OP-ED

Taking Risk Management Beyond the Spreadsheet

By Todd M. Johnson 18 April 2018

epa06387450 Deputy Attorney General Rod Rosenstein testifies before a full committee hearing on oversight of the Justice Department's investigation of Russia's interference in the 2016 US presidential election in the Rayburn House Office Building in Washington, DC, USA 13 December 2017. Attorney General Jeff Sessions recused himself from the investigation earlier in the year. EPA-EFE/JIM LO SCALZO

Managing counter-party risk is not easy and it is representative of the broader challenge of effectively identifying and mitigating non-financial risks. In many respects this challenge is more art than science, where, for example, a deep understanding of a country’s history can be more valuable than the ability to develop a repeatable quantitative model. This task is now part and parcel of doing business globally, but particularly in growth markets where the rewards of operating are often matched by the risks.

NFR or “non-financial risk” is an often used but frequently misunderstood concept in the corporate world. Although closely linked to well-understood financial risk categories such as currency fluctuations and debt exposure, it also stands apart in terms of being far less suited to the risk models that dominate banking, insurance, and many other industries.

Finding a definition for NFR can be equally challenging. In essence, one can see it as covering the gamut of hard to quantify risks such as supply chain failures, security incidents, political exposure, and misconduct of counter-parties (to name just a few). Its very breadth makes it hard to define but no less important a discipline, particularly for companies worried about the reputational and legal implications that come from misses on any of the above.

Despite the ambiguity associated with NFR, companies ignore it at their own peril. One need only cast a glance at the headlines of any financial newspaper to see examples of companies caught out by NFRs that were misunderstood. This is particularly true for those businesses with an exposure to markets where rule-of-law is questionable, institutional capacity weak, and political stability uncertain.

One of the less discussed NFRs, but no less impactful, is the potentially crippling legal, financial, and reputational impacts that come from an inadequate understanding of a company’s counter-parties, whether they be customers, partners, or suppliers.

The risk picture is complicated for firms as they attempt to meet the challenge of ensuring they do not wittingly engage with entities that are vehicles for the financial interests of local political leaders. Satisfying this requirement usually means ensuring that companies avoid unlawful engagement with “politically exposed persons (PEPs),” a category for which multiple definitions exist in various countries.

The intergovernmental Financial Action Task Force (of which South Africa, the US, and UK are among 37-member countries and organizations) defines a PEP as someone “who is or has been entrusted with a prominent public function.” In practice, this can mean anyone with a senior position in all branches of the government, including the military and state-owned enterprises. Critically, it also includes the PEP’s close family members and associates.

Interestingly, the US Government’s Foreign Corrupt Practices Act (FCPA) does not use the term PEP, instead referring to “foreign officials”. Nonetheless, in practice this statute – the principal foreign anti-corruption tool utilized by the US Government – has been used repeatedly to pursue companies for questionable engagement with foreign public officials (no matter their title or rank) and their close associates.

The need for companies to mitigate the PEP risk is a cost of doing business in all types of markets. While media coverage tends to focus on the illicit activities of PEPs in the developing world, OECD markets are far from immune from inappropriate engagement between companies and public officials (and often their family members). Nonetheless, it is in the developing world where information is often scarce and regulatory reporting requirements minimal, that the challenge of uncovering PEPs is the most acute.

For proof of this problem, one need only read Bastien Obermayer’s and Frederik Obermaier’s The Panama Papers or, for an Africa-specific look, Tom Burgis’s The Looting Machine. Both books are replete with examples of the extremely sophisticated offshore financial structures created by PEPs (or, more accurately, by their legal and financial advisers) designed to hide their beneficial ownership of corporate entities and the sources of their funds.

It is these structures, very often registered in tax havens such as Cyprus or the British Virgin Islands, that present a clear and present danger to investors in African markets and elsewhere. These markets often require companies to select local partners in order to bid on public tenders, an understandable requirement so as to grow local economies, but also one that provides a surreptitious entry point for PEPs.

Ample evidence of the hazard is provided by the billions of dollars in fines levied in recent years by the US Government under the FCPA. Many of these fines resulted from companies engaging local partners with undeclared connections to government officials or who provided improper benefits to the same.

The long-arm of US government enforcement can touch any company or individual that conducts business using American capital markets and financial institutions. It is this wide remit that allowed the US Department of Justice in 2017 to successfully pursue FCPA-related convictions of a former Guinean Minister of Mines, a Chinese billionaire, and the director of South Korea’s national earthquake research center. This is in addition to the nearly $2 billion in fines paid last year alone by companies (both American and foreign) to resolve FCPA-related cases.

Beyond the FCPA, there are a multitude of countries (South Africa included) that have legislation used to combat bribery and other illicit activities in the relationship between the private and public sectors. Many of these acts are designed to check the most egregious types of corruption, such as direct payments of bribes or employment of the family members of government officials. These acts vary in their jurisdiction, definitions, and enforcement, but taken in their totality they present companies of all sizes with a very real legal obligation to meet.

It is important to note that doing business with a PEP is not by itself a guaranteed path to an FCPA conviction. Former politicians now serving in corporate roles are a fact-of-life not only in South Africa, Angola, or Nigeria, but also in the US and across the EU. The potential for wrong-doing comes when those PEPs, by virtue of their past or current role in government, could, for example, influence the award of a tender.

If this sounds like a legal and compliance minefield, it’s because it is. Companies should recognise from the start that when entering markets with reputations for corruption and questionable legal controls, the burden is on them to ensure their counter-parties are adequately vetted.

Concurrent with the standard process of asking potential local counter-parties for lists of their management team, directors, and shareholders, risk professionals should be tasked with building an independent profile of the potential partner. This will include assessing the veracity of their information while also separately conducting a review of open source material and watch lists with the goal being to reveal any potential red flags around ownership, reputation, legal judgments, and other issues not previously disclosed.

Conducting a full-scope partnership review requires a skill-set often missing in many companies. Those best equipped to meet this challenge are often not deal lawyers or compliance specialists, but those with the curiosity and research skills of an investigative journalist, the country-specific knowledge of a political scientist, and the interpretive frameworks of an intelligence analyst.

The investigative tools should include standardised research databases, but also personal source networks in the relevant countries. Moreover, the analyst should have the ability to connect the dots between discrete data points. This means being able to draw the link between a potential partner’s CV indicating time as a permanent secretary in government – not in and of itself a reason to end the partnership discussion – and the overlap of that position with a public procurement scandal in which he or she could have been involved.

Beyond the largely reputational risk of an example like the previous, one of the most challenging aspects of a counter-party review is understanding the aforementioned beneficial ownership structures.

How can a company, in vetting its partners, pierce the veil of these structures? The very presence of entities registered in these tax havens should trigger an investigative deep dive. What is unlikely is that they will find the smoking gun in the form of a corporate registration document indicating that “Minister of Energy X” is the owner of the Cayman Islands-registered “ABC Holdings,” which is a beneficial owner of a potential partner. The reason that these jurisdictions thrive – the Cayman Islands alone is home to around 100,000 registered corporate entities – is that they promise secrecy.

Nonetheless, prominent PEPs are often the subject of investigative deep dives from the likes of Burgis and Obermayer/Obermaier. Capable corporate researchers should be able to access this work, which may provide enough smoke, if not the actual fire, to signal a potential problem.

Also, companies can outsource investigative work to the burgeoning industry of risk consultancies that specialise in identifying potential PEP and related risks. Companies must take care though to select firms with an established track record in the jurisdiction under consideration and that promise to adhere to strict controls around investigative methods. The very challenge of the task makes it easier for disreputable firms to promise legal proof, yet offer little more than open source innuendo and potentially non-compliant methods for gathering information.

One of the simplest solutions to understanding an offshore structure is to ask the potential counter-party about beneficial ownership of entities that will draw a benefit from a proposed relationship. While this sounds obvious, it can also run up against commercial pressures, including a reluctance from sales teams who may be hesitant to appear distrustful of individuals who could become close interlocuters. Simply explaining the necessity of obtaining this information, at risk of running afoul of the FCPA and related acts, should provide more than enough explanation for reluctant colleagues or potential partners. If the counter-party continues to refuse to provide beneficial ownership details, then that should serve as a stark warning that something is amiss.

One challenge for any internal investigation team is to avoid appearing as a “deal-killer”. Sales leaders, who it should be remembered generate the revenue that funds enabling functions like risk, are liable to develop an adversarial relationship with the same if they see them as always concluding “here be dragons”.

If those dragons genuinely exist, then risk and compliance has no choice but to make that fact known. However, at the same time, they should actively work to present alternative partnership options or brainstorm with legal colleagues to see whether troublesome aspects of a potential engagement can be removed from the equation without scuppering the entire deal.

Managing counter-party risk is not easy and it is representative of the broader challenge of effectively identifying and mitigating non-financial risks. In many respects this challenge is more art than science, where, for example, a deep understanding of a country’s history can be more valuable than the ability to develop a repeatable quantitative model. This task is now part and parcel of doing business globally, but particularly in growth markets where the rewards of operating are often matched by the risks.

Although now much more famous for his role overseeing Special Counsel Robert Mueller’s Russia investigation in the US, Deputy Attorney General Rod Rosenstein also has been a strong advocate for FCPA enforcement. In remarks made late last year at a conference on the act, he summarised very clearly how the US Government views the responsibilities of companies as they select with whom they do business:

Criminals try to evade law enforcement. But they also need to evade internal controls and compliance programs, if those internal controls and programs exist. Honest companies pose a meaningful deterrent to corruption.

Companies can protect themselves by exercising caution in choosing their business associates and by ensuring appropriate oversight of their activities… My advice is to make sure that you can stand proudly with the company you keep.”

Non-financial risks are a feature of life for any business. The challenge comes in appropriately recognising them and putting adequate controls in place to mitigate their effects. Meeting the test requires new skills and a willingness to see the value in qualitative reviews that require debate and discussion in the absence of established quantitative indicators.

The task is considerable, but so are the consequences of inaction. DM

Gallery

Support DAILY MAVERICK & get FREE UBER vouchers every month

An increasingly rare commodity, quality independent journalism costs money, though not nearly as much as its absence can cost global community. No country can live and prosper without truth - that's why it matters.

Every Daily Maverick article and every Scorpio exposé is proof of our dedication to this unshakeable mission. Investing in our news media is by far the most effective investment into South Africa's future.

You can support Independent and Investigative journalism by joining Maverick Insider. If you contribute R150 or more per month you will receive R100 back in UBER vouchers. EVERY MONTH until October 2019.

So, if you'd like to help and do something meaningful for yourself and your country, then sign up to become a Maverick Insider. Together we can Defend Truth.


Days of Zondo

Gordhan, Malema and evidence about Zuma will make for a potent week at State Capture probe

By Ferial Haffajee