In the world of anti-bribery and anti-money laundering compliance, third parties are often the source of misconduct and related regulatory enforcement. Distributors, agents, consultants, finders, joint venture partners and other service providers are commonly implicated in the payment of bribes to foreign officials in international business transactions. In fact, third party responsibility for committing illicit acts is the number-one issue in anti-corruption enforcement actions.
The risks associated with third-party dealings lie in the fact that a company has little or no control over the actions of that third party. Even if a company did not intentionally use third parties to pay bribes to government officials to promote its interests, or was not even aware of such third party misconduct, it can still be liable for a wrongdoing by a third party, if the company ultimately benefited from it (sold more of its products, obtained permits, etc.). A third party may be doing it for its own financial interest, and not to promote a company’s interest, and completely unbeknown to a company, but nonetheless, enforcement action can be brought against a company based on the company’s “willful blindness” to the risk of bribery.
To avoid such risks, companies should adopt an effective third-party due diligence program that would be an integral part of a company’s overall ethics and compliance program. Applying risk-based due diligence to third-party relationships in practice means the following:
• understanding the qualifications and associations of third-party partners
• knowing the business rationale for needing the third party in the transaction
• understanding the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials
• ensuring that:
- contract terms with third parties specifically describe the services to be performed
- the third party is actually performing the work
- its compensation is commensurate with the work being provided in that industry and geographical region (in case third parties are receiving commissions, what is the average amount of commissions? are there extreme deviations from the average?)
- engaging in ongoing monitoring of the third-party relationships (through updated due diligence, training, audits, and/or annual compliance certifications by the third party)
To make sure that due diligence on third-party agents is productive, more resources and attention should be spent on those parties that pose the most significant risks. Typical risk factors include the following:
• Location (third parties operating in high-risk countries, according to the Transparency International Corruption Perceptions Index, deserve more attention)
• Industry (sectors of economy with more government involvement (i.e., requiring permits, licensing, etc., pose higher risks)
• Nature of the third party and the relationship (distributors, agents, consultants are considered a higher risk than other third parties)
• Government touchpoints (direct and indirect contact with government officials or anticipated interaction with the local government on the company’s behalf require more attention).
In addition to conducting due diligence on third parties, companies should consider requiring them to adhere to the applicable anti-bribery, anti-money laundering and sanctions regulations; comply with a robust compliance framework and request audit rights under any agreement with a third party to ensure compliance with the applicable contractual requirements.
The risks associated with third-party dealings lie in the fact that a company has little or no control over the actions of that third party. Even if a company did not intentionally use third parties to pay bribes to government officials to promote its interests, or was not even aware of such third party misconduct, it can still be liable for a wrongdoing by a third party, if the company ultimately benefited from it (sold more of its products, obtained permits, etc.). A third party may be doing it for its own financial interest, and not to promote a company’s interest, and completely unbeknown to a company, but nonetheless, enforcement action can be brought against a company based on the company’s “willful blindness” to the risk of bribery.
To avoid such risks, companies should adopt an effective third-party due diligence program that would be an integral part of a company’s overall ethics and compliance program. Applying risk-based due diligence to third-party relationships in practice means the following:
• understanding the qualifications and associations of third-party partners
• knowing the business rationale for needing the third party in the transaction
• understanding the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials
• ensuring that:
- contract terms with third parties specifically describe the services to be performed
- the third party is actually performing the work
- its compensation is commensurate with the work being provided in that industry and geographical region (in case third parties are receiving commissions, what is the average amount of commissions? are there extreme deviations from the average?)
- engaging in ongoing monitoring of the third-party relationships (through updated due diligence, training, audits, and/or annual compliance certifications by the third party)
To make sure that due diligence on third-party agents is productive, more resources and attention should be spent on those parties that pose the most significant risks. Typical risk factors include the following:
• Location (third parties operating in high-risk countries, according to the Transparency International Corruption Perceptions Index, deserve more attention)
• Industry (sectors of economy with more government involvement (i.e., requiring permits, licensing, etc., pose higher risks)
• Nature of the third party and the relationship (distributors, agents, consultants are considered a higher risk than other third parties)
• Government touchpoints (direct and indirect contact with government officials or anticipated interaction with the local government on the company’s behalf require more attention).
In addition to conducting due diligence on third parties, companies should consider requiring them to adhere to the applicable anti-bribery, anti-money laundering and sanctions regulations; comply with a robust compliance framework and request audit rights under any agreement with a third party to ensure compliance with the applicable contractual requirements.
