What is being done to minimise third party risk?
In-house compliance experts from some of the world’s leading companies, French and EU government spokespersons and key advisors gathered in Paris October 23-24 to share experiences and best practices for minimising third party risk: an area where regulators around the globe are tightening their grip.
A common refrain heard at the C5 Conference on Managing Third Party Risks was regulators’ response to a due diligence failure: “Could you have done anything more?” In what may be taking shape as a global standard, one expert observed that increasingly, companies are seen by regulators to have an affirmative duty to perform due diligence on commercial partners. Some of the multiple risks driving a containment strategy by in-house experts range from liability for ‘facilitating’ bribery, corruption or sanctions-busting to vicarious and successor liability in competition law. With these risks comes the downside of non-compliance: costly investigations, reputational damage, negative impact on share price, diverted management time and delays-outcomes that garnered the attention and buy-in of management boards according to risk managers at the conference. In-house counsel at the event highlighted the necessity of standard processes and documented procedures to navigate safely around the regulatory minefield of recently revised sanctions and overlapping US and EU laws such as the UK Bribery Act and the FCPA. Many look to external partners for enhanced due diligence.
What are some of the reactions to the extra-territoriality of the US FCPA and the UK Bribery Act?
As the United States extends its tentacular reach to sanctions-busting companies in the US and abroad, it is critical to stay ahead of due diligence failures not only in the area of export controls but for all of your business. Ignorance about end-users or about how your third parties are conducting business on your behalf is not a defence with the regulators. Consequently, companies are being forced to re-think how they can screen, on-board and monitor hundreds, sometimes thousands of partners without putting a brake on business operations. Some experts concluded that open-source internal database searches provide baseline protection but do not meet the level of diligence needed for higher risk parties that may trigger an investigation down the line. To do so efficiently and cost effectively, it is important to put resources where your risks lie.
What are the advantages of risk analysis?
Effectively categorizing parties as low, medium or high risk enables companies to take a risk-based approach by balancing internal and external resources for optimum efficiency. Red herrings and false positives are some of the kinks that need to be worked out of some data checking systems so that parties are not erroneously categorised as high risk. Compliance professionals are demanding more sophisticated profiling using customised due diligence questionnaires, intelligent branching, automated risk scoring based on country risk, PEPs, sanction and watch lists as well as deeper screening of parties up to three degrees removed. These systems provide continuous monitoring so that companies stay on top of changing risk profiles. What are some of the new approaches in the fight against corruption? One FCPA practitioner pointed to software platforms that automate most of the due diligence process providing the security, speed and efficiency large multinationals need. These solutions leverage technology by performing data analytics, routing requests, requiring pre-payment approval and generating other automated workflow. But of particular importance to regulators is their capability to create electronic archives–your proof that you have done everything you can to prevent misconduct. Together with standardised procedures and controls, training was cited as a key risk management tool with eLearning becoming a viable and cost-effective option for companies and their commercial partners. A number of in-house counsel said that their company provided anticorruption training for their suppliers.
Was there a general consensus on any one issue at the C5 conference in Paris?
One overarching issue that emerged across the board was the critical importance of being aware of local customs and business culture and engaging at a local level. In high growth emerging markets where bribery and corruption are often considered an acceptable cost of doing business, where the use of agents is prevalent and exposure to PEPs is high, adequate procedures need to demonstrate global oversight of local risk. As regulators increasingly fight sanctions-busting, corruption and other economic crime by holding organisations accountable for violations of the law by their agents, screening your agents at home and abroad is becoming critical to meeting the higher standards of diligence that are taking shape. Like financial services where knowing your customer (KYC) has led to the development of automated processes to effectively manage risk, knowing your agent (KYA) is set to follow suit.