Ben DiPietro, Oct. 27, 2016
The focus of due diligence for interactions between companies and existing or potential third-party partners is shifting, with more attention now being paid to potential conflicts of interest than to worries about bribery or corruption, according to a new survey released Thursday. The report from software and services company Navex Global found 43% of the 394 respondents ranked worries about conflicts as their top M&A due diligence concern, up from 18% who said so last year. That puts conflict fears ahead of worries over bribery and corruption, cybersecurity and fraud.
Andrew Foose, vice president of Navex Global’s advisory services team, said “the honest answer is we don’t know” what prompted the shift. “Our working theory is that the company officers overseeing their third parties have put significant effort into identifying risks of bribery and corruption over the last few years, largely in response to aggressive enforcement actions by various governments around the globe,” he said. Many may feel they have addressed their bribery and corruption risks reasonably well and are less worried about it. Also, it’s possible their third-party due diligence focused on bribery and corruption may have revealed that conflicts of interest among vendors, consultants and suppliers is a larger, more difficult problem than they previously realized, he said. “We see this as a good thing if it’s true because it may mean business leaders are beginning to realize that compliance is not so much about avoiding enforcement actions like bribery and corruption laws, as much as having a clean running organization whose business is not distorted by improper ties and interests,” said Mr. Foose.
So, what does this change mean for companies and their compliance programs? Mr. Foose said the survey found 30% said they expect an increase in third-party engagements in 2017, and that planned increase in use of third parties increases the risk of conflicts of interest. That means organizations need to be proactive to minimize those risks. “The first step is to develop a baseline program that helps you track your third parties, categorize risk and set up a monitoring system that checks them on an ongoing basis,” he said. Many organizations also choose to extend training to the key third parties. “If an organization can get these things done, it will position itself to be able to better figure out what’s going on with conflicts of interest.”
Readers can subscribe to The Morning Risk Report here: http://on.wsj.com/MorningRiskReportSignup. Follow us on Twitter at @WSJRisk.