Third Party Risk: 7 need-to-knows for your board
TWO OF THE MOST SOUGHT-AFTER IMPROVEMENTS IN THIRD PARTY RISK MANAGEMENT ARE:
Third parties pose a serious ethics and compliance risk to your organisation and can have a devastating impact on your company’s reputation and long-term financial sustainability.
While a critical consideration at any time, third party risks have recently increased due to the rapidly changing business environment where organisations are being asked to on-board new vendors and suppliers quickly without the resources to undertake the appropriate levels of due diligence.
Here are the seven crucial factors your board needs to know about third party risk:
Your board needs to know that regulators expect you to undertake the appropriate level of due diligence and on-going monitoring of each third party relationship. This is known as taking a risk-based approach where the level of due diligence should vary according to factors such as industry, country, size of contract, and nature of the transaction.
Corruption in business is happening on your doorstep
COUNTRIES WHERE ORGANISATIONS UNDER FCPA INVESTIGATION ARE HEADQUARTERED
Your board needs to know that corruption is not something that only happens in far off regions. In many cases, the organisations responsible are much closer to home. As legislation is more widely implemented, enforcement policies and cross-border co-operation greatly multiply the chances of an infraction ending up in the courts.
Source: FCPA Tracker, June 2020, (includes closed investigations since 2017)
Note: Organisations under investigation come from 47 different industry sectors
(n = 183)
0
1
2
3-4
5-10
11-20
20+
Number of current FCPA investigations
83%of organisations only identified third party risks after initial onboarding and due dilligence
Gartner, 2019
44%
52% the continuous monitoring of all third parties
the consistent application of a risk-based approach
NAVEX Global, 2019
Any employee can be held personally liable
Your board needs to know the risks that third parties expose both your business and your people to, and provide oversight to ensure an appropriate process is in place to manage these risks. Any employee, including your board and senior management, can be held personally liable for corrupt behaviour enabled by your third parties.
1in3 56%board directors and senior managers say they could justify offering cash payments to win or retain business
of employees state the management or the board are responsible for ensuring that employees behave with integrity
EY, 2017 EY, 2017 Debevoise & Plimpton, 2020
What is a third party?
Regulations governing third party risk is increasing
Your board needs to know that your organisation can be held liable for the actions of your third parties from a growing number of anti-corruption regulations. Your board needs to act now to ensure your organisation is operating compliantly to all current and future regulations.
Enforcement on third party regulations is increasing
TOP 5 BIGGEST CORRUPTION FINES INVOLVING THIRD PARTIES
Your board needs to know that not only is legislation being enforced more often, but the size of fines is growing too. Global regulators are now working more closely together to enforce regulations and hand out multiple fines for the same infringement.
US, UK, France
2020
$4bn
Netherlands
US, Brazil, Swiss
2016
$3.5bn
Brazil
US
2018
$1.78bn
Brazil
US, Germany
2008
$1.6bn
Germany
US
2019
$1bn
Sweden
HQ Location Regulator DateFine
ENFORCEMENT ACTION IS INCREASING… …AND CORPORATE FINES ARE GROWING LARGER
<10
30+
enforcements per year by the DOJ and SEC between 1977 - 2000
enforcements per year by the DOJ and SEC between 2001 - 2019
FCPA, 2020 Wilkie, Farr & Gallagher, 2020 (Note: Figures rounded)
$5.4m
$44.3m
Average penalty fine
2015
$43.5m
2016
$51.4m
2017 2018 2019
$116m
The cost to the business is more than the fine itself
Falling foul of the regulations can incur huge fines and financial penalties. Your board needs to know that there are more significant and long-term costs to also bear in mind. These include: reputational damage, share price drops, the ease of doing business, as well as ongoing legal and monitoring costs.
Robust compliance can reduce the financial impact
HOW DO YOU EARN A DPA DISCOUNT?
Your board needs to know that robust compliance programmes and proactive due diligence can lead to forgiveness from law-enforcement agencies resulting in non-prosecution or reduced penalties through Deferred Prosecution Agreements (DPAs).
DPA discount for global engineering company due to activities including, “improved due diligence in respect of intermediaries comprising business justification, external due diligence, and ongoing monitoring.”
Have a robust compliance programme in place
Undertake appropriate third party due diligence
Self-report possible corrupt activity
Cooperate with any investigations SFO, 2017
01
02
03
04
05
06
07
WHAT IS A RISK-BASED APPROACH TO THIRD PARTY DUE DILLIGENCE?
NAVEX Global's RiskRate provides a risk-based approach to third party due diligence by using automation and AI to screen and continously monitor third parties to help protect your people, your organisation's reputation and your bottom line.
Learn more about reducing your third party risk now
81.8¢ €10bnof every dollar of share value loss can be attributed to reputational damage caused by imposed corruption fines
decline in revenue at global telecoms giant after employees were convicted of bribery and the subsequent resignation of the CEO and supervisory head of the board
Journal of Business Ethics, 2018 Journal of Business Ethics, 2018
4x £1.5bnFailure to consider the reputational damage of a bribery scandal significantly underestimates the cost to a company by at least 4 times
Group loses third of market value in two days over concerns supplier factory was paying illegally low wages
Volkov Law Group, 2016 FT, 2020
90%of reported bribery/corruption cases involve third party intermediaries
EY, 2017
CHARGES AGAINST INDIVIDUALS IN FCPA* ACTIONS
MAJOR COMPLIANCE REGULATIONS ARE BEING INTRODUCED AND UPDATED WITH STIFFER PENALTIES
Aerospace Corporation Conglomerate Petroleum Company Industrial Manufacturer Telecoms Company
Regulators expect a risk-based approach to be taken
Varies based on industry, country, size of contract, and nature of the transaction
Increases or decreases depending on flags raised
Creates an ongoing cycle of third party monitoring and review
Ensures organisations and their third parties are committed to ethical and lawful business practices in good faith
FCPA, 2012
2019 40
2018 35
2017 27
Number of major compliance regulations
13
6
10
USA Foreign Corrupt
Practices Act (FCPA)
1977
Spain Spanish
Criminal Code
USA Dodd-Frank
UK UK Bribery Act
2010
USA Sarbanes Oxley
2002
2
France Law Sapin I
1993 2016
8
2015
Germany German Act
on Combatting Corruption
Netherlands Dutch
Criminal Code
2017
Argentina Criminal
Liability Statute
Mexico General Law of Adminstration Responsibilities
Peru Legislative
Decree 1352
2019
Italy Bribe
Destroyer Act
Saudia Arabia Anti-Bribery Law
Australia Corporate Crime Bill
2018
Russia Russian Criminal Code
India Prevention of
Corruption Act
UAE Penal Code
China Anti-Unfair
Competition Law
Malaysia Anti-Corruption
Act
21
Suppliers
Agents
Intermediaries
Consultants
Joint ventures
Contractors
Partners
Customers Distributors
Vendors
13
50%
*Foreign Corrupt Practices Act
France Law Sapin II
South Korea Improper
Solicitation and Graft Act
18
Top Related