risk meter with dial pointed to max

A Call for Greater Multidisciplinary Oversight

As your company’s reliance on third parties grows, so too does the risk associated with doing business with these relatively unknown partners. Michael Volkov entreats companies to put in place more robust due diligence processes to minimize their third-party risks.

Believe it or not, but companies are still struggling with third-party risk management systems. I know this sounds hypercritical, but many companies continue to hang onto paper due diligence systems (sometimes with or without a SharePoint platform to store third-party due diligence documentation). An even smaller percentage of companies are automating their due diligence programs, a basic requirement for all companies with a minimum number of third parties.

It is disturbing that in the face of government focus on third parties, companies have not yet buttoned up their third-party risk management systems. A failure to act in this situation cannot be justified. The investment in an automated platform is relatively insignificant, especially when you consider relevant risks.

Assuming that your company is one of the lucky ones and has implemented an automated third-party risk program, a company should target its high-risk third parties. Companies regularly conduct business with the assistance of high-risk third parties. The estimated percentage of a company’s third-party high-risk partners usually falls somewhere between 10 and 20 percent of its entire third-party population.

To supplement an automated system, companies should consider creating a high-risk due diligence committee with responsibility for oversight of the onboarding, monitoring and auditing processes for high-risk third parties. By centralizing this function, a high-risk due diligence committee can create a management tool that would enforce consistent standards and application of risk management tools.

As an initial step, a company has to develop criteria to determine its universe of high-risk candidates. Most companies focus on the following factors:

  • Country of operation and relevant corruption measures,
  • Industry corruption measures in a relevant country,
  • Financial relation based on annual revenues,
  • Length of relationship,
  • Nature and extent of government interactions,
  • Type of relationship: representational (e.g. agent, distributor, lobbyist, consultant or vendor/supplier) and
  • Past misconduct.

A third-party due diligence committee would consist of representatives from compliance, legal, internal audit, each business region, procurement/supply chain and a member of the senior executive team. Its responsibilities would include review and approval of:

  • New third-party relationships,
  • The specific contract with the third party,
  • A program to monitor third-party activities,
  • A training program for the specific third party,
  • A determination of the comparability of a third-party ethics and compliance program and
  • A plan to audit the company’s high-risk third parties through sampling and scheduling of audit program.

In light of a company’s high-risk third parties, companies have to intervene and set up a specific control to mitigate such risks. While I am reluctant to advocate a new bureaucratic mechanism, it is clear that additional measures are needed.

Companies have to take greater responsibility for their third-party risks. If they cannot adopt modest requirements such as an automated platform, companies have to implement additional controls based on risk-ranking and allocation of resources.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Michael Volkov

Michael Volkov

Michael-Volkov-leclairryanMichael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at [email protected].  His practice focuses on white collar defense, corporate compliance, internal investigations, and regulatory enforcement matters. He is a former federal prosecutor with almost 30 years of experience in a variety of government positions and private practice.

Michael maintains a well-known blog: Corruption Crime & Compliance which is frequently cited by anti-corruption professionals and professionals in the compliance industry.Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues.

Michael has assisted clients with design and implementation of compliance programs to reduce risk and respond to global and US enforcement programs.

Michael has built a strong reputation for his practical and comprehensive compliance strategies.Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for 5 years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice.

Michael also has extensive trial experience and has been lead attorney in more than 75 jury trials, including some lasting more than six months. His clients have included corporations, officers, directors and professionals in, internal investigations and criminal and civil trials. He has handled a number of high-profile criminal cases involving a wide‐range of issues, including the FCPA and compliance matters, environmental crimes, and antitrust cartel investigations in countries all around the world.

Representative Engagements

  • Successfully represented three officers of a multinational company in two separate criminal antitrust investigations involving a criminal antitrust investigation in the District of Columbia and the Southern District of New York.
  • Defended pharmaceutical company before the Food and Drug Administration and Senate Finance Committee relating to application for approval of generic drug.
  • Conducted internal investigation which exonerated company against allegations of false statements in submissions to the FDA and against improper conduct alleged by Senate Finance Committee.
  • Represented company before the US State Department on alleged violations of ITAR which lead to voluntary disclosure and imposition of no civil or criminal penalties.
  • Advised several multinational companies on compliance with anti‐corruption laws, and design and implementation of anti‐corruption and anti‐money laundering compliance programs.
  • Advised hospitals, pharmaceutical companies and medical device companies on compliance issues relating to Stark law and Anti‐Kickback law and regulations.
  • Conducted due diligence investigations for large multinational companies for anti‐corruption compliance of: potential third party agents, joint venture partners and acquisition targets in Europe, Africa, Asia and Latin America.
  • Represented individual in white collar fraud case in Alexandria, Virginia and secured dismissal of criminal charges and expungement of criminal record.
  • Represented company before Congress and Executive Branch in effort to modify Justice Department regulations concerning use of federal funds.
  • Advised and assisted World Bank in review of global corruption policies, enforcement programs and corruption investigations and prosecutions.

Related Post

Got Compliance News?

We do!  Sign up for CCI’s free weekly eBlast to get GRC news, views, jobs & events delivered to your inbox once a week.  Cancel anytime.

Click to Subscribe.