How Well Do You Know Your Channel Partners?

Written by Paul Friedman and Stacey Sprenkel

Although there have been Foreign Corrupt Practices Act (FCPA) cases involving Silicon Valley technology companies in recent years, the April announcement of Hewlett-Packard’s (HP’s) $108 million FCPA settlement with the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) should put to rest any lingering belief that the technology industry does not face substantial FCPA risks. Not surprisingly, much of the alleged wrongdoing that led to HP’s settlement involved third-party channel partners. Indeed, the vast majority of FCPA enforcement actions (reportedly around 90 percent) involve third parties.

Technology companies frequently have go-to-market strategies that are heavily reliant on distributors and other channel partners. As a result, they need to be on the lookout not only for sham consultants whose only purpose is to pay bribes, but also for improper activities by otherwise seemingly legitimate third parties who do perform actual services: distributors, resellers, brokers, travel agents, and even suppliers.

The Technology Distribution Business

“For most major technology vendors, distribution is their principal route to market, typically representing as much as 80 percent of their revenues.”

[1] In addition to selling products, distributors frequently provide ancillary services such as delivery logistics, technical support services, installation, marketing, and credit-financing services.

The role of the distribution channel is even greater in emerging markets. The use of channel partners allows fast-growing technology companies and well-established global companies alike to reach a far greater number of customers in areas of the world where they otherwise have no presence. But for fast-growth technology companies, the risks are even greater, as they are frequently adding third parties at a rapid pace, and unless monitored properly, the growth in the business could outpace the company’s compliance systems.

There is nothing inherently problematic in the use of a distribution model as a go-to-market strategy. However, the use of distributors, particularly in high-risk geographies, does present certain risks and, given the extensive use of distributors and other channel partners in the technology sector, technology companies need to understand and mitigate these risks.

Third-Party Liability under the FCPA

The FCPA imposes liability on companies for making payments to a third party “while knowing that all or a portion of such money or thing of value will be offered, given, or promised, directly or indirectly,” to a foreign government official. “Knowing” under the FCPA is not limited to “actual knowledge”; rather, it is sufficient if a person in the company consciously disregards a “high probability” that a prohibited payment will occur. Deliberate ignorance or willful blindness can be a sufficient basis for FCPA liability. Thus, ignorance is no defense where red flags are present but purposely ignored.

Moreover, companies cannot assume that because distributors take possession and title of goods, that there is no FCPA risk. If a distributor is making improper payments, and a company either knew or ignored red flags indicating such payments were being made, the company may face FCPA liability. It is thus essential for companies that are reliant on channel partners or other third parties to be vigilant in looking out for red flags.

Identifying Risks and Red Flags

In the Resource Guide to the US Foreign Corrupt Practices Act (Resource Guide), the DOJ and SEC set forth “common red flags associated with third parties”:

  • excessive commissions to third-party agents or consultants;
  • unreasonably large discounts to distributors;
  • “consulting agreements” with vaguely described services;
  • a consultant in a different line of business than that for which it has been engaged;
  • a third party related to, or closely associated with, a foreign official;
  • involvement of a third party at the request of a foreign official;
  • a third-party shell company incorporated in an offshore jurisdiction; and
  • a third party requests payment to offshore bank accounts.

Many of these “red flags” may seem obvious, yet these and others are frequently missed by even well-intentioned compliance departments. This may be because bribery involving channel partners frequently involves elaborate schemes that are designed to evade detection.

In the case of HP in Russia, according to the court documents, bribes were paid from a “slush fund” that was funded through a buy-back deal structure designed to conceal it from compliance and internal audit back in the United States. HP first sold products to a channel partner, who then sold them to an intermediary. HP then bought the products back from the intermediary at an €8 million mark-up and with an additional €4.2 million for purported services to the intermediary. The money was wired to numerous shell companies, which were used to disburse and launder the slush fund. The money was ultimately used for improper payments in connection with a project valued at €35 million for the General Prosecutor’s Office of the Russian Federation. HP Russia maintained two sets of books—one identifying the slush fund recipients and one that was sanitized and could be provided to those outside of the conspiracy.[7]

The HP Mexico allegations also involved a channel partner.[8] HP Mexico hired a consultant who had connections with senior officials at Pemex to help HP Mexico secure a deal. The consultant was not an approved channel partner. To circumvent HP’s internal controls and policies, which required a written channel partner agreement, an approved channel partner was added to the transaction. HP Mexico paid “commissions” to the approved channel partner, who then passed the “commissions” along to the consultant. To cover up the relationship with the consultant, HP Mexico allegedly recorded the approved channel partner as the deal partner on HP’s internal systems.

Other enforcement actions involving channel partners have included: the submission of fictitious invoices to fund improper payments; payments characterized as “discounts” or “volume discounts” that are unusually high or otherwise beyond what is contractually required; free products sold to generate cash for bribes; payments based on false contracts where no services are actually performed; large payments to a foreign shell corporation of a distributor; placement of funds into an off-book account for use by channel partners to pay bribes; or other schemes to hide funds which are then used to pay bribes to foreign officials. These funds provided to distributors and other channel partners may be accounted for improperly as “promotional expenses,” “sales development” expenses, and other vaguely described expenses.

Strategies to Mitigate Risk

There is no way to know with complete certainty what your channel partners are doing, but there are several steps companies can take to mitigate the risks.

First, the DOJ and SEC have made clear that an effective compliance program includes third-party due diligence. This does not mean that companies need to conduct a deep-dive review of every distributor and channel partner they engage. Rather, diligence should be risk-based. In other words, companies should focus their compliance resources on the channel partners who present the highest risks.

Second, companies should always understand the business reason for engaging a third party, confirm that the third party is qualified to do the job for which it is being hired, ensure that contracts adequately describe the services being performed, and that payment for those services or discounts being provided are consistent with fair market value in the relevant market.

Third, companies should include anti-corruption compliance provisions in their contracts with distributors and other third parties, and should take other steps to communicate to their channel partners their expectations regarding compliant behavior. For channel partners that present higher risks, for example, due to the market in which they operate or high levels of government interaction, companies may consider providing anti-corruption training to those partners.

Fourth, companies should take steps to monitor the activities of their channel partners, possibly by updating due diligence, exercising audit rights, or requiring regular compliance certifications.

In addition to focusing on the channel partners, risk mitigation also involves ensuring sufficient controls are in place to prevent employees from being able to access large sums of money for channel partners. And those controls must be sufficiently implemented and monitored at foreign subsidiaries and branch offices.

The employees who interact with distributors and other channel partners should receive targeted training, focused on helping them understand that companies do face exposure for the acts of their channel partners, even if title passes, and helping them be in a position to identify potential red flags that may arise. Training employees who are on the front lines to detect improper payments—for example, those involved with vendor set up, accounts payable, and internal audit—is also essential.

FCPA enforcement focused on global technology companies is not going away. There are a number of high-profile ongoing investigations, and there are no indications that this will change. Given technology companies’ heavy reliance on distributors and other third parties, companies should continually assess their compliance programs and controls surrounding the use of distributors and other channel partners to ensure that appropriate risk mitigation strategies are in place. DOJ and SEC have made it clear that willful blindness is no excuse where channel partners are concerned.

[1] Understanding the Technology Distribution Business, Global Technology Distribution Counsel

[7] Information, United States v. Hewlett-Packard Polska, Sp. Z o.o., No. CR-14-202, at ¶ 12 (N.D. Cal. Apr. 9, 2014).

[8] Non-Prosecution Agreement, Hewlett-Packard Mexico, S. de R.L. de C.V. (Apr. 9, 2014) Attach. A.