You never get very far disagreeing with Michael Volkov. It’s a low statistical probability that you’ll be right and he’ll be wrong. I’ve just read his article on FCPA contract provisions.
Now, Michael (or, as I like to call him, Mr. Volkov) and I come at this from two different directions. Two different points of view. Because of that, I read his work with the eye of someone who with the best of intentions will try to implement what he says I need.
The problem isn’t that I disagree with him, the problem is that from a compliance perspective what he wants is, in my opinion and in my experience, next to impossible to implement in practice.
You see, I live in a messy world. A world where the lawyers in a company generally think—and their pay backs this up—that they’re better than their fellow compliance officers. A world where Procurement often plays a huge role in contracting. Procurement, in turn, either sidesteps the lawyers, or is sidestepped themselves by the businesspeople they service. A world where the first time a lawyer sees a consultant’s contract is often after the consultant is on site, working. A world where the company you work for might not have the leverage to force a contract provision, and yet can’t afford to walk away. A world of horsetrading for contract provisions.
In my world, saying that we need to have the following in all contracts is a bit more than I can chew:
- Material Breach
- No Sub-vendors without approval
- Audit rights
- On-going training
- Annual certification
To be fair, Michael does call these a “wish list.”
Here’s where I have my problems. First, from a compliance perspective, the key to a strong program is consistency. I can live with just about any policy as long is it is implemented in a consistent way. You want an audit right? That’s fine, but it has to be in every single contract without fail. What are you willing to give up to make that happen? Because believe you me, there’s no such thing as somethin’ for nothin’.
Here’s my point-by-point reaction to Michael’s points:
- Indemnification: good luck. I wish you the best. Because there’s no chance—none, zip, zero, zilch—that you’ll be able to get this in every contract. Especially for the costs of the underlying investigation. Really? That cost often far outstrips the cost of the fine or penalty. I would never approve this in a contract someone asked me to look over.
- Cooperation: sounds good, but in my experience almost never happens when the sh*t hits the fan. But at least it should be easy to get in the contract. At the front end, when everything is happy, happy, joy, joy, people will say “sure, of course I’ll cooperate.” At the back end, it’ll be all, “talk to my lawyer.”
- Material Breach. The right to terminate is tricky. You have to specifically say what the standard is. If it’s a criminal conviction, that’s easier. It’s tough to argue in a negotiation that a criminal conviction for bribery isn’t solid grounds for termination. But that’s not what you want. You want “suspicion,” or “in the company’s sole discretion.” Or some similarly loose standard. That’s going to be a sticking point in the negotiation, and one which you might have to relent on.
- No sub-vendors. Sounds good. How do you monitor it? If you’re not going to monitor it, don’t ask for it.
- Audit rights. Don’t get me started. It’s great, but it’s going to cost you a ton of money. If you’re not willing to actually conduct the audits in a consistent manner, it’s worse to have them than not to have them.
- Acknowledgment. Okay. Go for it. Feel better? As an optical control, maybe it would look good from the bottom of a fifth of scotch.
- On-going training. Again, great. But how are you going to monitor it?
- Annual certification. I’ve never met someone willing to bribe but not willing to lie about it in a certification. ‘Nuff said. Plus, it can be seen as insulting.
- Re-qualification. Sounds good, but who does the requalification? As it stands, you have to update your diligence on vendors every once in a while. What’s the difference?
Again, my main issue is summed up in the old adage, “be careful what you wish for, you just might get it.”
Here’s the essence of contracts and the FCPA: Anything you demand in a contract has to be included in every contract, and everything that’s in a contract you have to (a) enforce and (b) monitor for.
If you can live with those things, hey, go to town, ask for everything.
Here’s what I think:
Divide up your universe into two buckets: (a) contracts with people who are really risky, and (b) everyone else. The latter should represent at least 80-85% of your third-party universe.
For (b), have a one-paragraph addition saying something along the lines of “the third party recognizes that the Company has to live with and comply with the FCPA. We promise we won’t do anything to cause the Company to violate it.” That’s it. No one should have a problem with that.
For third parties that are “high risk,” have senior management tell all interested parties—GC, Compliance, Procurement, and the business—that (a) all contracts MUST have termination rights if we have a non-frivolous belief that the third party has violated the FCPA, annual certifications, and audit rights; and (b) senior management will receive quarterly reports from
Infernal Internal Audit on the metrics of compliance with (a). If they really hammer that message home, you can also check the box for “tone at the top.”