Lawyers like to complicate issues and then solve them. It is how we stay in business. Lawyers have developed terms which are difficult to define (e.g. reasonable) and then sell themselves as the experts in applying these terms.
Compliance issues are not as complex as people like to think. Solutions usually can be developed by applying common sense. Compliance officers and internal auditors are proficient in this area, especially when they are focused on coming up with solutions to common problems.
Reputational Compliance
A perfect example of a compliance concept which can be misinterpreted is “red flags.” When conducting due diligence of a third party, a target company for acquisition or a joint venture partner, the identification of a red flag can be the beginning of the unraveling of a business deal.
A “red flag” is not the end of the world. Nor are all “red flags” created equal – some are more problematic than others. There are no hard and fast rules for resolving red flags but everything depends on context and surrounding circumstances.
Lawyers often forget to “look at the law,” meaning to read the statute or the applicable cases. The same applies in the compliance context. “Due diligence” has been defined to mean “reasonable inquiries.” It does not mean scientific proof of a fact or the absence of a fact.
A “red flag” is a term used to identify a fact which requires further information to assess. It does not mean “Run Away (as used in Monty Python’s Holy Grail).” To the contrary, it is a guide to focus the due diligence inquiry by obtaining additional information about a potential issue. Of course, a company should not ignore a “red flag.” To do so, raises potential risks for claims of willful blindness or deliberate ignorance, which can create the inference of criminal intent.
Some compliance consultants provide clients with lists of red flags to accompany their due diligence program or merger and acquisition procedures. These should never be considered exhaustive nor should anyone ever assume that each red flag is equal in significance. One red flag may require minimal follow up while another may require extensive follow up.
For example, two common red flags are an unusually high commission requested by a third-party agent and a request that payments to the third-party agent be made to an offshore account. The context of each of these can differ significantly. A third-party agent may request a $1 million commission in the context of a $2 billion deal which may be reasonable in the overall market and given the size of the transaction. Similarly, a request to pay a third party agent’s fees to an offshore account may be reasonable if the agent’s business is in a high risk corruption area and where the home country has a very weak institutional banking system or there the government has confiscated private funds in the past.
But these reasonable explanations for such “red flags” may not exist in every situation and the facts may warrant heightened concern. If a third-party agent requests that payments go to an account in Malta rather than the home country of Germany, the arrangement may be more significant and require some reasonable explanation. Or, if the $1 million success fee is coupled with an extraordinary success requirement of approval of an application within an unprecedented or short time period, this may raise significant concerns and require additional investigation.
Red flags are an important marker for consistent policies. They are not an end to themselves but they are an effective tool to focus compliance inquiries.
