Assets or Liabilities: Assessing and Managing Third Party Risk


According to an Ernst and Young Report, the U.S. Department of Justice said in 2012 that more than 90% of its anti-corruption actions involved the actions of third parties. The heads of compliance programs worry that they don’t know where to begin when designing a process for reviewing all third-party business partners.

Why we are so fretful dealing with third parties? These business partner can be vendors, service providers, distributors – they providing value to a company’s clients, and they are often brand ambassadors. But they also make the job of compliance officers broader and more difficult.

Ernst and Young define three principles to govern dealing with compliance risk from third parties:

  1. Pre-contract due diligence to assess the third party’s qualifications, reputation, and connections to foreign officials.
  2. Reading the business function and services being supplied by the third party and ensuring payment terms are in line with the services provided
  3. Monitoring third parties with controls such as periodic due diligence, training, or certifications provided by third parties, and exercising contractual audit rights.

It is recommended to document the policies and procedures specifically related to anti-corruption followed by training to help third parties understand these policies and their implications. Training third parties so that they understand the importance of following the compliance guidelines, and the seriousness of the potential consequences, can help to head off many problems.

Keying in on the growing importance of background checks, Adam Greene, a partner at Davis Wright Tremaine LLC, said, “The workforce continues to be one of the biggest security vulnerabilities. Are you comfortable that the third party you are contracting with has performed sufficient background checks on all members of its workforce who will have access to your sensitive data, and is requiring its subcontractors to act the same?”

Stressing the businesses need to recognize the importance of third parties, CIPE Compliance Advisory Committee member Shariq Zaidi, Partner and Head of Assurance, Ernst & Young Pakistan said,  “Suppliers, Agents, Distributors, Brokers etc. are no more third parties as their acts of non-compliance, violations and misconduct will affect their [partners’] business and brands”. He added, “It is indispensable to do due diligence assessments of such parties, monitor compliance and identify gaps for taking appropriate remedial actions”.

Working with complex global supply chains, it is impossible to completely eliminate corruption risks. But compliance officers can minimize them even when competition is tough. Third party management is generally one of the main sources of FCPA risk – are you ready to counter it?

Muhammad Talib Uz Zaman is a Program Officer for CIPE Pakistan.