By Terry Corley
A key role for Human Resources and Security in any company is the background screening of not only US based employees, but also of overseas employees, customers, suppliers, vendors, agents and other business associates. HR and or Security are usually on the front lines of such activities, although it may be in conjunction with the Legal or Compliance Department.
I am frequently asked by clients what is considered best practice when it comes to international employee screening. The short answer is that it depends. When asked I try to understand specifically what the organization is trying to accomplish, what sort of compliance requirements are they looking to meet that is relative to their business, and finally what are the countries involved?
A client recently asked what I consider best practice for International Employee Screening as it related to complying with the Foreign Corrupt Practices Act (“FCPA”), United States and International Counter Terrorism and Export Regulations. The client had recently been the subject of enforcement action after it was discovered that the company’s drilling equipment was found in a sanctioned country. It was also discovered that the company had engaged local independent agents from the sanctioned countries without performing proper background checks. Talk about getting caught with your hand in the proverbial cookie jar!
In order to drawl, a set of best practice guidelines about this subject its important to have an understanding of what each regulation is and how it applies to human resources. Then it’s a matter of developing a method and a set of processes that will enable an organization to meet the required outcome there by meeting compliance requirements. I’ll review a few of these regulations and discuss their impact on the overseas background check process.
Foreign Corrupt Practices Act
The FCPA is a federal law that prohibits offering, promising, or giving anything of value, as well as authorizing such an offer, promise, or gift, to a foreign official for the purpose of obtaining, retaining, or directing business to a person or entity. This prohibition is contained in the FCPA’s anti-bribery provisions, which are enforced by the DOJ. The FCPA’s anti-bribery provisions have a much broader reach than many other U.S. laws. U.S. corporations can be liable for conduct that occurs entirely outside the United States and multinational corporations can be liable for conduct that bears only a tenuous connection to the United States. This includes employees of overseas subsidiaries, customers, suppliers, vendors, agents and other business associates.
With the number and size of penalties increasing, the Foreign Corrupt Practices Act (FCPA) is causing many U.S. institutions to look into how they evaluate all of their relationships overseas. The lack of a due diligence of a company's agents, vendors, and suppliers, as well as merger and acquisition partners in foreign countries could lead to doing business with an organization linked to a foreign official or state owned enterprises and their executives. This link could be perceived as leading to the bribing of the foreign officials and as a result lead to noncompliance with the FCPA. Due diligence in regards to FCPA compliance is required in two aspects:
U.S. and International Counter Terrorism and Export Regulations A key role for Human Resources and Security in any company is the background screening of not only US based employees, but also of overseas employees, customers, suppliers, vendors, agents and other business associates. HR and or Security are usually on the front lines of such activities, although it may be in conjunction with the Legal or Compliance Department.
I am frequently asked by clients what is considered best practice when it comes to international employee screening. The short answer is that it depends. When asked I try to understand specifically what the organization is trying to accomplish, what sort of compliance requirements are they looking to meet that is relative to their business, and finally what are the countries involved?
A client recently asked what I consider best practice for International Employee Screening as it related to complying with the Foreign Corrupt Practices Act (“FCPA”), United States and International Counter Terrorism and Export Regulations. The client had recently been the subject of enforcement action after it was discovered that the company’s drilling equipment was found in a sanctioned country. It was also discovered that the company had engaged local independent agents from the sanctioned countries without performing proper background checks. Talk about getting caught with your hand in the proverbial cookie jar!
In order to drawl, a set of best practice guidelines about this subject its important to have an understanding of what each regulation is and how it applies to human resources. Then it’s a matter of developing a method and a set of processes that will enable an organization to meet the required outcome there by meeting compliance requirements. I’ll review a few of these regulations and discuss their impact on the overseas background check process.
Foreign Corrupt Practices Act
The FCPA is a federal law that prohibits offering, promising, or giving anything of value, as well as authorizing such an offer, promise, or gift, to a foreign official for the purpose of obtaining, retaining, or directing business to a person or entity. This prohibition is contained in the FCPA’s anti-bribery provisions, which are enforced by the DOJ. The FCPA’s anti-bribery provisions have a much broader reach than many other U.S. laws. U.S. corporations can be liable for conduct that occurs entirely outside the United States and multinational corporations can be liable for conduct that bears only a tenuous connection to the United States. This includes employees of overseas subsidiaries, customers, suppliers, vendors, agents and other business associates.
With the number and size of penalties increasing, the Foreign Corrupt Practices Act (FCPA) is causing many U.S. institutions to look into how they evaluate all of their relationships overseas. The lack of a due diligence of a company's agents, vendors, and suppliers, as well as merger and acquisition partners in foreign countries could lead to doing business with an organization linked to a foreign official or state owned enterprises and their executives. This link could be perceived as leading to the bribing of the foreign officials and as a result lead to noncompliance with the FCPA. Due diligence in regards to FCPA compliance is required in two aspects:
- Initial due diligence - this step is necessary in evaluating what risk is involved in doing business with an entity prior to establishing a relationship and assesses risk at that point in time.
- Ongoing due diligence - this is the process of periodically evaluating each relationship overseas to find links between current business relationships overseas and ties to a foreign official or illicit activities linked to corruption. This process needs to be performed indefinitely as long as a relationship exists, and usually involves comparing the companies, executives, and other business associates to a database of foreign officials that may be classified as “Politically Exposed”.
Due to the current political climate the last several years, governments around the world have introduced more stringent regulations to combat terrorism and enforce export controls. The United States passed the U.S. Patriot Act along with increased enforcement action related to Export Administration Regulations (EAR). The United Kingdom enacted the Prevention of Terrorism Act 2005, the European Union passed a comprehensive Anti-terrorism Policy, and many other countries around the world continue to introduce similar anti-terrorism and anti-corruption regulations.
Know your customer (KYC) is the due diligence and bank regulation that financial institutions and other regulated companies must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. In the USA, KYC is typically a policy implemented to conform to a customer identification program mandated under the Bank Secrecy Act and USA PATRIOT Act. Know your customer policies have become increasingly important globally to prevent identity theft fraud, money laundering and terrorist financing.
One aspect of KYC checking is to verify that a customer is not on any list of known fraudsters, terrorists or money launderers, such as the Office of Foreign Assets Control's Specially Designated Nationals list. This list contains thousands of entries and is updated at least monthly. As well as sanctions lists there are lists of third party vendors that track links between persons regarded as high-risk owing to derogatory foreign media reports about them or in public records.
Know Your Customer processes are employed by more and more regular companies of all sizes, for the purpose of ensuring their proposed agents', consultants' or distributors' anti-bribery compliance. Banks, insurers and export credit agencies are increasingly demanding that customers provide detailed anti-corruption due diligence information, to verify their probity and integrity.
Restricted Party Screening
U.S. and other regional, unilateral, and multilateral regulations restrict individuals and entities from conducting transactions with specific foreign entities (individuals, companies, countries). These entities are referred to as Denied, Debarred, and/or Restricted Parties. Examples of these entities include but are not limited to known terrorists, organizations that fund terrorists, and/or parties guilty of trade violations. Typically, these restricted parties are countries subject to embargoes, and persons, businesses, and organizations subject to financial sanctions.
Suppose a multinational company has a compliance and ethics policy and tells its employees not to pay bribes - is that enough, or should the company go further?
A clear corporate policy against paying bribes is important, as well as including explicit language in every employment and agent agreement that prohibits bribery, but it is also critical for companies to conduct thorough employment and pre-engagement background checks on their agents and other third parties.
FSGO §8B2.1. (b)(3) states: “The organization shall use reasonable efforts not to include within the substantial authority personnel of the organization any individual whom the organization knew, or should have known through the exercise of due diligence, has engaged in illegal activities or other conduct inconsistent with an effective compliance and ethics program.”
Certainly, U.S. government regulators expect nothing less. In a February 2009 FCPA settlement (for $579 million) by KBR and Halliburton with the Securities and Exchange Commission (SEC) and the Department of Justice (DOJ), the SEC criticized Halliburton' s due diligence policy and practice and its failure to conduct any due diligence on one particular agent in Japan. If the government shows up at your door asking to see the files on your overseas employees and trading partners, you want to be able to produce sufficient documentation to demonstrate you’ve looked thoroughly at the background and reputation of these individuals before engaging them to work on your behalf. This requirement is discussed in the Federal Sentencing Guidelines for Organizations (FSGO), §8B2.1. (b)(3) Effective Compliance and Ethics Program.
On the other hand, if you open your background check file to the government and it is empty or thin, the organization is going to be in a challenging situation. In the event a FCPA violation is uncovered, it is increasingly apparent from past cases that the government is far more likely to be lenient on a company that has a commitment to an anti-bribery compliance and ethics program, including being able to demonstrate the organization has exercised a responsible level of due diligence on their overseas employees and related business associates.
In my next blog post I will discuss what sort of checks should be done to meet due diligence requirements on overseas employees and business associates and the role of Human Resources.
After years of conducting thousands of overseas background checks, extensive research and hands-on knowledge has led to an invaluable ‘best practices’ road map for conducting global background screening.
Should you have any specific questions please feel free to email me directly at terrance.corley@comcast.net.