This week we have focused on distributors and how a company might think through ranking the risk, performing due diligence on and, finally, how to manage distributors going forward. This was spurred on by a discussion that David Simon and I had engaged in previously on LinkedIn. In today’s post I will try and wrap up and wrap together our approaches so that you might decide which works best for you and your organization.
But first I must note the passing of one of the most famous Texans of the 20th Century, Van Cliburn, the pianist who won the first-place award at the 1958 Tchaikovsky International Competition in Moscow. His gold medal in the inaugural year of the Tchaikovsky competition, won in Moscow, was viewed at the time as an American triumph over the Soviet Union at the height of the cold war. He became a cultural celebrity of pop-star dimensions and brought overdue attention to the musical assets of his native land. But he gave back as well, starting his own piano competition which also became world famous.
While I had been initially skeptical of David’s approach, as I read his White Paper on the subject and his guest post this week, I became convinced that his approach has merit because it follows what is set out in the recently released Department of Justice (DOJ)/Securities and Exchange Commission (SEC) Foreign Corrupt Practices Act (FCPA) Guidance, which I quote from the introductory section of the Ten Hallmarks of an Effective Compliance Program:
Compliance programs that employ a “check-the-box” approach may be inefficient and, more importantly, ineffective. Because each compliance program should be tailored to an organization’s specific needs, risks, and challenges, the information provided below should not be considered a substitute for a company’s own assessment of the corporate compliance program most appropriate for that particular business organization. In the end, if designed carefully, implemented earnestly, and enforced fairly, a company’s compliance program—no matter how large or small the organization—will allow the company generally to prevent violations, detect those that do occur, and remediate them promptly and appropriately.[emphasis supplied]
Based upon this language, I believe that if a company takes a carefully designed and reasoned approach to assessing the risk of its distributors and then manages that risk, it is something that meets the above prescription from the FCPA Guidance. While I believe that distributors should be considered the same as agents under the FCPA, I am persuaded that David’s approach meets the cited recommendation from the FCPA Guidance.
I. Fox Approach – The Full Monty Approach
While I wish I had thought of that name I have to credit it to Simon. In 2012, there were three enforcement actions which I believe made clear that there were no distinctions between agents and distributors. They were, the Smith & Nephew, Inc., (S&N) Deferred Prosecution Agreement (DPA) for criminal FCPA violations, the Oracle SEC Complaint for books and records violations and the Eli Lilly and Company (Lilly) SEC Compliant for books and records violations. I reviewed the enforcement actions and based upon the deficiencies noted by both the DOJ and SEC, that these enforcement agencies were classing distributors the same as agents or other similar entities in the sales chain.
In the S&N enforcement action, it was clear that S&N had not performed sufficient due diligence on these distributors nor did they document any due diligence that they may have engaged in. In the Lilly case, the policies and procedures in place to flag unusual distributor discounts were deficient as the enforcement action “noted that the company relied on representations of the sales and marketing manager without adequate verification and analysis of the surrounding circumstances of the transactions.” In the Oracle enforcement action it demonstrated that Oracle needed to institute the proper controls to prevent its employees at Oracle India from creating and misusing the parked funds in the distributor’s account and that Oracle needed to audit and compare the distributor’s margin against the end user price to ensure excess margins were not being built into the pricing structure. What I gleaned from these enforcement actions was that the full five steps suggested for agents and other third parties in the sales chain was needed for distributors. They are (1) Business Justification; (2) Due diligence, the level being based on your risk assessment; (3) Evaluation of due diligence; (4) Written contract with compliance terms and conditions; and (5) Management of the relationship going forward.
II. Simon Approach – The Agency Approach
Simon advocated that a risk analysis should more appropriately based on the nature of a company’s relationships with their distributors. The goal should be to determine which distributors are the most likely to qualify as agents; for whose acts the company would likely to be held responsible. He argues that it is a continuum of risk; that is, on the low-risk end are distributors that are really nothing more than re-sellers with little actual affiliation with the supplier company. On the high-risk end are distributors who are very closely tied to the supplier company, who effectively represent the company in the market and end up looking more like a quasi-subsidiary than a customer.
Simon looks at agency principles to guide his analysis of whether a distributor qualifies as an agent for FCPA purposes. He argues that factors to consider include:
-
The volume of sales made to the distributor;
-
The percentage of total sales of the distributor’s total business the principal’s product represents;
-
Whether the distributor represents the principal in the market, including whether it can (and does) use the company trademarks and logos in its business; and
-
Whether the principal company is involved in the running of the distributor’s business (such as by training the distributor’s sales agents, imposing performance goals and objectives, or providing reimbursement for sales activity).
Once a company segregates out the high-risk distributors that likely qualify as agents and potentially subject the company to FCPA liability from those that are mere resellers and pose less FCPA risk, FCPA compliance procedures can be tailored appropriately. For those distributors that qualify as “agents” and also pose FCPA risk, full FCPA due diligence, certifications, training and contract language are imperative. For those that do not, more limited compliance measures that reflect the risk-adjusted potential liability are perfectly appropriate.
III. Athanas Approach – Management of the Relationship
I often say that once you have a business justification, perform and evaluate due diligence on an agent and then ink a contract; your real work now begins as you have to manage that relationship going forward. Athanas set out a plan to assist in that management component under which he provides a framework to help provide a business justification, assess/manage and document any discount offered to a distributor; all of which he calls the ‘Discount Authorization Request’ (DAR) and states as follows:
1. Capturing and Memorializing Discount Authorization Requests
Athanas says that it all begins with a DAR. This is so important that he argues a DAR template should be prepared, which is designed to capture the particulars of a given request and allow for an informed decision about whether it should be granted. Because the specifics of a particular DAR are critical to evaluating its legitimacy, it is expected that the employee submitting the DAR will provide details about how the request originated as well as an explanation in the business justification for the elevated discount. In addition, the DAR template should be designed so as to identify gaps in compliance that may otherwise go undetected.
2. Evaluation and Authorization of DARs
The next step is that channels should be created to evaluate DARs. The precise structure of that system will depend on several factors, but ideally the goal should be to allow for tiered levels of approval. Athanas believes that three levels of approval are sufficient, but can be expanded or contracted as necessary. The key is the greater the discount contemplated, the more scrutiny the DAR should receive. The goal is to ensure that all DARs are vetted in an appropriately thorough fashion without negatively impacting the company’s ability to function efficiently.
3. Tracking of DARs
Lastly comes the Document, Document, Document component. Once the information gathering, review and approval processes are formulated, there must be a system in place to track, record and evaluate information relating to DARs, both approved and denied. The documentation of the total number of DARs allows companies to more accurately determine where and why discounts are increasing, whether the standard discount range should be raised or lowered, and gauge the level of commitment to FCPA compliance within the company. This information, in turn, leaves these companies better equipped to respond to government inquiries down the road.
IV. Bringing It All Home
You do not have to dream like Van Cliburn did but you can try other or new approaches. Whether you use the Fox ‘Full Monty’ approach or the Simon ‘Agency’ approach will depend on many different factors unique to your organization. You are only limited by your imagination. There may well be other approaches you can take if they are carefully thought out and well-reasoned.
But whatever approach you take on risk ranking and performing due diligence on your distributors, I would urge you to use Athanas’ DAR system or something similar to it. While it is of the utmost importance that you do so from the compliance perspective, the business reason is even more compelling. A company really does need to know what discounts it is giving to distributors and why they are receiving said discounts.
I hope that you have enjoyed our discussion and dialogue on distributors this week. I wanted to thank, once again, David Simon and Bill Athanas for their most excellent and timely posts. I certainly have learned quite a bit.
