Skip to main content

Third Party Due Diligence Revisited

Page 1

INSIGHT: THIRD PARTY DUE DILIGENCE

THIRD PARTY DUE DILIGENCE REVISITED Failure to meet third party due diligence obligations continues to expose organisations to corruption risk, warns Mushtaq Dost

C

ompanies conducting overseas business now, more than ever, rely on third party intermediaries (TPIs) to achieve a wide range of strategic objectives. Rather than pay for infrastructure and employee costs, it is acceptable and sensible for businesses to outsource part of their workload. While these solutions obviate the need for capital investments, freeing resources for other pursuits, such alliances can also expose the business to unknowns, and unknowns here can potentially mean significant corruption-related risks. Complex business regulations and the extraterritorial nature of nascent anti-corruption laws (not to mention global enforcement alignment) mean that the potential for risk realisation is very real. In fact, most corruption-related enforcement action has centred on bribes allegedly being paid through TPIs.

Setting priorities TPI due diligence hasn’t always been a top priority for organisations implementing “adequate procedures” to tackle bribery and corruption. In fact, a recent survey by Kroll and Compliance Week1 suggests that, even now, some boards and executives are yet to fully understand the regulatory ramifications of using TPIs (e.g. that while the organisation may outsource an activity, it cannot outsource its accountability should anything go wrong). As a consequence, many organisations are still struggling to put in place effective and proportionate due diligence processes aligned to their markets and risk appetite. Under most anti-corruption legislation, corporate criminal liability can be activated when the bribe is paid through a TPI. Organisations are legally required to actively prevent this kind of corruption risk. In some cases, as under the UK Bribery Act, Swiss or Italian law, the failure to adopt and implement “adequate procedures” to prevent bribery becomes in itself a source of corporate criminal liability. With increasing regulatory scrutiny of anti-corruption procedures and the expectations from the US DOJ that “Comprehensive due diligence demonstrates a genuine commitment to uncovering and preventing FCPA violations”2 and from the UK MOJ that “The commercial organisation applies due diligence procedures”3 organisations are incentivised to look into details of their TPIs and any related transactions.

Most anti-corruption legislation imposes detailed compliance standards. If an organisation engages in TPI relationships, established TPI due diligence policies and procedures, accurate risk assessments and business/partner classification standards are essential. In fact, an effective risk-based due diligence programme is a crucial element of the organisation’s overall anti-corruption compliance programme. The absence of such a programme and the failure to carry out due diligence can now result in criminal liability (the corollary being you can avoid fines and liability if the programme is sufficiently robust enough).

Defining TPIs The term “third party” means different things to different organisations, therefore a logical first step for the organisation is to define what this term means for them. Approaches vary; for instance in the case of the UK Bribery Act due diligence must be conducted on “associated persons”, which are entities or individuals performing “a service for, or on behalf of” the organisation, including employees, subsidiaries or agents. Using this definition, a TPI is any commercial partner that provides goods or services to the organisation. This can include companies leasing office equipment to the organisation, to sales agents and consultants selling or dealing directly with foreign governments on the organisation’s behalf. It is also important for the organisation to understand and distinguish between a TPI and a supplier. A TPI is generally an entity or person that engages with customers, government agencies or other parties on behalf of the organisation and whose actions can lead to liability under anti-corruption legislation (and certain other exportation, anti-trust or environmental statutes). A supplier, on the other hand, provides goods or services to the organisation but generally will not act on or come into contact with other organisations or government entities on the organisation’s behalf. While they may represent other risks, they can be placed out of scope and be ignored from a due diligence standpoint (unless a particular supplier of goods is also providing ancillary services such as customs clearance). By narrowing the focus to those commercial partners that meet the definition of TPIs, an organisation can eliminate a large portion of partners from consideration, resulting in subsequent due

21

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: and more. Sign up and create your flipbook.
Third Party Due Diligence Revisited by Mushtaq Dost FICA - Issuu