Manti Te’o and a Second Set of Eyes

by Thomas Fox

One of the strangest news stories over the past couple of months has been the Manti Te’o story. For those few people who have not heard the story, Te’o was fooled (or not) into believing that he was in an online relationship with a non-existent woman named Lennay Kekua, who was falsely reported as dying of leukemia. Te’o, who says he was the victim of a “sick joke” repeatedly played along with the story in the weeks between when he says he learned Kekua was not real and when the story broke. Later, on Dr. Phil, Ronaiah Tuiasosopo, an alleged friend of Teo, claimed that he was the mastermind behind the entire scam so as to profess his love for Te’o.

One of the things that reporters who interviewed Te’o on his relationship with Kekua asked was if Te’o had ever met her in person? Te’o admitted that he had not. After Te’o announced to the world that she had died of leukemia, reporters asked if they could talk to her family, Te’o responded that they wanted to maintain their privacy.

In other words, there was never any validation of the Te’o/Kekua relationship, either by the primary party, Te’o, reporters who worked on the story or anyone else. My wife is a process analyst. She recently said something that struck me as one of the keys to a robust compliance program. She said that you need a ‘second set of eyes’. I asked her what she meant and she responded that if you do not put a second set of eyes on a process, you do not have validation of that process. I thought about that in the context of a Foreign Corrupt Practices Act (FCPA) or UK Bribery Act compliance program and realized having a ‘second set of eyes’ on your process is critical.

I.                   Oversight Committee

This concept of a ‘second set of eyes’ has found favor with the Department of Justice (DOJ), through its use in a Deferred Prosecution Agreement (DPA) with the Monsanto Corporation. In the Monsanto DPA, the DOJ agreed, after the initial due diligence and appropriate review were completed on Foreign Business Partners, for Monsanto to implement certain post contract execution procedures. These requirements can be used as guidelines as to what the DOJ will look for from other US companies who have entered into relationships with Foreign Business Partners; especially in the area of ongoing monitoring of the Foreign Business Partner.

In Appendix B to the DPA, Monsanto agreed to, among other things, “the establishment and maintenance of a committee to supervise the review of (I) the retention of any agent, consultant, or other representative for purposes of business development or lobbying in a foreign jurisdiction”, or an Oversight Committee. It should be noted that Monsanto successfully completed the terms of its DPA and was discharged from further obligations under it in 2008.

The scope of this Oversight Committee is not fleshed out in the DPA. I would suggest that a company should incorporate both a pre-execution function and a post-execution management function in overseeing the full relationship with the Foreign Business Partner. While this oversight would most necessarily focus on FCPA compliance, there should also be a commercial component to this function.

a.      Who Should be on the Oversight Committee?

The Monsanto DPA provides guidance on this point by stating “The majority of the committee shall be comprised of persons who are not subordinate to the most senior officer of the department or unit responsible for the relevant transaction;” this would indicate that senior management should be involved in the Oversight Committee. It would also indicate that more than one department should be represented on the Oversight Committee. This would include senior representatives from the Accounting (or Finance) Department, Compliance & Legal Departments and Business Unit Operations.

b.      What Should the Oversight Committee Review?

The Oversight Committee should review all documents relating to the full panoply of a Foreign Business Partner’s relationship with the company. This would begin with a review of any initial requests to engage a new Foreign Business Partner. The information presented to the Oversight Committee would include the Business Unit’s request to engage the Foreign Business Partner, the costs and benefits. The next step would be to review the due diligence and all background investigative materials on the prospective Foreign Business Partner.

The Oversight Committee should receive copies of, and approve, all due diligence and background investigative materials before a contract is executed with the partner. Particular attention should be paid to the form of the contract. If there are deviations from the company’s standard form of agreement, with regard to the FCPA compliance issues, there should be a full explanation by the Foreign Business Partner or Business Unit. The Oversight Committee should determine if the company is taking on any unwarranted FCPA compliance risk if non-standard FCPA compliance terms and conditions are used.

After the commercial relationship has begun the Oversight Committee should monitor this relationship on no less than an annual basis. This annual audit should include a review of remedial due diligence investigations on the Foreign Business Partner with at least a minimum of a Level One Due Diligence and higher levels of due diligence based upon an appropriate risk rating. There should be an evaluation of any new or supplement risk associated with any negative information discovered from a review of financial audit reports on the Foreign Business Partners. All FCPA compliance training should be reviewed and certifications confirmed. The Oversight Committee should review any reports of any material breach of contract including any breach of the requirements of the Company Code of Ethics and Compliance. As with all things FCPA the three most important words here are Document, Document, Document. If you cannot produce documentary evidence to the DOJ of your annual review and its findings, it is of no use to your company.

In addition to the above remedial review, the Oversight Committee should review all payments requested by the Foreign Business Partner to assure such payments are within the company guidelines and is warranted by the contractual relationship with the Foreign Business Partner. Lastly, the Oversight Committee should review any request to provide the Foreign Business Partner any type of non-monetary compensation and, as appropriate, approve such requests.

The oversight of Foreign Business Partners is one of the key tools that a company can use to prevent and detect any violation of its own Code of Ethics and Compliance and the FCPA. The proper structure of the Oversight Committee and its full engagement with all aspects of a company’s relationship with a Foreign Business Partner is one of the areas that the DOJ will look for in a successful FCPA compliance program.

An Oversight Committee is a literally a ‘second set of eyes’ which can be utilized by a company to manage its relationships. An Oversight Committee does not replace any of the other key components of an effective FCPA compliance program but it does provide an additional level of protection, back-up and transparency for all activities with a Foreign Business Partner. It should be employed by companies as an additional protection against any type of FCPA compliance and ethics violation “slipping through the cracks” to become a much larger problem down the road.

II.                Monitoring

Another way to think about a ‘second set of eyes’ is through ongoing monitoring of a compliance program. Two of the seven compliance elements in the US Sentencing Guidelines call for companies to monitor, audit and respond quickly to allegations of misconduct. These highlighted activities are key components enforcement officials look for when determining whether companies maintain adequate oversight of their compliance programs.

Many companies fall short on effective monitoring. This can sometimes be attributed to confusion about the differences between monitoring and auditing. Monitoring is a commitment to reviewing and detecting compliance programs in real time and then reacting quickly to remediate them. A primary goal of monitoring is to identify and address gaps in your program on a regular and consistent basis. Auditing is a more limited review that targets a specific business component, region or market sector during a particular timeframe in order to uncover and/or evaluate certain risks, particularly as seen in financial records. However, you should not assume that because your company conducts audits that it’s effectively monitoring. A robust program should include separate functions for auditing and monitoring. While unique in protocol, however, the two functions are related and can operate in tandem. Monitoring activities can sometimes lead to audits. For instance if you notice a trend of suspicious payments in recent monitoring reports from a particular country, it may be time to conduct an audit of those operations to further investigate the issue.

Your company should establish a regular monitoring system to spot issues and address them. Effective monitoring means applying a consistent set of protocols, checks and controls tailored to your company’s risks to detect and remediate compliance problems on an ongoing basis. To address this, your compliance team should be checking in routinely with local finance departments in your foreign offices to ask if they’ve noticed recent accounting irregularities. Regional directors should be required to keep tabs on potential improper activity in the countries they manage. Additionally, the global compliance committee should meet, or communicate, as often as every month to discuss issues as they arise. These ongoing efforts demonstrate your company is serious about compliance.

III.             Conclusion

The Manti Te’o story provides some significant lessons for the compliance practitioner. Putting a ‘second set of eyes’ on any process, including compliance is the only way to validate the process. If any reporters had been able validate any of the Te’o story before it was revealed to be a hoax it might have led to a very different ending, rather than the one that Te’o maintained all through his senior year at Notre Dame, when he was a candidate for the Heisman Trophy. To sum it all up, I go back to President Ronald Reagan, as he told Mikhail Gorbachev, “Trust, but verify”. A ‘second set of eyes’ will not only help to validate your compliance process but go a long way to keeping your compliance program out of hot FCPA or Bribery Act water.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox

Compliance Evangelist on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.