The missing link Managing third-party risk in anti-bribery compliance Multinational corporations operating in international markets are well aware of the risks of being caught bribing foreign officials, and most are probably confident that they have the compliance systems in place to prevent such events. Yet, companies frequently remain unaware of the magnitude of the risks posed by third parties. Here, FTI Consulting discusses the many challenges associated with managing third-party risk, and how compliance and in-house legal teams can mitigate this risk effectively at their organisations. A December 2014 OECD analysis* of 427 instances of bribery of public officials Bribery – the statistics around third parties since 1999 found that intermediaries were involved in three out of four cases. In 3/4 bribery cases involved subsidiary companies, local consulting firms, companies in offshore financial intermediaries, since 1999 41% of these cases, the intermediaries were local sales and marketing agents, distributors and brokers. Another 35% consisted of corporate vehicles, including centres or tax havens, or companies established under the beneficial ownership of the public official who received the bribes. 41% were local sales and Companies remain justifiably wary of infringing existing regulatory regimes such marketing agents, distributors and brokers as the U.S. Foreign Corrupt Practice Act (FCPA), the U.K. Bribery Act (UKBA) 35% were corporate vehicles, such as subsidiary companies, local consulting firms or companies in offshore financial centres/tax havens and other global anti-corruption laws, but the evidence suggests that the role of intermediaries remains a key blind spot for many, and one that potentially leaves companies open to criminal or civil charges. Having the resources to identify potential risks associated with intermediaries is crucial to avoid this outcome. So why are third parties most likely to be involved in bribery cases and how can multinationals avoid this danger? * Source: OECD Foreign Bribery Report: An analysis of the crime of bribery of foreign public officials FTI Consulting LLP • 1 The missing link: managing third-party risk in anti-bribery compliance Large entities, stronger compliance We find that most large multinational corporations now have sophisticated financial controls, including: • • • • • • • required documentation for transactions; We frequently see with our clients that insufficient vetting has taken place when they work with third-party intermediaries. The risks have been misunderstood, despite having internal controls in place requiring a risk assessment of such parties. Usually, we flag up one of the following problems in the hierarchal approval matrices; implementation of procedures: separate finance and compliance functions; • risk scoring for a third party was based on incorrect • red flags were identified during the process but were not • the risk of the third party changed after acceptance. segregation of duties; ERM systems with built in financial controls; budgeting and management review of financial information; internal and external auditors. information recognised as such These controls make it hard to extract resources directly from In many cases the issues are missed because of poor processes, multinationals in a way that makes it easy to pay a bribe (such as opaque workflows or weak controls. cash or luxury goods). We find that, in contrast, those involved directly in bribery are Managing third-party due diligence typically smaller entities such as sole traders, individuals or In an effort to address the specific challenges associated with owner-managed businesses, with fewer, or easier to override, third parties and responding to the needs of our clients, we controls. Indeed, in many cases we see the owner or senior developed FTI COMPLY, a customisable, web-based solution management directly involved in the instructions for the that integrates information collection, risk assessment, due bribe. This, therefore, makes it easier for miscreants at larger diligence, approvals and document retention in one central companies to use smaller third parties as a conduit for paying tool. The system enables companies with limited compliance bribes. The smaller company can provide the documentation resources to simultaneously monitor multiple third parties, required for the large multinational corporation to pay them, providing clients with comprehensive risk management usually for a combination of legitimate work and additional fees intelligence and allowing them to maintain their business for bribes (with some collusion from inside the corporation). integrity, wherever and with whomever they conduct business. In our experience, it is more common for a third party in a bribery scheme to provide services, rather than goods, as services are not tangible and so are not as easily checked on receipt, thereby escaping the need for certain documentation. Addressing the problem more directly The OECD report noted that there is clearly a need for better oversight of intermediaries, and it concludes: The overwhelming use of intermediaries in foreign bribery cases demonstrates the need for enhanced and effective due diligence, oversight and application of the company’s compliance programme to third parties (whether individuals or companies) in international business transactions. Compliance programmes should focus specifically on the due diligence with respect to agents and on verifying the rationale and beneficial ownership of other companies involved in the transaction. Many government regulatory and enforcement agencies have determined that companies can be criminally and civilly liable for the actions of third parties and have made clear that a risk-based third-party due diligence and monitoring programme is a key component of a healthy compliance programme. Yet companies are still struggling with the challenge of implementing a meaningful, efficient and costeffective system to manage third-party risk. Systems such as FTI COMPLY, can make the process of low-level due diligence and monitoring for compliance and in-house legal teams a more efficient one. The views expressed in this article are those of the author(s) and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. For more on FTI COMPLY visit www.fticonsulting.co.uk/fticomply Julian Glass Managing Director +44 20 3727 1199 Jo Franklin Marketing Manager +44 20 3727 1762 [email protected] Nick Hourigan Senior Managing Director +44 20 3727 1343 [email protected] [email protected] About FTI Consulting FTI Consulting LLP. is a global business advisory firm dedicated to helping organisations protect and enhance enterprise value in an increasingly complex legal, regulatory and economic environment. FTI Consulting professionals, who are located in all major business centres throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges in areas such as investigations, litigation, mergers and acquisitions, regulatory issues, reputation management and restructuring. www.fticonsulting.com ©2015 FTI Consulting LLP. All rights reserved.
© Copyright 2024 Paperzz