Saturday, March 6, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

3 Important Points to Remember About Third-Party Risks

by Michael Volkov
February 28, 2018
in Featured, Risk
concept of due diligence stopping domino effect

How Much Due Diligence is Enough?

It’s easy to get in over one’s head when conducting third-party due diligence. How deep is it necessary to dive to ensure your vendors and suppliers are doing business above board? Michael Volkov provides some expert insight into what “due diligence” means – and what it doesn’t.

If you want to learn and read about managing third-party risks, you will have no trouble finding articles, white papers, webinars and more available to you on the internet.  And for good reason.

Third parties create significant risks, and these risks are not just limited to bribery; they extend into sanctions, money laundering, privacy and cybersecurity, human trafficking, child labor and reputational damage.  The compliance marketplace offers lots of solutions, including automation, due diligence, risk ranking and a host of alternative solutions.

Before you leap into the due diligence world, however, it is important to understand exactly what you are trying to accomplish and why you need to tailor your solutions to your specific needs.

When assessing the issue, there are three important points to understand about due diligence:

What is the Legal Standard?

The term “due diligence” is defined to mean “reasonable inquiries.”  I know that sounds like mumbo jumbo, but it is important to recognize what “reasonable inquiries” does not mean.  As an attorney and a former prosecutor, I know the importance of focusing on burdens of proof — “reasonable inquiries” does not mean “beyond a reasonable doubt,” nor does it mean by a “preponderance of evidence.”  In fact, the standard of “reasonable inquiries” means reasonable questions and follow-up.  It does not mean boil the ocean.

Life always depends on context, and so does due diligence.  A reasonable inquiry in one circumstance may not be reasonable in another.  Everything has to be assessed through the eyes of relevant risks.  Adjusting your due diligence review of a third party to the specific risk profile is imperative.

Agents/Distributors v. Vendors/Suppliers

The FCPA expressly prohibits corrupt payments made through third parties or intermediaries. Specifically, it covers payments made to “any person, while knowing that all or a portion of such money or thing of value will be offered, given or promised, directly or indirectly,” to a foreign official.  The “knowing” requirement includes a representational component, meaning that a person who receives payment (i.e., a third-party) must be acting on behalf of the payor of the money.  If I make a payment to someone who is representing me and I know that the person will be paying a foreign official on my behalf, I am liable for that bribe.

On the other hand, if I pay a vendor who is not representing me or acting on my behalf for a good or service, and that vendor pays a bribe to further its business (not necessarily just mine, but for his overall business operations), then I am not liable for the bribe paid by the vendor.

As an example, if my company buys potato chips from a vendor (along with thousands of other companies in a specific country) and the vendor ends up paying a bribe to customs officials in that country to favor its shipments, as a customer of the vendor, I am not liable for the vendor’s bribery payments, because the vendor is not acting on my behalf.

That does not mean you can ignore the risks created by your vendors and suppliers.  On the contrary; vendors and suppliers pose many risks and are often involved in bribery or fraud schemes.  My point is that vendors and suppliers, in the absence of a specific representational function, do not create classic bribery risks, and they should be screened in accordance with this risk profile.

Third-Party Professionals

The third-party universe includes professionals.  As we have seen in the anti-corruption world, bribes can be paid by lawyers, tax professionals, lobbyists and consultants.  These representatives act on behalf of their client companies and therefore create potential corruption risks.

A foreign law firm should be screened like any other third-party candidate based on the specific risks involved. Moreover, law firms should be subject to the same controls, invoicing requirements, description of services and fees that are commensurate with the specific project and the market.

History is replete with instances where lobbyists have been used (and continue to be used) to funnel illegal payments to government officials (e.g., Abscam and Abramoff, just to name a few). For that reason, lobbyists in foreign countries may create significant corruption risks and should be subjected to a commensurate level of controls.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Tags: third party risk management
Previous Post

Don’t Put All Your Compliance Eggs in the MiFID II Basket

Next Post

TRACE: White House Ethics Czar

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Illustration representing a facial recognition technology scan of a face.

Facial Recognition Technology in the Workplace: Employers Use It, Workers Hate It, Regulation Is Coming for It

March 3, 2021
Next Post
TRACE: White House Ethics Czar

TRACE: White House Ethics Czar

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights