Use the content in Compliance Communicator to help strengthen tone in the middle: we grant you permission to re-use our content for your E&C newsletters.
Memo to Managers
The Third Party Link with Our Compliance Program
Like all great companies, we focus on ensuring that we have an effective compliance program. While our primary focus is on what we and our employees need to do to ensure compliance, we cannot stop there. Whether we like it or not, our employees are only one element of the compliance equation. We also have many critical partnerships with agents, contractors or other third parties. As a result, it is necessary for us to also focus on the qualifications and actions of our current and proposed third parties.
Use of Third Parties May Elevate Our Risks of Bribery and Corruption
The third parties we engage can have a significant impact on both our reputation and bottom line. While our supply chain has always focused on the qualifications and actions of our third parties with respect to quality and services, we also have to be sure that we focus on bribery and corruption risks.
In fact, in the U.S., over 90 percent of all FCPA bribery and corruption actions in the last few years have involved the actions of third parties. Among other issues, these cases have involved: use of illegal payments to obtain licenses or permits; bribes to ensure successful awarding of contracts; or payments, trips or scholarships to relatives of government officials to gain access to decision makers of state controlled companies.
What Steps Can We Take to Lower Our Third Party Risks?
If you work with or engage third parties:
- Make sure you know and follow our policy about the engagement and use of third parties
- Do not engage any third party without a reasonable business rationale
- Ensure that no third party is engaged outside of our policy guidelines
- Complete due diligence on every third party
- Complete the appropriate level of due diligence for the third party’s risk
- Does not have to be the same for every third party
- However, within the same risk level is must be consistently applied
- Complete the activity before any contract (afterward, it may be too late)
- Regularly update the due diligence and monitor or audit compliance
- Follow our record retention policy about documenting the due diligence and the results
Communicate our Compliance Policy and Expectations to Third Parties
We cannot just assume that third parties understand our expectations about what constitutes compliant behavior in accordance with our code of conduct or third party policy. Best practices require us to take steps to communicate these to our third parties and confirm that we are comfortable they have had training on the risks.
What Are the Third Party Red Flags We Need to Watch Out For?
Some third party relationships may send up obvious—or more subtle—indicators that the organization is not being engaged for legitimate business purposes. Some of the red flags may relate to commercial bribes and others may be more related to the bribery of government officials. Both elements of bribery violate our code and must be prevented. Look for things such as:
- Third parties conducting business in a country with a poor corruption index or history of corruption
- Guarantees of close personal relationships between third parties and government officials
- Conducting business in countries with high levels of state ownership or control of businesses
- Unusually high levels of cash or miscellaneous payments
- Payments made to third parties which are unusually large and not properly or well documented
- Poor reputation or credentials of any agents or third parties and any unwillingness to provide anti-bribery certifications or audit rights
- Elaborate gifts, travel and entertainment expected as part of doing business
Trust but Verify
Third parties are critical partners of ours and this communication is not meant to suggest that third parties are not trust worthy or are all willing to pay bribes. Their role in the success of our company’s strategic goals cannot be denied. Nevertheless, we must continue to exercise reasonable due diligence, oversight, training, monitoring and auditing of our third parties to ensure that they do nothing to harm our company’s reputation. “Trust but verify” perfectly sums up our relationship with third parties. Third parties with nothing to hide should not fear a strong, effective compliance program like ours.
Questions of the Month
Q: John, in the business development department, is looking to hire a third party for work outside of the U.S. They come highly recommended, and John says he has used them at another company with no problems, so he wants to “fast track” their approval. Will an email from John be enough to let us go ahead and engage them?
A: No. We appreciate John’s recommendation and it can certainly be part of the record, however our company policy is that all third parties must be reviewed and approved in accordance with our policy and no contracts may be entered into until they are vetted and documented.
Q: I hear a lot about bribery issues with vendors and third parties in China and Russia, does this mean that we should not do business there?
A: Not at all. Good and bad third parties can be found in any country. The country’s corruption index is one of the factors we consider when determining the risk of doing business in that country but many reputable third parties have a long history of operating in countries like China and Russia. Complete the due diligence and then make a decision in accordance with the third party policy.
Global companies face unprecedented third party risk in today’s landscape - third parties are involved in 90 percent of Foreign Corrupt Practices Act (FCPA) cases, and more companies are under investigation than ever before in the history of FCPA enforcement.
Using Compliance Communicator
Equipping managers with the skills they need to navigate the E&C challenges they face is critical. Use the content in Compliance Communicator to help keep compliance top of mind with your managers and strengthen your organizational culture. NAVEX Global grants you permission to publish any or all of the content to best suit your needs.
For more valuable content from our Advisory Services team, subscribe to our blog, Ethics & Compliance Matters™. You’ll find perspectives on the latest E&C trends that impact your program, and get insights on increasing program effectiveness.