By now, we are all familiar with the need to conduct sufficient risk-based anti-corruption diligence on a target pre-closing. But, what should fund managers do with diligence results post-closing, and more importantly, how should GPs continue to monitor their portfolio companies consistent with their level of control?
Both US and UK regulators emphasize the importance of ongoing investor monitoring of their portfolio companies’ internal controls. For example, the DOJ and SEC jointly advised in the FCPA Resource Guide that companies “should conduct pre-acquisition due diligence and improve compliance programs and internal controls after acquisition….” Similarly, Richard Alderman, former director of the UK Serious Fraud Office, has stated, “[a]s owners of companies, private equity has a responsibility to society to ensure that the companies in which they have a shareholding operate to the right standards.” Not surprisingly, however, these same regulators fail to specify in practical terms what this monitoring should entail, a question that is further complicated by the fact that investors often possess less than full control over any particular investment. While each investment will necessarily have a different risk profile based on its industry, operations, and geographic footprint, the goal for the GP remains the same: satisfaction that its portfolio company has a sufficient set of internal controls to prevent, detect, and mitigate potential violations of law or policy.
The following considerations may help investors satisfy this portfolio company monitoring obligation:
Assessment of risk across the portfolio:It is important to identify those portfolio companies that pose the greatest anti-corruption risk to an investor to properly allocate resources and ensure risk-based monitoring. This risk-based analysis should take into consideration both quantitative and qualitative factors, including (1) the level of investor control for each company (measured through ownership percentage and board participation); (2) the location of assets and revenue by country as mapped against the Corruption Perception Index; and (3) the company’s anti-corruption policies, controls, and any historical problems.
Implementation of diligence recommendations:Thorough anti-corruption diligence considers the strength of the target’s anti-corruption controls and often recommends enhancements to these controls post-closing. It can, however, be logistically challenging for in-house legal and compliance teams to ensure that all recommendations are implemented in a timely fashion, particularly for GPs with large portfolios in higher risk jurisdiction. Managers should devote sufficient resources, either in-house or externally, to ensure appropriate implementation of all recommendations. For example, GPs commonly require companies to adopt anti-corruption policies and training programs within a reasonable period of time post-closing, and therefore the GP should ensure that the policy is ultimately adopted and, if feasible, obtain a copy of it. In many instances, it may be appropriate for managers to work through their board representatives to share and implement the diligence findings.
Communications to the portfolio: GPs should ensure that their companies are appropriately focused on corruption concerns. This may be accomplished through written bulletins or trainings directly to the companies’ management or through the investor’s board participation. If reliant on board participation, GPs may in turn require their personnel serving in board positions to certify annually to the strength of each portfolio’s internal controls. Private investment firms should also provide regular anti-corruption training for their personnel serving on boards to ensure they are appropriately equipped to represent investors’ anti-corruption compliance viewpoints at the portfolio company level.
Portfolio company certifications to the GP: Fund managers may require portfolio companies to make periodic certifications directly or through the board concerning: (1) their compliance with applicable anti-corruption laws and policies, and (2) the development and implementation of anti-corruption controls, including a description of issues identified, steps taken to address risks, and remediation tactics.
These recommendations are all designed to allow GPs to monitor their portfolio consistent with their level of control. Instead of directly developing and implementing portfolio company controls, GPs should require companies to focus on corruption risk and report those results directly or through the board of directors. These reports can be made in any form, whether through a periodic standardized questionnaire, or in a board resolution. The key is to ensure adequate controls and risk-based monitoring by the company and to document the efforts taken both by the company and the fund manager in this regard.
Kim Nemirow, Amanda Raad and Natalie Kim are partner, counsel and associate respectively at law firm Ropes & Gray.