Third Parties Risk Management is a New Phenomenon for Global Companies: A chain is only strong as its weakest link

• Fikret Sebilcioğlu          CFE, CPA, TRACE Anti-Bribery Specialist         
• Managing Partner
• E-mail to Fikret

Third Party Ethics & Compliance Risk Management Series – Part 1

Taking into account of extraterritorial laws, the fight against bribery, corruption and fraud intensified over recent years to combat ethics and compliance risks in business transactions. Almost all legal settlements indicated the direct or indirect involvement of third parties through some form of business relationship with the organisations in question.

In today’s world it is almost impossible to create all the value add of your business on your own that are required to bring goods or services to your ultimate customers. Just imagine that you are an international company. How would you transport goods from one country to another on your own? Or how would you enter into a new market with your own sources to sell your goods where the laws, culture or language are different?

Looking at many industries, we see that the significant part of value in the chain is created through third parties. As a result, international companies benefit from the increasing concentration of third parties and making more profit which is the main reason as to why international companies enter into new markets in a globalized world. This results in a complex hub of network of third parties in the chain. This chain is excellent as long as no critical problems occur in the links.

However, experience shows that even an excellent chain including your third parties may break due to certain reasons. What would happen if one of your suppliers is unable to provide crucial raw material in a timely manner? Or what would be the consequences if it is identified that the company management paid bribes to a high-ranking official in your customer in order to win the bidding. We can give many examples regarding risks that you may face with your third parties from many perspectives. These risks could be disruption to continuity of operations, environmental or labour concerns, legal or reputational damage and bribery and corruption. 

In this article, we are focusing on third party risks regarding fraud, corruption and bribery that are originated by third parties or instigated from within companies and channelled through third parties. This increasingly important third-party ethics and compliance risks occupy a critical place in the board’s agenda of global companies. To understand the reason of this, it would be sufficient to look at the FCPA settlements. The top 10 FCPA settlements have all involved bribery instigated from within companies and channelled through third parties, including through consultants, agents and joint venture partners.

That said, the question is how you are going to protect yourself from such third-party ethics and compliance risks. The answer is just going through an effective ethics and compliance programme including third party risk management as well as anti-bribery management.

The following principles determined by Transparency International identify critical aspects of best practice in ethics and compliance risks of third parties:

1. Ensure enabling your company environment of governance and commitment to integrity
2. Integrate your approach
3. Build trust and constructive relationships with third parties
4. Identify all your third parties
5. Use a risk assessment process for addressing third party risks and ensure the level of resources provided is commensurate with the level of risk
6. Apply a systematic procedure for engaging third parties
7. Carry out an appropriate level of pre-engagement due diligence on third parties
8. Use tailored communications and training, together with advice and reporting mechanisms, to manage third party relationships
9. Implement rigorous monitoring procedures to deter and detect bribery incidents and breaches of the anti-bribery programme
10. Review and evaluate the effectiveness of the third party anti-bribery programme periodically
11. Report publicly on your anti-bribery management of third parties

Each of these principles requires further analysis as they are critical to protect yourself from such risks. We, as Cerebra, are preparing a new article series for the above principles to bring the importance of third part risks to your attention. Because third party risks are your risks and you better keep in your mind that a chain where you are in is only as strong as its weakest third parties. Unfortunately, the real-life examples reveal that in that chain the risk is most of the time originated through weak internal controls of your company, and not only your third parties. So, the issue is complex and requires times and efforts to build a culture of “doing business with integrity” both in your own company and in your third parties.