Compliance Challenges in India: Why Your Program May Not Translate: Part 2

As a preview of their upcoming Compliance & Ethics Institute session, Laurel Burke, David Simon, and Sherbir Panag share some insight into compliance challenges in India. For more information about the Compliance & Ethics Institute, click here.

Scenario #2:  The Crooked Sales Rep?

Your company’s go-to-market strategy in India involves the extensive use of independent sales representatives.  These individuals are non-exclusive, independent contractors who seek out sales opportunities for the company, coordinate with the company in bid preparation and other sales efforts, and continue to service accounts after contracts are awarded.  Some of your sales are to or through state governments in India.  You have a third-party intermediary procedure in place that requires due diligence as a part of the on-boarding process for sales representatives.  You currently contract with a reputable vendor that assists with the due diligence process and provides basic background reports on prospective sales representatives.

You recently learned that one of your sales representatives in Uttar Pradesh had been convicted of taking bribes during his prior employment with the state government.  Your business team knew this sales representative had previously worked in the government; indeed, this is part of the reason they brought him on board.  No one knew about the conviction (which has been on appeal for nearly four years), however, and the background report did not identify it.

Question to Laurel Burke, Associate General Counsel — Compliance, Regal Beloit:  What are your concerns here?  How do you deal with the sales representative with the corruption conviction?  What does this incident tell you about your process, and what do you do to improve it?

Laurel Burke: 

On the first issue, beyond reinforcing our commitment to doing business with integrity always, I’m not sure what to do and want to talk through ideas and alternatives based on the facts we gathered.  As to this particular contractor, I’d like to better understand: 1) how long ago the conviction was and what the underlying facts supporting the conviction were; 2) the status of his appeal; 3) whether he disclosed the conviction to our team when we looked at “hiring” him; 4) if he has completed either our Anti-Corruption training and our annual Code of Business Conduct training, and 5) whether he has signed our Annual Anti-Corruption Certification.

I also want to understand our local team’s involvement and confirm that no one knew about the conviction and failed to disclose it.  I also would need to consider how best to educate the local team about the problem (including why it’s a problem despite the “exemplary performance” of the contractor).

On these immediate questions, I’d probably consult with US counsel and would ask David’s advice on what responsive actions we ought to take to avoid FCPA trouble.

Once these issues are addressed, I want to look at our process.  How did we miss this?  How can we improve our vetting process?  Going forward, what additional process is practical and reasonable given that we have dozens of sales representatives in India?  Are there some incremental steps we can take now and then lay out a phased in approach or is it better to wipe the process out entirely and start fresh?

I’d obviously want to walk this through with our due diligence vendor, but I also know that Indian counsel has real insights on effective due diligence.  For that, I’d call Sherbir.

David Simon, Partner, Foley & Lardner LLP:

Sherbir will provide perspective on better ways to get useful, actionable information on third-party intermediaries and employees in India, but let me focus on the first set of questions related to what should be done with the sales representative.

First, I agree with Laurel that we should get more information about the sales rep, his conviction, and the status of his appeal.  I would turn to Sherbir to collect information about the underlying case and the appeal and would want to make an assessment of the nature and severity of the underlying conduct.  It would also be helpful to know if the prosecution had received any press or other publicity in India.

That said, even if I were to conclude that the conviction was less serious than it appears on its face or was somehow unfair, I’d be very hard pressed not to advise Laurel that the company should terminate its relationship with the sales rep.  I just can’t imagine successfully persuading DOJ or the SEC that an extraordinary event like an actual corruption conviction could be explained away.  The risk is just too high, and the company would effectively be strictly liable for any future misconduct of his.

I would also advise Laurel to look into any government sales in which the sales representative was involved.  We now have a major red flag, and the US regulators would certainly expect the company to at least kick the tires on sales resulting from the efforts of the sales representative.  I would likely recommend pulling and reviewing all related government sales contracts, conducting a forensic accounting review of the payments associated with them, and conducting interviews of the sales representative himself and any involved employees in an attempt to identify inappropriate payments or improper influence.  The termination of the relationship with the sales representative would need to be managed to allow for the best investigation possible under the circumstances.

Finally, I agree with Laurel that the company should look at the local team and other employees involved in the retention and oversight of the sales representative to determine whether anyone knew about the conviction or failed to ask the right questions to identify the issue.  This would likely be part of a continuous improvement exercise to figure out a better way to vet prospective partners in India.

Sherbir Panag, Partner, MZM Legal:

I agree with the approach proposed by Laurel and David. My first endeavor would be review the conviction and appeal documents as soon as possible, and report back to the company.  Critical information to be assessed would be whether the conviction stemmed from his role in a department/government instrumentality where the company’s business interests lie; if so – the problem just got more complex. While as counsel we can make educated guesses based on our experience, the outcome of an appeal can never be definitively foretold.

Conviction of bribery offences in India are nowhere close to ideal and within that narrow margin of those actually convicted, the company managed to find a sales representative. The optics are bad. While we must give due deference to due process and the potential for wrongful convictions, the issue at hand is a due diligence failure which has placed the company in a situation that it should ideally not be in. The operative word here being “ideally” because there are no easy solutions to prevent a situation like this from occurring.

This brings us to what the solution to a problem like this is, for which I must describe the challenge in greater detail. To being with, there is no centralized database in India that can be accessed to check the criminal antecedents of an Indian citizen. Criminal records are hosted across national agencies (Central Bureau of Investigation, National Crime Records Bureau), consolidated registers of the State Police at the state or metropolitan city level (in some cases) or the local police stations. There thus is no escaping physical verification of records – which requires a resource commitment, as a local police station will only include records of its prescribed geographical jurisdiction. On 7^th September 2016, in a landmark case, the Supreme Court of India has ordered that all First Information Reports (“FIR”) shall be made available online within 24 hours of registration (exception in the case of sexual offences / terrorism / insurgency cases) on the state police website, with effect from 15^th November 2016. This if implemented methodically by the state police forces, will ease the conduct of background checks, as an FIR is the first step in putting the criminal law machinery in motion for cognizable offences, and is a key record to check.

When it comes to the courts it’s marginally easier, as online databases do at least exist. In the case of a criminal conviction however, you would need to check the name of the person along with every year against the concerned lower court (manually) — a daunting and time consuming task. The records that have found themselves in a database sometimes suffer from infirmities on account of spelling mistakes or being uploaded only in part. These are ground realities that need to be factored in.

This is what I would recommend the company do to improve its vetting process:

1. The company needs to make a risk matrix of its third parties, separating those that are likely to deal with public servants/foreign officials and those unlikely to do so. The due diligence requirements for those likely to deal with public servants ought to be enhanced.
2. Factor in the time that will be necessary for due diligence. Merely stating a procedure will not help when the company only allows 2-3 days for its due diligence process and third party on boarding process. A diligence of the nature described below can take anything from 15-60 days, in best-case scenarios. This of course poses a business hindrance challenge and therefore the company may choose to provisionally board the third party (after meeting minimum criterion) until the final results are returned.
3. Beyond the data base searches – which will rarely be conclusive — the police records of the local police station within whose jurisdiction the third party resides and where he/she conducts his/her business should be checked. As the risk profile becomes higher, this needs to be enhanced to check all residences and all places of business operations of the past 3/5/7/10 years. It is pertinent to mention that this again is a diligence exercise and is not conclusive. For example, an individual who resides and conducts his business in Mumbai, may have been subject to an investigation in Bangalore. Your search result would only provide details for Mumbai alone and would not include Bangalore.
4. The above exercise needs to be repeated for the criminal courts records as well, as information on an acquittal/conviction will be determined here. Here again, the jurisdiction of the courts is geographically bound and as I mentioned above, the search needs to be commensurate to the risk profile.
5. Ensure your due diligence questionnaire asks the right questions. I have typically seen forms of multinational companies not suited to the Indian context, where questions are centric to the third party organization but not to the proprietor or principal — which is where the key information rests. Therefore it is imperative to:

• ‘Indianise’ your due diligence questionnaire, so that it asks the right questions factoring in social, cultural and legal realities of business operations. Focus on the business principals, not the entities.
• Seek information from the third party as to how much of his business will be conducted by it, as against subcontracting masquerading as the third party’s work product. A list of all subcontractors/business associates relevant to the third party’s task should be sought.
• A notary public should notarize copies of the government identity proofs (Passport, Permanent Account Number Card, Aadhaar Card) and all licenses/permits applicable to the third party for the conduct of his/her business. (Subject to your risk matrix, you would also want to have the veracity of these documents checked.)
• Add a business partner integrity pledge that captures U.S. and Indian anti-bribery laws, which every third party must sign. This pledge must be in the form of an affidavit on non-judicial stamp paper, which is to be notarized.

6. Vendors that provide due diligence services need to be given a very strict brief as to what the company seeks to achieve from the diligence. The off the shelf diligence packages offered by some vendors rarely provide the information the company needs and are a waste of compliance resources, contrary to the marketing pitches that are made.

Further, it is pertinent to point out that your risk management vendor needs to be a compliant organization itself. Private detectives/investigators are unregulated[1] in India and there have been numerous cases of nefarious tactics employed by such organizations to obtain “business intelligence.” The last thing the company needs is to have a robust due diligence protocol for its third parties, but have liability exposure in the means employed to obtain the same.

7. The due diligence process has to be dynamic and must be designed to factor in the peculiarities of your business requirements and operational bandwidth. In a nutshell, don’t go for a “one size fits all model,” however tempting and cost sensitive it may appear.

To conclude, I would add that given the challenge that due diligence poses, the training of the company’s India employees becomes all the more paramount. Subject to the company’s risk matrix, training should be extended to high-risk third parties as well.

[clickToTweet tweet=”Compliance Challenges in India: Why Your Program May Not Translate: Part 2 #SCCEcei @SCCE” quote=”Compliance Challenges in India: Why Your Program May Not Translate: Part 2 #SCCEcei” theme=”style3″]

[1] A bill titled the “Private Detective Agencies (Regulation) Bill, 2007” is pending before the India parliament – http://www.prsindia.org/billtrack/the-private-detective-agencies-regulation-bill-2007-112/