Do Your Due Diligence
With the increasing frequency and expanding scope of enforcement globally, organizations need to devote plenty of attention to anti-corruption due-diligence of third-parties that they engage. The value of due diligence is immense. It provides “red flags” that a particular third-party may be a source of risk. It also helps to satisfy an effective anti-corruption compliance program from the perspective of enforcement agencies. Additionally, effective due diligence may mitigate potential penalties.
If a company faces allegations of misconduct stemming from the acts of a third-party it has engaged, its demonstration of adequate due diligence, and of course, supporting documentation, may significantly offset potential penalties.
It is necessary to conduct enhanced due diligence on third party intermediaries in the context of the Foreign Corrupt Practices Act (FCPA) and the UK’s Bribery Act (UKBA) of 2010. Due diligence is often cited as a ‘must have’ for any compliance program. The US DOJ and SEC, and the UK’s Serious Fraud Office aim to tighten the noose around overseas corruption, as such, the perceived level of due diligence will become more onerous.
The FCPA prohibits US companies and individuals from “offering, promising or giving to a ‘foreign official’ anything of value to obtain or maintain an improper advantage or to secure some act from the ‘foreign official'”. Other anti-corruption initiatives and laws – the Organization for Economic Cooperation and Development (OECD), the UK Bribery Act, and Canadian Corruption of Foreign Public Officials Act – also play by the same rules and prohibit similar types of conduct. Many anti-corruption laws treat corruption as a strict liability offense, or one requiring only minimal knowledge. Because of this, organizations have to devote resources to prevent and mitigate potential liability that can arise from interactions with and reliance upon third parties.
In other words, to avoid being held liable for corrupt third-party payments, companies are encouraged to exercise due diligence and to take all necessary precautions to ensure they have formed a business relationship with reputable and qualified partners and representatives.
So What Is an Organization to Do?
So, you’ve employed a third-party (really who hasn’t these days) – supplier, agent, distributor, lawyer, accountant, or consultant – these all come with many risks and regulatory requirements. You need to ensure that your third-parties are protecting your confidential information, avoiding unethical practices, maintaining a safe and healthy working environment, mitigating operational risks, and, of course, much more. On top of that, you have to monitor third-party compliance with regulations like HIPAA, Anti-Money Laundering (AML) requirements, conflict minerals reporting requirements, and as mentioned, FCPA, the UK Bribery Act, the Federal Trade Commission (FTC) Act, and the Dodd-Frank Act. Phew!
In order to meet these obligations, you need to implement a full suite of solutions for real time search, ongoing daily monitoring, false positive review, enhanced due diligence, ethics communications, management reporting, policy attestation and regulatory alerts. If these processes are not effective, third-party risks could snowball into serious issues that will ultimately affect your profitability and credibility. Unfortunately, many companies are struggling to implement these due diligence measures because of their complexity and vastness of their third-party network.
It’s your job to: research, investigate, make enquiries, compile, report, repeat – all while doing it ethically, and fully in the public domain.
The purpose of third-party due diligence is to determine whether your third-parties can be reasonably expected to comply with anti-corruption laws in the future after they are hired. By examining their experience, professional reputation, allegations of corrupt activity and the nature and frequency of contacts with government officials, an assessment can be made and red flags can be identified.
The best defense to shield your organization from third-party risk is to implement a screening program to monitor that risk.