Three Important Points to Remember About Third-Party Risks
If you want to learn and read about managing third-party risks, you will have no trouble finding articles, white papers, webinars and more available to you on the Internet. And for good reason.
Third-parties create significant risks, and these risks are not just limited to bribery but extend into sanctions, money laundering, privacy and cybersecurity, human trafficking, child labor and reputational damage. The compliance marketplace offers lots of solutions, including automation, due diligence, risk ranking and a host of alternative solutions.
Before you leap into the due diligence world, however, it is important to understand exactly what you are trying to accomplish and why you need to tailor your solutions to your specific needs.
When assessing the issue, there are three important points to understand about due diligence:
What is the legal standard? The term “due diligence” is defined to mean “reasonable inquiries.” I know that sounds like mumbo jumbo but it is important to recognize what “reasonable inquiries” does not mean. As an attorney, and a former prosecutor, I know the importance of focusing on burdens of proof — “reasonable inquiries” does not mean “beyond a reasonable doubt,” nor does it mean by a “preponderance of evidence.” In fact, the standard of “reasonable inquiries” means reasonable questions and follow up. It does not mean boil the ocean.
Life always depends on context and so does due diligence. What is a reasonable inquiry in one circumstance may not be in another. Everything has to be assessed through the eyes of relevant risks. Adjusting your due diligence review of a third-party to the specific risk profile is imperative.
Agents/Distributors v. Vendors/Suppliers: The FCPA expressly prohibits corrupt payments made through third parties or intermediaries. Specifically, it covers payments made to “any person, while knowing that all or a portion of such money or thing of value will be offered, given, or promised, directly or indirectly,” to a foreign official. The “knowing” requirement includes a representational component, meaning that a person who receives payment, i.e. a third-party, must be acting on behalf of the payor of the money. If I make a payment to someone, who is representing me, and I know that the person will be paying a foreign official on my behalf, I am liable for that bribe.
On the other hand, if I pay a vendor, who is not representing me or acting on my behalf for a good or service, and that vendor pays a bribe to further its business (not necessarily just mine but for his overall business operations) then I am not liable for the bribe paid by the vendor.
As an example, if my company buys potato chips from a vendor (along with thousands of other companies in a specific country), and the vendor ends up paying a bribe to customs officials in that country to favor its shipments, as a customer of the vendor, I am not liable for the vendor’s bribery payments because the vendor is not acting on my behalf.
That does not mean you can ignore the risks created by your vendors and suppliers. To the contrary, vendors and suppliers pose many risks, and are often involved in bribery or fraud schemes. My point is that vendors and suppliers, in the absence of a specific representational function, do not create classic bribery risks, and they should be screened in accordance with this risk profile.
Third-Party Professionals: The third-party universe includes professionals. As we have seen in the anti-corruption world, bribes can be paid by lawyers, tax professionals, lobbyists and consultants. These representatives act on behalf of their client companies and therefore create potential corruption risks.
A foreign law firm should be screened like any other third-party candidate based on the specific risks involved. Moreover, law firms should be subject to the same controls, invoicing requirements and description of services, and fees that are commensurate with the specific project and the market.
History is replete with instances where lobbyists have been used (and continue to be used) to funnel illegal payments to government officials. (e.g. Abscam, Abramoff, just to name a few). For that reason, lobbyists in foreign countries may create significant corruption risks and should be subjected to a commensurate el of controls.