Third Party Risk: 7 need-to-knows for your board

TWO OF THE MOST SOUGHT-AFTER IMPROVEMENTS IN THIRD PARTY RISK MANAGEMENT ARE:

Third parties pose a serious ethics and compliance risk to your organisation and can have a devastating impact on your company’s reputation and long-term financial sustainability.

While a critical consideration at any time, third party risks have recently increased due to the rapidly changing business environment where organisations are being asked to on-board new vendors and suppliers quickly without the resources to undertake the appropriate levels of due diligence.

Here are the seven crucial factors your board needs to know about third party risk:

Your board needs to know that regulators expect you to undertake the appropriate level of due diligence and on-going monitoring of each third party relationship. This is known as taking a risk-based approach where the level of due diligence should vary according to factors such as industry, country, size of contract, and nature of the transaction.

Corruption in business is happening on your doorstep

COUNTRIES WHERE ORGANISATIONS UNDER FCPA INVESTIGATION ARE HEADQUARTERED

Your board needs to know that corruption is not something that only happens in far off regions. In many cases, the organisations responsible are much closer to home. As legislation is more widely implemented, enforcement policies and cross-border co-operation greatly multiply the chances of an infraction ending up in the courts.

Source: FCPA Tracker, June 2020, (includes closed investigations since 2017)

Note: Organisations under investigation come from 47 different industry sectors

(n = 183)

0

1

2

3-4

5-10

11-20

20+

Number of current FCPA investigations

83%of organisations only identified third party risks after initial onboarding and due dilligence

Gartner, 2019

44%

52% the continuous monitoring of all third parties

the consistent application of a risk-based approach

NAVEX Global, 2019

Any employee can be held personally liable

Your board needs to know the risks that third parties expose both your business and your people to, and provide oversight to ensure an appropriate process is in place to manage these risks. Any employee, including your board and senior management, can be held personally liable for corrupt behaviour enabled by your third parties.

1in3 56%board directors and senior managers say they could justify offering cash payments to win or retain business

of employees state the management or the board are responsible for ensuring that employees behave with integrity

EY, 2017 EY, 2017 Debevoise & Plimpton, 2020

What is a third party?

Regulations governing third party risk is increasing

Your board needs to know that your organisation can be held liable for the actions of your third parties from a growing number of anti-corruption regulations. Your board needs to act now to ensure your organisation is operating compliantly to all current and future regulations.

Enforcement on third party regulations is increasing

TOP 5 BIGGEST CORRUPTION FINES INVOLVING THIRD PARTIES

Your board needs to know that not only is legislation being enforced more often, but the size of fines is growing too. Global regulators are now working more closely together to enforce regulations and hand out multiple fines for the same infringement.

US, UK, France

2020

$4bn

Netherlands

US, Brazil, Swiss

2016

$3.5bn

Brazil

US

2018

$1.78bn

Brazil

US, Germany

2008

$1.6bn

Germany

US

2019

$1bn

Sweden

HQ Location Regulator DateFine

ENFORCEMENT ACTION IS INCREASING… …AND CORPORATE FINES ARE GROWING LARGER

<10

30+

enforcements per year by the DOJ and SEC between 1977 - 2000

enforcements per year by the DOJ and SEC between 2001 - 2019

FCPA, 2020 Wilkie, Farr & Gallagher, 2020 (Note: Figures rounded)

$5.4m

$44.3m

Average penalty fine

2015

$43.5m

2016

$51.4m

2017 2018 2019

$116m

The cost to the business is more than the fine itself

Falling foul of the regulations can incur huge fines and financial penalties. Your board needs to know that there are more significant and long-term costs to also bear in mind. These include: reputational damage, share price drops, the ease of doing business, as well as ongoing legal and monitoring costs.

Robust compliance can reduce the financial impact

HOW DO YOU EARN A DPA DISCOUNT?

Your board needs to know that robust compliance programmes and proactive due diligence can lead to forgiveness from law-enforcement agencies resulting in non-prosecution or reduced penalties through Deferred Prosecution Agreements (DPAs).

DPA discount for global engineering company due to activities including, “improved due diligence in respect of intermediaries comprising business justification, external due diligence, and ongoing monitoring.”

Have a robust compliance programme in place

Undertake appropriate third party due diligence

Self-report possible corrupt activity

Cooperate with any investigations SFO, 2017

01

02

03

04

05

06

07

WHAT IS A RISK-BASED APPROACH TO THIRD PARTY DUE DILLIGENCE?

NAVEX Global's RiskRate provides a risk-based approach to third party due diligence by using automation and AI to screen and continously monitor third parties to help protect your people, your organisation's reputation and your bottom line.

Learn more about reducing your third party risk now

81.8¢ €10bnof every dollar of share value loss can be attributed to reputational damage caused by imposed corruption fines

decline in revenue at global telecoms giant after employees were convicted of bribery and the subsequent resignation of the CEO and supervisory head of the board

Journal of Business Ethics, 2018 Journal of Business Ethics, 2018

4x £1.5bnFailure to consider the reputational damage of a bribery scandal significantly underestimates the cost to a company by at least 4 times

Group loses third of market value in two days over concerns supplier factory was paying illegally low wages

Volkov Law Group, 2016 FT, 2020

90%of reported bribery/corruption cases involve third party intermediaries

EY, 2017

CHARGES AGAINST INDIVIDUALS IN FCPA* ACTIONS

MAJOR COMPLIANCE REGULATIONS ARE BEING INTRODUCED AND UPDATED WITH STIFFER PENALTIES

Aerospace Corporation Conglomerate Petroleum Company Industrial Manufacturer Telecoms Company

Regulators expect a risk-based approach to be taken

Varies based on industry, country, size of contract, and nature of the transaction

Increases or decreases depending on flags raised

Creates an ongoing cycle of third party monitoring and review

Ensures organisations and their third parties are committed to ethical and lawful business practices in good faith

FCPA, 2012

2019 40

2018 35

2017 27

Number of major compliance regulations

13

6

10

USA Foreign Corrupt

Practices Act (FCPA)

1977

Spain Spanish

Criminal Code

USA Dodd-Frank

UK UK Bribery Act

2010

USA Sarbanes Oxley

2002

2

France Law Sapin I

1993 2016

8

2015

Germany German Act

on Combatting Corruption

Netherlands Dutch

Criminal Code

2017

Argentina Criminal

Liability Statute

Mexico General Law of Adminstration Responsibilities

Peru Legislative

Decree 1352

2019

Italy Bribe

Destroyer Act

Saudia Arabia Anti-Bribery Law

Australia Corporate Crime Bill

2018

Russia Russian Criminal Code

India Prevention of

Corruption Act

UAE Penal Code

China Anti-Unfair

Competition Law

Malaysia Anti-Corruption

Act

21

Suppliers

Agents

Intermediaries

Consultants

Joint ventures

Contractors

Partners

Customers Distributors

Vendors

13

50%

*Foreign Corrupt Practices Act

France Law Sapin II

South Korea Improper

Solicitation and Graft Act

18