Companies must grasp third party risks

Michael Boag, md, Stroz Friedberg, an intelligence and risk management company, discusses the need for business to grasp the nettle of third party risk

The failure to conduct appropriate due diligence on third parties poses an ever increasing risk to business, as regulators and law enforcement across the world step up their pursuit of organisations and individuals involved in alleged cases of bribery and corruption. If recent reports are anything to go by, the compliance programmes of some UK companies may prove woefully inadequate, with only half of all UK businesses polled said to be vetting their external suppliers for UK Bribery Act (UKBA) compliance.

The consequences could be high - not only can legal action under legislation like the UKBA and the US Foreign Corrupt Practices Act (FCPA) result in fines into the hundreds of millions, companies can also be debarred from public works and government procurement or face civil legal action, not to mention the incalculable cost of reputational damage and the accompanying loss of business.

While local agents, distributors, licensees and joint ventures partners may not be employees, firms are increasingly being held liable for the corrupt actions of these third parties.

The UK Ministry of Justice has provided specific guidance on the Bribery Act, which states that organisations must apply “due diligence procedures, taking a proportionate and risk based approach, in respect of persons who perform or will perform services for or on behalf of the organisation, in order to mitigate identified bribery risks”. The US Department of Justice (DOJ) and Securities & Exchange Commission (SEC) have also reinforced the importance of due diligence, with their FCPA guide stating that “Risk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s compliance program”.
 In response, companies must develop an appropriate due diligence strategy, which should start with a risk assessment of the third party relationship, to ensure that the depth and rigour of the due diligence process is proportionate to the risk.

An effective due diligence programme makes it easy to see how organisations that focus on getting it right tangibly reduce their corruption and bribery risk. Take a recent example, where due diligence had been conducted into a potential joint venture partner in Africa. This had identified allegations that an executive at the prospective partner had, while an executive at another firm, been accused of paying a bribe through the son of a government minister. Although he had not been officially sanctioned in the country, numerous local sources confirmed that the allegation had real merit. A serious corruption red flag had been raised and the firm backed off the joint venture. The decision also helped avert the potential of serious reputation damage by becoming involved with a local partner with a less than stellar reputation for integrity.

 Proportionate risk-based due diligence helps organisations highlight key red flags that a tick box approach would almost certainly miss.Putting in place an anti-corruption due diligence programme that reflects strong governance and a commitment to ethical practice, which can withstand scrutiny from a growing legion of regulators, must be a top priority.