Time and again, we are reminded through costly enforcement actions, government guidance and compliance surveys, that the many third parties with which a company does business pose the greatest risk of corruption and bribery-related conduct—perpetrated either by, or through, third parties. Nevertheless, many successful (and compliant) business models rely heavily on a large network of third parties. Indeed, these structures for doing business are often supported by legitimate commercial reasons. In emerging markets, for instance, where there often is a higher risk of bribery, multi-tier sales and distribution channels may avoid the substantial expense in maintaining a sales or distribution team in a country with revenues that cannot support this cost. In addition, several countries legally require multi-nationals and non-domestic companies to partner with a domestic distributor or partner.
Any company employing such a sales model must carefully balance the business imperative to drive sales through channel partners, while also ensuring that the entire channel partner universe (even those beyond direct contractual control or day to day oversight by company personnel) upholds the company’s values and comply with applicable anti-corruption laws.
Key Elements of an Effective Channel Partner Compliance Program
Adopt a Risk-Based Approach to Compliance
First and foremost, it is important that the compliance resources available for a company’s compliance program be allotted to those areas that pose the highest risk. For example, large and well-established distributors located in lower-risk markets may require less control and oversight than less well-known distributors in markets with a higher risk of corruption. Consideration should also be given to any distributors, resellers or other channel partners that have a particular focus on sales to government customers.
Conduct Pre-Engagement Due Diligence
A foundational element of any third-party compliance program is conducting sufficient diligence on third parties before they are engaged to work with the company. This usually includes the completion of an on-boarding questionnaire and, where appropriate and depending on the partner’s risk profile, a due diligence and screening report on the partner by a reputable third-party compliance company. For particularly strategic partners, for higher-risk partners, or for partners that have raised certain compliance “red flags,” additional steps may also be warranted, such as taking up references or conducting in-person interviews. As discussed below, it may be appropriate in certain circumstances for higher-level partners to conduct such diligence on lower-level partners (under appropriate direction, expectations and accountability), rather than the company doing so directly.
Set Clear Compliance Expectations
It is important for companies to disseminate clear and consistent messaging on their compliance expectations to company employees who interact with channel partners, as well as to the partners themselves. The company’s employees are the eyes and ears of the compliance program in the field and also the first line of defense. Their knowledge and understanding of a company’s compliance expectations is therefore critical to ensuring the company’s business operations are conducted in a compliant manner.
Channel partners also need to be made aware of the company’s expectations of them. This is most commonly achieved by adopting and sending to partners a Partner Code of Conduct that addresses anti-corruption compliance, among other topics. Partners may then be required to sign a periodic (usually annual) compliance certification confirming that they remain in compliance with applicable laws and the company’s Partner Code of Conduct.
Companies may also introduce risk-based compliance training for partners and their employees who pose a higher corruption risk in representing companies and their products.
Challenges and Strategies for Compliance at Second-Tier Partners and Beyond
A key compliance issue for companies with channel distribution models is the risk posed by a lack of visibility or control over channel partners that operate at the sub-levels of the sales and distribution chain—i.e., those partners who are engaged and contracted with by the company’s own first-tier (and beyond) distributors and resellers.
Companies may mitigate this risk in a number of different ways, depending on the structure of the company’s partner network. These measures may include, among others:
- Requiring First-Tier Distributors and Re-Sellers to Establish and Maintain a Partner Compliance Program at Least as Robust as the Company’s Compliance Program: Using this model, a company’s distributors and first-tier resellers are required to conduct due diligence and push down certain key contractual provisions to their subs, and hold channel partners to a standard that is “at least as protective as the company’s”—a requirement that can be set out in the first-tier partner’s agreement with the company. However, there are a number of challenges with this model, since it requires a company to take steps to ensure that first-tier partners are actually pushing down the requirements to the lower tiers. This mechanism also means that a company has little or no contractual recourse over the lower tiers of partners, and must instead pursue the first-tier partners in case they have failed to flow-down and implement sufficient controls over the subs. This challenge, inherent in the multi-tier channel partner model, may be addressed by employing one (or a combination) of the options set out below.
- Contractual Controls and Oversight Over All Partners: At the other end of the spectrum, some companies require a contractual arrangement with all partners, so as to have direct control, oversight, and remedy over each partner. However, this is a significant administrative burden and defeats some of the legitimate commercial purposes of having a tiered model in the first place—e.g., pushing at least some of the management, control, and cost to lower levels of the channel. This model may also expose companies to liability under legal regimes that recognize vicarious theories of liability, pursuant to which companies can be held accountable for the actions of their third-party business partners if they are seen as directing and controlling their partners’ activities. What is more, many antitrust regimes restrict the commercial control and visibility that a company may seek over its distributors and other channel partners, particularly around pricing.
- Other Touchpoints: Other companies have implemented successful compliance programs by looking for ways to introduce compliance training, contractual obligations, and oversight into existing touch points with lower tiers of the partner network. These could include any or a combination of the following:
- Partner registration and qualification programs. Some companies require channel partners to meet certain minimum qualification requirements from both a technical and compliance perspective in order to be eligible to register as a certified partner. The greater costs of the compliance commitment by the partner are balanced by greater benefits to the partner under the program. We and many companies have found that this model can be effective for implementing compliance controls since it allows for the introduction of compliance standards and obligations to the lower tiers as part of the qualification process.
- Licensing and other existing contractual mechanisms. Other companies have limited contractual arrangements in place with lower-tier partners that are less comprehensive than the top-tier contracts but allow for the inclusion of certain key requirements (such as use of software / IP, non-disclosure of confidential information, and compliance requirements). If these agreements are already in place, they can provide a straightforward mechanism through which additional compliance measures can be implemented.
- Marketing materials, “partner portals,” and other touch-points. Short of a full partner qualification program, there are likely other touchpoints with lower-level partners that can be leveraged to introduce compliance requirements by conditioning access to these resources on meeting certain compliance requirements. Compliance topics can also be introduced into meetings between company sales staff and partners, or at partner conferences and other events that may be attended by lower-level partners. While likely not sufficient on their own, these touch points can provide regular opportunities to reinforce important compliance topics with partners.
Establish Controls over Discounting
A common scenario seen time and again in enforcement actions involves channel partners that receive a higher than usual discount, and rather than passing that discount through to the end-customer, use the increased margin to make improper payments. Accordingly, it is important that companies maintain close control and oversight over discounts given to partners by, for example:
- Implementing a robust approval matrix and escalating approvals needed for higher discounts;
- Providing sufficient information to approvers of discount requests, including reasonably detailed descriptions of the justifications for a request for a higher-than-usual discount;
- Ensuring that discount requests are treated consistently and approved only for demonstrable market-driven, volume-based, or other legitimate commercial reasons; and
- Identifying and imposing additional scrutiny on high-risk discount requests, such as: (i) high one-off or spot discounts for partners selling to governmental end customers; (ii) individual partners who have previously made frequent requests for higher or one-off discounts, or who make discount requests that appear inconsistent with the realities of the market as understood by the company; and (iii) discounts requested in higher corruption risk markets.
Continued Monitoring and Oversight of Partners
In addition to obtaining annual certifications, it is important that companies actively monitor channel partner compliance. This should include implementing a plan for routine audits of partners (either based on the importance of the partner relationship or their risk profile).
Channel partners and other third parties may also be granted access to a company’s ethics hotline to report any compliance concerns that they may see or become aware of in the partner network. This reporting channel may give the company access to and visibility of issues at lower levels of the channel than would otherwise be possible.
Conclusion: Building Compliance Seamlessly into Channel Partner Business Processes
Companies with effective compliance programs often use a combination of these and other strategies to ensure compliance oversight is built into regular interactions with channel partners, such that a company’s sales personnel and other staff advance compliance as part of “business-as-usual.” This could include, for example, using business review/business planning meetings to inquire about sales to government end-users, to discuss any change in ownership, and to review a company’s or partner’s compliance policies and procedures. The most effective compliance models are integrated and seamless, with the company’s business model accounting for the various risks that may arise from a company and its partners’ activities.
About the Expert:
Geoff Martin is a partner in the Litigation and Government Enforcement practice group in Washington, DC. Geoff started his career in Baker McKenzie’s London office in 2007 and moved to Washington DC in 2012. Geoff represents clients in matters before the federal government arising out of anti-corruption, trade sanctions, fraud, anti-money laundering, national security, and related enforcement actions. He also represents clients in civil and criminal matters in federal court. Geoff has extensive experience conducting internal investigations relating to such matters around the world.
Aleesha Fowler is an associate in the New York office. She represents domestic and international corporate clients on a range of litigation and compliance matters, including criminal and civil investigations brought by the US Department of Justice and the US Securities and Exchange Commission. She regularly advises clients on white collar criminal matters, and has significant experience in handling investigations that raise issues under the Foreign Corrupt Practices Act and the US False Claims Act.