Extending Ethics and Cmpliance t Third Parties Managing Third Party Risk f Crruptin Octber 23, 2009 Diana M. Lutz, JD Greg Triguba, JD, CCEP 1 Our Jurney Review the rle f third parties in cnducting business glbally Identify certain risks assciated with third parties Discuss pprtunities fr risk mitigatin Explre hw we manage risk thrughut ur rganizatins and with ur agents and cntractrs Gain insight int cntrls used t better manage antibribery risks and discuss the impact f culture Discuss yur challenges and pprtunities 1
Third Parties are Essential t Businesses Managing third party relatinships t mitigate ethics and cmpliance risks has becme a pririty fr leading cmpanies. Almst every business engages suppliers, cntract emplyees, agents, lbbyists, etc. Businesses are increasingly entering new markets and expanding the glbal reach f their prducts and services. T meet this grwing business demand, utsurcing wrk increased in ppularity, allwing cmpanies t access and leverage the glbal wrkfrce. Initially, sme cmpanies may have assumed that utsurcing meant limiting their risks and respnsibilities. Currently, use f third parties expands well beynd utsurcing and includes cntracting fr specialized and lcal prducts, services and expertise, supprting faster grwth and a greater impact in new markets. Tday, with mre defined accuntability placed n cmpanies, the reputatin f yur rganizatin, fr better r wrse, is ften placed in the hands f these third parties. Identify Yur Third Parties Third Party Types: Suppliers, Vendrs Distributrs, resellers Cnsultants - Expertise in: Legal, Accunting, Strategic Business, Lcal and Reginal Issues, etc. Industry Experts, Advisry Services Cntractrs, Temprary Services Agents, Sales Representative, Marketing Intermediaries Jint Venture Partners Recrd third parties and centrally track risk categry, due diligence file cmpletin, cmpliance prgram status, in persn visits, relatinship wner, cntract terms, prjects, payments, apprvals, etc. 2
Third Party Risk When agents and ther third parties engage in miscnduct r vilate the law they put yur cmpany at risk fr cmpliance and legal vilatins and financial and reputatinal harm. The best defense a cmpany has when a third party has vilated the law n its behalf is the absence f authrizatin cmbined with the cmpany s well dcumented best effrts t prevent and detect such miscnduct. Risk can be mitigated thrugh due diligence. While varying levels f diligence are apprpriate fr mst third parties, cnducting due diligence shuld be a pririty fr third parties representatives r business partners perating utside the U.S. and interacting with gvernment fficials. Emerging Markets and Increased Risk The Transparency Internatinal Crruptin Perceptins Index ranks the degree t which crruptin is perceived t exist amng public fficials and pliticians by cuntry. Pssible Scres Range frm 10 (very clean) t 0 (highly crrupt) http://www.transparency.rg/plicy_research/surveys_indices/cpi/2008 3
Third Party Risk Expsure Legal liability and cnsequences fr actins f third party. Third party actins n yur behalf affecting reputatin. Third party investigated r under a clud can affect yur rganizatin even if yur rganizatin is nt implicated. Specific examples f hw a Third Party can create Risk: Supplier f yur gds runs a sweat shp. New manufacturer f yur dg fd brand has quality issues and substitutes cheap, txic fillers fr ingredients. Yur agent lavishly entertains gvernment fficials. Distributr sells prduct t a legally prhibited market (i.e. sanctined cuntry). Marketing cnsultant misuses custmers private data. Lbbyist bribes gvernment fficial. Managing Third Party Cmpliance Risk Key Steps Identify third parties that present the highest risk. Cnsider crruptin index f lcatin fr business t be cnducted, interactin with gvernment, cntract size, when assigning risk ratings t third parties. Use due diligence prcess t mitigate risk and eliminate thse third parties wh present unmanageable levels f risk. Ensure third parties are educated and agree t cmpany ethics & cmpliance prgram standards. Ensure wn cmpany staff is well trained and able t spt red flags and address them. Include terms in third party cntracts that require cmpliance and audit rights and prvide fr cntract terminatin if nncmpliance situatins arise. Ensure nging mnitring and requalificatin f third parties. Cntinuus versight f third party activities and payments Always stay alert fr red flags 4
Mitigating Risk: Sample Third Party Due Diligence Prcess Field Request fr Third Party Hire business justificatin fr hiring third party review f lcal laws that require a third party rep, permit them, limit liability t right t terminate due diligence prcess experience, financial stability, qualificatins, review f cmpliance and ethics reputatin ensure prcess cmplete; due diligence file dcumentatin cmpiled and circulated t cmpliance, acct ing, legal, mngt Update upn renewal, red flag r incident Apprval added t third party file review and apprval prcess fr DD file, business justificatin, cntract, payment prvisins educate. mnitr, implement management strategies Cmpnents f a Sample Due Diligence File Befre hiring smene t act n yur behalf cnduct due diligence t ensure the agent is qualified and has a reputatin fr integrity. Questinnaire Befre engaging in business with a third party, such as a subcntractr, jint venture partner, supplier, r service prvider, yu must ensure that the third party is nt making crrupt payments. Verificatin f Inf frm 3 rd party Cmplete Diligence File Interviews Due diligence ften includes asking the third party t fill ut a questinnaire, verifying this infrmatin thrugh public surces and in many cases, cnducting in-persn interviews Lcal Resurces References Online Resurces 5
Mitigating Risk: Putting Ethics and Cmpliance Requirements in Writing Since third parties are nt yur emplyees, all bligatins related t risk with their perfrmance bligatins shuld be in a written cntract. Sample cntract tpics: Anti-crruptin clause Identify all relevant laws related t their service Right t terminate fr cmpliance vilatins Right t audit cntract fr cmpliance with terms Require prper recrd keeping Require adptin f parts f yur Cde f Cnduct (r theirs if meets standard) that relate t their service Make clear hw questins r reprts f vilatins are t be addressed, i.e. ht lines Require reprting n change in status relevant t reputatin, business wnership, legal vilatins, etc. Make training and educatin requirements clear Addressing Onging Internal Respnsibilities After a Third Party is Hired Each third party must be actively managed by smene in the cmpany This persn maintains the dcumentatin n the third party and updates it when necessary Degree f supervisin depends n degree f risk with the third party their tasks, and their gegraphy Audit schedule needs t be created and implemented Evaluatins f adherence t the cntract, and peridically analyzed fr cmpliance Stay current n changes in wnership and changes in the business mdel f third party Cmpany managers f third parties need t be mnitred and evaluated n their perfrmance f third party management tasks Third party s failure r success is an added respnsibility f the cmpany s manager fr that entity 6
Aviding Issues with Third Parties and Crruptin: Watch fr Warning Signs r Red Flags Red Flags when wrking with third party representatives: Representative referred by a gvernment fficial Lack f experience and qualificatins t perfrm the services Histry f crruptin in the regin r cuntry Check the transparency internatinal crruptin perceptins (TI CPI index) Refusal t certify that it will cmply with the FCPA and Cmpany cmpliance prgram Unusually high cmmissins Lack f detail n wrk t be dne Unusual payments r financial arrangements Lack f transparency in expenses and accunting recrds Summary Third parties are a necessity in tday s business wrld Business leaders must understand that they are nt necessarily a cheaper alternative The same rigr in ensuring an effective ethics and cmpliance prgram fr the cmpany, applies t its third parties Third parties wh have effective ethics and cmpliance prgrams have a cmpetitive advantage with their custmers - engenders trust Risk assessments, due diligence prcesses, prgrams addressing and mitigating particular risks, strng cntracts, and nging internal management and mnitring is essential 7
Additinal Resurces 8
Managing Third Party Risk - Imprving yur Odds Third parties are under frmal cntractual agreement with cmpany and management has cntract n file. Regular audits are cnducted by cmpany t ensure third party cntractual agreements are managed and enfrced as agreed. Cntractual agreements with third parties clearly set frth expectatins regarding the relatinship and adherence t specific cmpany standards and plicies. Third party cntracts prhibiting third-parties frm unilaterally sub-cntracting its cntractual respnsibilities with ther entities Nature f relatinship clearly identifies as is legal status f entity, place f incrpratin. Third party cnducts backgrund checks n all emplyees, cntractrs, assciates and thers wrking n its behalf. Cmpany has a Cde f Cnduct in place applicable t third parties r requirement that Third party have wn Cde. If s, hw is the Cde frmally applied and enfrced n third parties? Imprving Yur Odds, cn t Third parties certify that they have read and understand the cmpany s Cde f Cnduct r their wn substantially similar Cde. Third parties receive regular training and cmmunicatins regarding cmpany standards, culture, cmpliance, and ther legal requirements. If s, hw are these cmmunicatin and awareness effrts delivered and with what level f frequency? Are cmmunicatins translated and delivered in lcal languages? Cmpany has a widely publicized and readily available glbal reprting mechanism and prcess where emplyees, cntractrs, third parties, agents, etc, can seek guidance, reprt cncerns and ask questins (annymusly if desired). Anti-bribery/anti-crruptin standards and training is cmmunicated and prvided t everyne in the rganizatin t include emplyees, third parties, cntractrs, etc. Hw are these cmmunicatins and training delivered and with what frequency? Third parties are required t certify that they have received/cmpleted anti-crruptin/anti-bribery training. 9
Imprving Yur Odds, cn t Third-party is a current r frmer gvernment fficial, emplyee r agent r a relative. Clearly defined and legitimate business purpse exists fr engaging third parties. Third party qualified and experienced t engage in the service r activity he r she was retained t undertake. Third parties paid via standard payment prtcls established by cmpany (ex. direct depsit). Emplyees wrking with third parties are knwledgeable f applicable anti-bribery, anti-crruptin, and U.S. FCPA cmpliance standards. Third party activities clsely mnitred by cmpany management in all perating lcatins. Third parties are directly supervised and managed by cmpany emplyees in high-risk perating lcatins. Imprving Yur Odds, cn t Supply chain, prcurement, accunting, senir and lcal management, legal and cmpliance trained n third party cmpliance standards and can readily identify red flags. New third party relatinships are reviewed and apprved by the cmpany s CECO r ther fficial in high risk cuntries and/r where activities invlve regulated r high risk peratins. Cnflict f interest check cmpleted. Third party subject t any past, current and/r pending legal issues, lawsuits, gvernment investigatins/inquiries, etc. If s, describe the nature and dispsitin f these actins. Cmpany actively assists third parties in mitigating cmpliance risks. Regular and nging audits are cnducted at third party sites and perating lcatins fr all business activities. Includes risks assessment, site visits, management and emplyee interviews, dcument review. Cmpany perfrms due diligence effrts n third parties prir t entering int business relatinships. 10