The missing link
Managing third-party risk in
anti-bribery compliance
Multinational corporations operating in international markets are well
aware of the risks of being caught bribing foreign officials, and most
are probably confident that they have the compliance systems in place
to prevent such events. Yet, companies frequently remain unaware of
the magnitude of the risks posed by third parties.
Here, FTI Consulting discusses the many challenges associated with managing third-party risk, and
how compliance and in-house legal teams can mitigate this risk effectively at their organisations.
A December 2014 OECD analysis* of 427 instances of bribery of public officials
Bribery – the statistics
around third parties
since 1999 found that intermediaries were involved in three out of four cases. In
3/4 bribery cases involved
subsidiary companies, local consulting firms, companies in offshore financial
intermediaries, since 1999
41% of these cases, the intermediaries were local sales and marketing agents,
distributors and brokers. Another 35% consisted of corporate vehicles, including
centres or tax havens, or companies established under the beneficial ownership
of the public official who received the bribes.
41% were local sales and
Companies remain justifiably wary of infringing existing regulatory regimes such
marketing agents, distributors
and brokers
as the U.S. Foreign Corrupt Practice Act (FCPA), the U.K. Bribery Act (UKBA)
35% were corporate vehicles,
such as subsidiary companies,
local consulting firms or
companies in offshore financial
centres/tax havens
and other global anti-corruption laws, but the evidence suggests that the role of
intermediaries remains a key blind spot for many, and one that potentially leaves
companies open to criminal or civil charges. Having the resources to identify
potential risks associated with intermediaries is crucial to avoid this outcome.
So why are third parties most likely to be involved in bribery cases and how can
multinationals avoid this danger?
* Source: OECD Foreign Bribery Report: An analysis of the crime of bribery of foreign public officials
FTI Consulting LLP
•
1
The missing link: managing third-party risk in anti-bribery compliance
Large entities, stronger compliance
We find that most large multinational corporations now have
sophisticated financial controls, including:
•
•
•
•
•
•
•
required documentation for transactions;
We frequently see with our clients that insufficient vetting has
taken place when they work with third-party intermediaries.
The risks have been misunderstood, despite having internal
controls in place requiring a risk assessment of such parties.
Usually, we flag up one of the following problems in the
hierarchal approval matrices;
implementation of procedures:
separate finance and compliance functions;
•
risk scoring for a third party was based on incorrect
•
red flags were identified during the process but were not
•
the risk of the third party changed after acceptance.
segregation of duties;
ERM systems with built in financial controls;
budgeting and management review of financial information;
internal and external auditors.
information
recognised as such
These controls make it hard to extract resources directly from
In many cases the issues are missed because of poor processes,
multinationals in a way that makes it easy to pay a bribe (such as
opaque workflows or weak controls.
cash or luxury goods).
We find that, in contrast, those involved directly in bribery are
Managing third-party due diligence
typically smaller entities such as sole traders, individuals or
In an effort to address the specific challenges associated with
owner-managed businesses, with fewer, or easier to override,
third parties and responding to the needs of our clients, we
controls. Indeed, in many cases we see the owner or senior
developed FTI COMPLY, a customisable, web-based solution
management directly involved in the instructions for the
that integrates information collection, risk assessment, due
bribe. This, therefore, makes it easier for miscreants at larger
diligence, approvals and document retention in one central
companies to use smaller third parties as a conduit for paying
tool. The system enables companies with limited compliance
bribes. The smaller company can provide the documentation
resources to simultaneously monitor multiple third parties,
required for the large multinational corporation to pay them,
providing clients with comprehensive risk management
usually for a combination of legitimate work and additional fees
intelligence and allowing them to maintain their business
for bribes (with some collusion from inside the corporation).
integrity, wherever and with whomever they conduct business.
In our experience, it is more common for a third party in a
bribery scheme to provide services, rather than goods, as
services are not tangible and so are not as easily checked on
receipt, thereby escaping the need for certain documentation.
Addressing the problem more directly
The OECD report noted that there is clearly a need for better
oversight of intermediaries, and it concludes:
The overwhelming use of intermediaries in foreign bribery
cases demonstrates the need for enhanced and effective
due diligence, oversight and application of the company’s
compliance programme to third parties (whether individuals or
companies) in international business transactions. Compliance
programmes should focus specifically on the due diligence with
respect to agents and on verifying the rationale and beneficial
ownership of other companies involved in the transaction.
Many government regulatory and enforcement agencies
have determined that companies can be criminally and civilly
liable for the actions of third parties and have made clear
that a risk-based third-party due diligence and monitoring
programme is a key component of a healthy compliance
programme. Yet companies are still struggling with the
challenge of implementing a meaningful, efficient and costeffective system to manage third-party risk.
Systems such as FTI COMPLY, can make the process of
low-level due diligence and monitoring for compliance and
in-house legal teams a more efficient one.
The views expressed in this article are those of the author(s) and not necessarily
the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates,
or its other professionals.
For more on FTI COMPLY visit
www.fticonsulting.co.uk/fticomply
Julian Glass
Managing Director
+44 20 3727 1199
Jo Franklin
Marketing Manager
+44 20 3727 1762
[email protected]
Nick Hourigan
Senior Managing Director
+44 20 3727 1343
[email protected]
[email protected]
About FTI Consulting
FTI Consulting LLP. is a global business advisory firm dedicated to helping organisations protect and enhance enterprise value in an
increasingly complex legal, regulatory and economic environment. FTI Consulting professionals, who are located in all major business
centres throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges in areas
such as investigations, litigation, mergers and acquisitions, regulatory issues, reputation management and restructuring.
www.fticonsulting.com
©2015 FTI Consulting LLP. All rights reserved.