Curbing the Risk of Corruption and Third Parties
Companies today rely on far-flung, interconnected networks to do business. Local partners can provide companies with clear benefits—local knowledge and lower-cost labor, for instance—and in some cases, these partnerships are legally required. But ensuring anti-corruption compliance by third parties over whom a company may have little control can be a complex task. In emerging markets, where the business sector may have little history of or experience with compliance, the difficulty can be exponentially greater.
However, as headlines attest, companies must address the corruption risks associated with third parties or if not, do so at their own peril. According to the 2014 OECD Foreign Bribery Report, among the enforcement actions they surveyed, 75 percent of bribes were paid through third parties.
The most visible business impacts of corruption include reputational harm, financial losses, legal proceedings, and disruption of business operations. The long-term effects can also be damaging—corruption can expose a company to continued extortion; charges and enforcement actions can increase insurance premiums; and companies can also be excluded from bidding on government and international financial institutions contracts.
Canada, for example, has sought to improve its anti-corruption efforts with new amendments to the Corruption of Foreign Public Officials Act. One provision bans companies, including foreign multinationals, from doing business with the Canadian government for 10 years if at any time in the past decade they or their affiliates were convicted of bribery.
Every company today works with third parties: from agents, consultants, distributors and resellers to government service providers, transportation companies, professional services firms, and joint venture partners. Given this vast range, it is a complex task for a company to fully manage and monitor corruption risks. However, there are some processes that can be put in place to minimize exposure.
Assess Your Risk
Risk-ranking third parties into categories such as high, medium, and low risk can help companies tailor due diligence and use resources wisely. Among the factors to consider when performing such a risk assessment is where the third party is located; how business-critical it will be; whether it will have touch points with government officials; and how it will be paid. When you have risk-ranked your third parties, you can determine the amount and type of due diligence that you should undertake.
Perform Appropriate Due Diligence and Follow Up
Your due diligence process can range from an ownership review, financial health check and a sanctions or black list review for low risk partners, to interviews, site visits, and hiring an outside investigative firm to look into the potential partner for those you consider high risk. If you find red flags, take appropriate follow-up measures and document the process.
Formalize the Relationship
If you proceed with a third party relationship, ensure that you use the contracting process to secure compliance commitments. You have the greatest leverage with a potential business partner before the contract is signed. At a minimum, contracts should include:
- A scope of work and compensation structure
- Compliance representations and warranties
- Compliance training requirement
- Audit rights (consistent with local law) and an agreement to cooperate in any investigation
After the Contract: Setting the Tone, Managing the Relationship
Once the deal is signed with a third party, there are several steps that will help to offset risks and guide appropriate behavior.
Communication and training are vital elements of an anti-corruption program. First, you should train your own employees on how to manage the third party relationship, and ensure that training is specific to their role and the risks they may face. It is important to regularly communicate with your third parties to ensure they understand your code of conduct and anti-corruption policies and requirements; provide compliance reminders; and answer questions that may arise.
If you have been able to secure a compliance training requirement in your third party contract, check to ensure it is actually being carried out. Many companies today also provide targeted training for third parties, or at the very least, a training requirement. In high-risk scenarios, it often isn’t enough to tell your business partners what you expect by giving them your code of conduct or having them certify compliance—although those things are obviously important. You may need to go deeper in terms of engagement through training, capacity building and technical assistance.
Monitoring your program is another essential element of an effective anti-corruption program. Conducting annual “health checks” can be valuable for ensuring that the program is running smoothly and policies and contract terms are being followed. Monitoring should also include periodic unannounced site visits, formal audits and transaction testing.
What should you do if something goes wrong? First, you act quickly to fix any problems that arise using the remedies you have negotiated in the contract. You should also use information from your monitoring to improve your processes and keep problems from recurring.
The spotlight is on anti-corruption today—from new laws to increases in enforcement activity. Companies putting systems in place to prevent bribery now will reap the rewards in the years to come.
[Editor’s Note: You can learn more about managing corruption and third party risk via a webinar Leslie Benton and her colleague Craig Moss are hosting at the Center for Responsible Enterprise and Trade on March 17th.]