A Holistic Look at Third Party Risks
In the FCPA world, we tend to get myopic. We see complex issues and business operations through the prism of anti-corruption risks. Businesses and Chief Compliance Officers, however, have a very different perspective.
When pontificating on life lessons to my children (who are no longer children), I frequently cite the importance of seeing issues from another person’s perspective. Many issues come into focus when you consider how another person has experienced and sees a set of issues.
This life lesson applies when collaborating with CCOs and a company on third-party risks. (Who could ever predict that a life lesson can play out in anti-corruption compliance!)
A CCO identifies a company’s third parties and has to consider a set of risks, some of which are not so obvious.
Companies have less ability to control third parties than they do their own employees. That is a fundamental limitation that makes life difficult for companies that rely on a network of third party agents, distributors and customs brokers.
We all know that third parties can create significant corruption risks and many people are attuned to addressing those risks. The FCPA specifically addresses this risk and takes a broad view of enforcement and liability for third party bribery.
Third parties also create significant money laundering (and terrorist financing risks) that have to be addressed. Anytime a company makes payments or receives payments there is a risk of money laundering. The risk grows when a counterparty assigns the right to a third party to receive a payment or to make a payment.
In simple terms, money laundering prohibits companies from engaging in financial transactions that are intended to disguise proceeds of crime or to facilitate criminal activity. As a consequence, companies have to conduct AML “due diligence” of its customers and vendors/suppliers to ensure that no payments fall within the money laundering classification.
The risk of AML violations, however, increases significantly with the use of third parties who might pay companies on behalf of a customer or receive payments from a company for a vendor/supplier.
As in the case of sales agents, distributors and other third parties, the question boils down to why a company is using a third party to conduct a financial transaction on its behalf. There are many legitimate purposes of third party payers and recipients, but there can also be nefarious purposes as well.
Assuming there is a legitimate justification for the use of a third party, AML compliance programs require a company to engage in due diligence – Know Your Customer (“KYC”) – to make sure there is no undisclosed government interest or no affiliation with a prohibited person. There are red flags that can develop in reviewing these relationships and transactions, and CCOs have to address these AML risks.
Aside from corruption and AML risks, companies have to make sure third parties are not owned by, or affiliated with, prohibited parties designated in US prohibited persons and sanctions programs. Many companies have been relying on software vendors who provide services to check prohibited persons lists.
The screening process has become more complicated with OFAC’s recent reinterpretation of the “50 percent” rule.
As a consequence, the level of due diligence required to screen a potential third party and its beneficial owners has increased. Companies have to devote more time and efforts to prohibited persons’ lists, along with the ever-expanding sanctions programs. Third parties are a major risk in this area and have to be screened carefully.