No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Anti-Corruption and the Hallmarks of an Effective Compliance Program: Part 7

Third-Party Due Diligence and Payments

by Scott Moritz
January 3, 2014
in Compliance
figure connecting two other parties

This is the seventh in a series of articles intended to assist organizations in assessing their anti-corruption programs through the lens of the 10 hallmarks of an effective compliance program as set forth in “A Resource Guide to the U.S. Foreign Corrupt Practices Act” (“the Guide”), jointly published by the U.S. Department of Justice and the Securities and Exchange Commission in November of 2012.  This article centers on hallmark number seven:

Third-Party Due Diligence and Payments

The vast majority of FCPA enforcement actions involve bribery payments made by third parties, as opposed to those made directly by employees or officers. While the Guide makes mention of what might be termed the “usual suspects” (i.e., sales agents, consultants and distributors), there are a wide range of business intermediaries who may be interacting with foreign officials on your behalf. Still, the Guide is the most detailed document coming out of the U.S. government on the subject of third-party due diligence since the publication of Opinion Procedure Release 08-02.  Given the potentially devastating implications of failing to get third-party due diligence right, this is the hallmark to which we have dedicated the most attention.

In essence, the Guide states that while due diligence may and should vary depending upon the degree of risk and other factors, “some guiding principles always apply.” These guiding principles are summarized below:

1. Qualifications and Associations

What is the third party’s business reputation and relationship, if any, with foreign officials? How long has the third party been in business, and is the proposed relationship consistent with its business experience? Equally important considerations include whether other companies were considered, whether there was a competitive bidding process and whether the company was “recommended” by a foreign official.

2. Business Rationale

Why is it important to the company to include the third party in the transaction? What is the role of and need for the third party? Ensure the contract terms specifically describe the goods or services to be provided. Other important considerations under these guiding principles are payment terms, including how they compare to typical terms in that industry and country, and whether there is anything about the timing of the third party’s introduction to the company that may call into question the motives and legitimacy of the business rationale. Often, after long pursuit of a business opportunity and perhaps a bureaucratic delay (real or orchestrated), a government official may suggest retaining a consultant to help usher the process along through bureaucratic processes. The timing of the bureaucratic snarl and the introduction of the consultant could be a way for the foreign official to exact an improper payment through his undisclosed ownership and cooperation with the consultant he is urging you to retain.

It is also a good idea to confirm and document that the third party is actually performing the agreed-upon work and that compensation is commensurate with the value being delivered.

3.  Ongoing Monitoring

The Guide suggests that ongoing monitoring may include “updating due diligence periodically, exercising audit rights, providing periodic training, and requesting annual compliance certifications by the third party.” The DOJ and SEC are also interested in whether the company has informed third parties of the compliance program and the company’s commitment to ethical and lawful business practices, and whether it has sought assurances that they, too, are committed to ethical and lawful business practices.

4. The Eight Essentials of a Third-Party Anti-Corruption Program

You won’t find these in the Guide, but the “Eight Essentials” of a third-party anti-corruption program are scope, sponsorship, justification, collection, certification, scoring, contracts and communication.

Determining Program Scope

The first step in conceptualizing a third-party anti-corruption program is determining which categories of third parties are “in scope.” Frequently, companies make a “bright line” distinction between “business intermediaries” and “suppliers” and focus most if not all of their attention on business intermediaries. While suppliers certainly may represent a spectrum of compliance risks, most do not represent high corruption risk since they don’t typically interact with other parties on a company’s behalf.

A business intermediary is a commercial entity or individual who represents your company in the marketplace in some way and may interact with foreign officials as part of that role. This category includes many of the usual suspects who frequently violate the FCPA, such as sales agents, consultants (often sales agents in sheep’s clothing), distributors, freight forwarders and customs brokers. But the category is considerably broader than just those types of businesses. Doing this preparatory scoping work will provide a very strong foundation for the third-party program that follows.

Business Sponsors

The designation of an internal business sponsor as the responsible party for each third party deemed to be within the scope of the program is a critical success factor for any third-party anti-corruption program. Often, the business sponsor role defaults to the person advocating for the company to engage the third party or renew its relationship with an existing third party. Under a third-party anti-corruption program, this individual takes on added responsibilities, including that of the company’s “point person,” whose role includes ongoing communication to the third party regarding program requirements and an acknowledgement that, by playing the role, this person is putting his or her personal reputation on the line and accepting responsibility for the relationship – including if anything goes awry. Business sponsors are your first line of defense, so they need to be keenly aware of the risks that third parties may represent in general, and also the specific risks among the third parties for which they are individually responsible.

Justification

While much of this essential element comes from the business sponsor who must lay out the business case for the proposed relationship, the review process undertaken by legal and/or compliance must likewise consider the justification in support of the proposed relationship in comparison with potential risks that have been identified when weighing whether to approve the relationship.

Data Collection

In the not-so-distant past, the data companies collected from commercial partners was quite minimal. This data shortfall must be addressed if your organization is to have even an adequate third-party anti-corruption program. The best and most efficient way to collect richer data about commercial partners and associated control persons is to require them to complete a questionnaire. While questionnaires vary in depth and length, they should, at minimum, seek to collect information and include the following components.

  • Descriptive Data
  • Relationship Data
  • Questions and Answers
  • External Data

Certifying to the Anti-Corruption Program

While you have control of the third party’s computer screen when they are completing the questionnaire, it is prudent to use the opportunity to get them to make certain representations as part of your overall efforts at driving accountability. Many organizations include language in their questionnaires such as “I have read, understand and agree to abide by [your company’s] anti-corruption program.” Obtaining further representations that they will not pay or solicit bribes and commit other violations of any law are also advisable, as is having them certify to your anti-corruption policies and program on an annual basis.

Risk Scoring

Think of your third-party anti-corruption program as a series of funnels. You apply the first funnel to your overall third-party population in determining which entities should be within the scope of the program. Risk scoring can be used as the second funnel. By using objective risk scoring criteria to apply a numeric score to different risk attributes within the description, relationship, questions and answers and the watch list risk categories, you can further narrow your focus.

Written Agreements

Part of the eye-opening experience of getting ready to implement a third-party anti-corruption program occurs when you learn how many of your existing third-party business partners are either not subject to any form of written agreement or the agreement that is in place makes no mention of the third party’s anti-corruption obligations to the company. Remedying this situation can be a painstaking process. Ultimately, the goal should be to have in place with each third party a contract that includes specific language indicating the third party’s agreement to abide by the company’s anti-corruption policy and to not pay or solicit bribes in any form.

Training

While many organizations provide some level of anti-corruption training to their employees, officers and board members, few extend that training out to third-party business partners. Given the fact that the vast majority of FCPA violations are committed by third parties, it would seem prudent to provide anti-corruption training to this very important extension of your business and reinforce your message that bribery of any kind is unacceptable.

If your third-party anti-corruption program includes these eight essential elements, it will, over time, very likely lower your exposure to potential bribery and corruption violations.

This article is part seven in a 10-part series exploring Anti-Corruption and the 10 Hallmarks of an Effective Compliance Program.  Each piece in the series is based on a section from a whitepaper published by Protiviti, titled “Viewing Your Anti-Corruption Efforts Through the Lens of the Hallmarks of an Effective Compliance Program.”


Tags: MonitoringThird Party Risk Management
Previous Post

Coalfire’s Top Five Information Security and Compliance Predictions for 2014

Next Post

How to Increase Productivity While Maintaining Compliance

Scott Moritz

Scott Moritz

Scott Moritz is a managing director at global consulting firm Protiviti Inc., where he leads the firm’s fraud, anti-corruption, and investigations practice, serving clients worldwide in a variety of industries.
A noted anticorruption strategist with more than 26 years’ experience, Moritz has been a top consultant in designing programs to help companies use risk scoring and technology to identify, investigate, and remediate high-risk relationships. He was instrumental in the development and launch of widely recognized anti-corruption platforms and due diligence products. Prior to joining Protiviti, Moritz served as a managing director for global investigations and compliance at Navigant. Before that, he spent four years as the head of the anti-corruption and investigative due diligence practice at Daylight Forensic & Advisory, which was acquired by Navigant in 2010.  Previously, Moritz also held leadership positions KPMG, LLP, in two separate instances, most recently as a director of corporate intelligence for the firm’s forensics practice.  His experience also includes senior roles at IPSA International, Inc., BDO Seidman, LLP, and PricewaterhouseCoopers, LLP. Moritz spent 10 years serving as a special agent for the Federal Bureau of Investigation (FBI), where he gained extensive experience in complex investigations of multi-national criminal investigations that included organized crime, money laundering, fraud, corruption that often involved a variety of industries such as financial services, securities, insurance, and public and private services. He was a nationally recognized expert for the FBI on asset forfeiture investigations and money laundering. Moritz graduated from the FBI Academy in Quantico, Va.  He also holds a bachelor’s degree in marketing and management from Jacksonville University.

Related Posts

Build and Scope Better Vendor Due Diligence Questionnaires

Build and Scope Better Vendor Due Diligence Questionnaires

by Corporate Compliance Insights
January 18, 2023

Make sure you're asking all the right questions when onboarding new third-party vendors White Paper Build and Scope Better Vendor...

SWISS GRC DAY 2023

SWISS GRC DAY 2023

by Aarti Maharaj
December 15, 2022

The SWISS GRC DAY brings together interested parties from all over Switzerland and nearby countries. Topics include first-hand news, challenges...

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

by Aarti Maharaj
December 8, 2022

The GFMI 16th Edition Third Party Vendor Risk Management for Financial Institutions conference taking place in New York, NY on...

cci top 10 stories collage

Top 10 Compliance Stories of 2022

by Jennifer L. Gaskin
December 7, 2022

The more things change, the more they stay the same. This time last year, we summarized the top 10 ESG...

Next Post
man operating forklift

How to Increase Productivity While Maintaining Compliance

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT