As global anti-corruption enforcement continues to gain steam, regulatory agencies are increasingly turning their microscope to third-party affiliates.
Today’s companies don’t have the luxury of simply worrying about their own compliance. They’re also responsible for ensuring their business associates comply with anti-corruption laws.
Considering that 44 percent of business leaders increased their number of suppliers last year and 70 percent were concerned those suppliers weren’t doing enough to minimize risk — compared to 52 percent in 2013 — third-party compliance has become a major area of risk for business leaders. Many have been forced to drastically step up their efforts in performing due diligence on third-party affiliates.
“Third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions,” says the U.S. Department of Justice in its resource guide for the Foreign Corrupt Practices Act (FCPA). “Risk-based due diligence is particularly important with third parties and will also be considered … in assessing the effectiveness of a company’s compliance program.”
Two of the top three anti-bribery and corruption challenges faced by U.S. and UK business leaders involve managing business relationships with third parties: auditing third parties for compliance and performing effective due diligence on foreign third parties. As global compliance expert Kelvin Dickenson says, “the risks of insufficient third-party diligence have never been greater.”
Despite the elevated risks, however, may companies have lagged behind in their due diligence efforts. Of companies with formal anti-bribery and corruption polices, two in five fail to communicate their policies to third-party agents, vendors, brokers or suppliers, while three in five companies whose compliance programs include anti-corruption training don’t require their third-party representatives to participate.
Furthermore, nearly two-thirds of businesses with “right to audit” clauses in their third-party contracts have yet to perform an audit, and half of U.S. companies drop the ball when it comes to obtaining periodic compliance certifications from third parties.
To prevent legal entanglements and devastating penalties moving forward, a significant number of businesses will need to become more vigilant when it comes to performing third-party due diligence.
The degree of third-party due diligence required can vary depending on the industry, size and nature of the transaction, and past relationship with the affiliate. To help companies develop baseline standards for due diligence, the U.S. Department of Justice and the Securities Exchange Commission have provided some guiding principles that always apply.
Qualifications and associations: A company should “understand the qualifications and associations of its third-party partners, including its business reputation and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.”
Business rationale: Companies should also have an understanding of the business rationale for including the third party in the transaction. “Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.”
Ongoing monitoring: Companies should undertake “some form of ongoing monitoring of third-party relationships. This may include updating due diligence periodically, exercising audit rights, providing periodic training, and requesting annual compliance certifications by the third party.”
The need for ongoing third-party monitoring is a particularly important principle for business leaders to grasp. “A common gap we often see is that once a third party is vetted, there is no ongoing review for changes in status or risk,” Dickenson said.
Another crucial aspect of third-party due diligence is learning to recognize common red flags that indicate a high compliance risk. Below are some key indicators of a corrupt third-party associate.
Reputational risk. When conducting a background check on a potential affiliate, take heed if the third party:
Government relationships. Pay close attention to the third party’s associations with government officials, and watch for:
Other common red flags. Other warning signs include:
These are just a few of the potential indicators that a supplier, vendor or affiliate poses a significant compliance risk — and business leaders can no longer afford to ignore them. To navigate today’s enforcement-heavy anti-corruption climate, companies must start taking third-party due diligence seriously or risk paying a heavy price.
We're sorry this resource is no longer available, we've redirected you to our Resource center.