Now That’s a Gift That Keeps on Giving!
Organizations need to devote plenty of attention to anti-corruption due-diligence of third-parties that they engage. The value of due diligence is immense as it provides “red flags” that a particular third-party may be a source of risk. It also makes an anti-corruption compliance program very happy from the perspective of enforcement agencies. BONUS – effective due diligence may mitigate potential penalties.
If a company were to face an allegation of misconduct stemming from the acts of a third-party it has engaged, the demonstration of adequate due diligence, and supporting documentation to go along with it, may significantly offset potential penalties.
It is necessary to conduct enhanced due diligence on third party intermediaries in the context of the FCPA, and the UK’s Bribery Act of 2010. Due diligence is one of those ‘must haves’ for any compliance program, and with the DOJ, SEC, and the UK’s Serious Fraud Office pulling the noose tighter around overseas corruption, the perceived level of due diligence will become more strenuous.
Let’s do some due diligence strength training!
The FCPA prohibits US companies and individuals from “offering, promising or giving to a ‘foreign official’ anything of value to obtain or maintain an improper advantage or to secure some act from the ‘foreign official”. Other anti-corruption initiatives and laws – OECD, the UK Bribery Act, and Canadian Corruption of Foreign Public Officials Act – also play by the same rules and prohibit similar types of conduct. Many anti-corruption laws treat corruption as a strict liability offense, or one requiring only minimal knowledge. Because of this, organizations have to devote resources to prevent and mitigate a potential liability that can arise from interactions with and reliance upon third parties.
In other words, to avoid being held liable for corrupt third-party payments, companies are encouraged to exercise due diligence and to take all necessary precautions to ensure they have formed a business relationship with reputable and qualified partners and representatives.
So What Is an Organization to Do?
If you’ve employed a third-party, you need to ensure that your third-party is protecting your confidential information, avoiding unethical practices, maintaining a safe and healthy working environment, mitigating operational risks, and, of course, much more. On top of that, you have to monitor third-party compliance with regulations like HIPAA, Anti-Money Laundering (AML) requirements, conflict minerals reporting requirements, and as mentioned, FCPA, the UK Bribery Act, the Federal Trade Commission (FTC) Act, and the Dodd-Frank Act. It’s enough to see stars. But that’s where a power tool comes in handy.
In order to meet these obligations, you need to implement a full suite of solutions for real time search, ongoing daily monitoring, false positive review, enhanced due diligence, ethics communications, management reporting, policy attestation and regulatory alerts. If these processes are not effective, third-party risks could snowball into serious issues that will ultimately affect your profitability and credibility.
It’s your job to: research, investigate, make enquiries, compile, report, repeat – all while doing it ethically, and fully in the public domain.
The purpose of third-party due diligence is to determine whether your third-parties can be reasonably expected to comply with anti-corruption laws in the future after they are hired. By examining their experience, professional reputation, allegations of corrupt activity and the nature and frequency of contacts with government officials, an assessment can be made and red flags can be identified.
The best defense to shield your organization from third-party risk is to implement a screening program to monitor that risk.