Your partners, vendors and suppliers are an integral part of your business and help provide value to your customers. In a sense, they are an extension of your business. As such, did you know that their actions reflect directly on you?
Not just in terms of your reputation, but also in terms of anti-corruption compliance. When it comes to global anti-corruption laws, the actions of your third parties could result in sanctions and fines against you.
When I conducted investigations as an in-house attorney, and now as President at Workplace Answers, I often ask the questions: How many third parties do you work with and do you have a list? We have clients that are not sure and/or do not have a definitive list.
If you ever conduct an internal investigation, and certainly if you are investigated—for example, by the Securities and Exchange Commission (SEC) or Department of Justice (DOJ)—a natural request will be to produce a list of your third parties.
Why? Because most violations involve third parties, so understanding who they are, what type of business you do with them, how you pay them, what their contracts look like…those are basic requests.
Plus, if you are expected to conduct due diligence on your third parties, how did you do that without having a list? Before you can know your third parties, you need to know how many you have and who they are.
An easy approach is to start with understanding how many third parties you work with. You can help out by grouping them into buckets:
Sometimes, nomenclature can help – spell out the exact list of third party “types” you are looking for—that will help with language barriers and regional naming conventions. You can then ask for general groupings based on geography (APAC, Americas, EMEA – or however you divide the world). If you are worried about a particular high-risk country—an easy example is China for corruption or trade compliance—then start there.
And also, get a list. Simple, low-tech compliance is often very useful and can help reduce your risks. The key is to start. Don’t get overwhelmed and procrastinate, but get started. Understanding your risks is the first step to reducing them. And while this will not count as a “risk assessment,” it certainly is one of the first and necessary steps.
Once you have a count of your third parties and a definitive list, it’s also important that you train your third parties. And not just training in the world of anti-corruption/FCPA/UK Bribery, but also export compliance, code of conduct, and of course, privacy and data protection—including HIPAA. Training makes sense because third parties are responsible for most compliance violations, so they should also be the focus of more compliance efforts.
To ensure that your third party relationships are assets and not compliance liabilities, it’s important to follow some simple steps:
Your employees and third parties need to understand their role in fighting corruption and how to do their jobs within the law.
We're sorry this resource is no longer available, we've redirected you to our Resource center.