No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

3 Important Points to Remember About Third-Party Risks

by Michael Volkov
February 28, 2018
in Featured, Risk
concept of due diligence stopping domino effect

How Much Due Diligence is Enough?

It’s easy to get in over one’s head when conducting third-party due diligence. How deep is it necessary to dive to ensure your vendors and suppliers are doing business above board? Michael Volkov provides some expert insight into what “due diligence” means – and what it doesn’t.

If you want to learn and read about managing third-party risks, you will have no trouble finding articles, white papers, webinars and more available to you on the internet.  And for good reason.

Third parties create significant risks, and these risks are not just limited to bribery; they extend into sanctions, money laundering, privacy and cybersecurity, human trafficking, child labor and reputational damage.  The compliance marketplace offers lots of solutions, including automation, due diligence, risk ranking and a host of alternative solutions.

Before you leap into the due diligence world, however, it is important to understand exactly what you are trying to accomplish and why you need to tailor your solutions to your specific needs.

When assessing the issue, there are three important points to understand about due diligence:

What is the Legal Standard?

The term “due diligence” is defined to mean “reasonable inquiries.”  I know that sounds like mumbo jumbo, but it is important to recognize what “reasonable inquiries” does not mean.  As an attorney and a former prosecutor, I know the importance of focusing on burdens of proof — “reasonable inquiries” does not mean “beyond a reasonable doubt,” nor does it mean by a “preponderance of evidence.”  In fact, the standard of “reasonable inquiries” means reasonable questions and follow-up.  It does not mean boil the ocean.

Life always depends on context, and so does due diligence.  A reasonable inquiry in one circumstance may not be reasonable in another.  Everything has to be assessed through the eyes of relevant risks.  Adjusting your due diligence review of a third party to the specific risk profile is imperative.

Agents/Distributors v. Vendors/Suppliers

The FCPA expressly prohibits corrupt payments made through third parties or intermediaries. Specifically, it covers payments made to “any person, while knowing that all or a portion of such money or thing of value will be offered, given or promised, directly or indirectly,” to a foreign official.  The “knowing” requirement includes a representational component, meaning that a person who receives payment (i.e., a third-party) must be acting on behalf of the payor of the money.  If I make a payment to someone who is representing me and I know that the person will be paying a foreign official on my behalf, I am liable for that bribe.

On the other hand, if I pay a vendor who is not representing me or acting on my behalf for a good or service, and that vendor pays a bribe to further its business (not necessarily just mine, but for his overall business operations), then I am not liable for the bribe paid by the vendor.

As an example, if my company buys potato chips from a vendor (along with thousands of other companies in a specific country) and the vendor ends up paying a bribe to customs officials in that country to favor its shipments, as a customer of the vendor, I am not liable for the vendor’s bribery payments, because the vendor is not acting on my behalf.

That does not mean you can ignore the risks created by your vendors and suppliers.  On the contrary; vendors and suppliers pose many risks and are often involved in bribery or fraud schemes.  My point is that vendors and suppliers, in the absence of a specific representational function, do not create classic bribery risks, and they should be screened in accordance with this risk profile.

Third-Party Professionals

The third-party universe includes professionals.  As we have seen in the anti-corruption world, bribes can be paid by lawyers, tax professionals, lobbyists and consultants.  These representatives act on behalf of their client companies and therefore create potential corruption risks.

A foreign law firm should be screened like any other third-party candidate based on the specific risks involved. Moreover, law firms should be subject to the same controls, invoicing requirements, description of services and fees that are commensurate with the specific project and the market.

History is replete with instances where lobbyists have been used (and continue to be used) to funnel illegal payments to government officials (e.g., Abscam and Abramoff, just to name a few). For that reason, lobbyists in foreign countries may create significant corruption risks and should be subjected to a commensurate level of controls.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Tags: Third Party Risk Management
Previous Post

Don’t Put All Your Compliance Eggs in the MiFID II Basket

Next Post

TRACE: White House Ethics Czar

Michael Volkov

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

robot reviewing contract

9 Emerging Use Cases for AI in TPRM

by Miriam Konradsen Ayed and Craig Moss
May 6, 2025

(Sponsored) As third-party ecosystems grow more complex, compliance teams face mounting pressure to assess and monitor external relationships effectively. Miriam...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

avengers lego figures

Uniting Forces: Cross-Functional Approaches to Insider Threat Prevention

by Rachel L. Gerstein
April 8, 2025

Creating a structured framework that brings together security, HR, IT, legal and compliance teams to fight internal vulnerabilities

news roundup header image papers

Internal Audit Group Prepares New Third-Party Topical Requirement

by Staff and Wire Reports
March 7, 2025

Most organizations expect to increase fraud budgets

Next Post
TRACE: White House Ethics Czar

TRACE: White House Ethics Czar

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights