining the control status of their goods, services and technology and what rulings have they obtained in respect of the same? In what circumstances have they terminated or refused to retain agents because of bribery concerns? What specific provisions has the target included in their contracts to address anti-bribery and trade controls compliance? What compliance certifications do they have from business partners? How do they use third parties to assist in implementation of compliance measures – for example, screening transactions, due diligence of agents, internal review and audit, legal opinions?
Answers to these questions may reveal serious concerns, or they may bolster a purchaser’s position as a buyer. In any event, it is paramount to conduct a thorough due diligence exercise when considering purchasing or investing in a entity with with multi-national operations.