According to the Organisation for Economic Co-operation and Development (OECD), third-party intermediaries (third parties) are generally persons who contribute to linking two or more trading partners as a “channel of goods or services offered by a supplier to a consumer”. However, 2,87 percent of executives surveyed in the 2016 RSM Global Corruption Law Compliance Survey said they were “extremely” or “very concerned” about the activities of these third parties, especially when they were recommended by local officials abroad. More than half of the executives in our investigation were concerned about the questionable or potentially illegal behavior of these partners, such as unusual compensation agreements, audit refusals, false invoices or overcompensation issues, not routine customer discount requests. These results indicate that most SMEs recognize that there are serious problems with third parties, but that they are struggling to effectively manage these risks. McCann: I think effective risk management starts with risk reduction, and in fact, many companies have started using IPT risk reduction by doing due diligence before establishing a relationship with a TPI. But due diligence is no longer enough. Ongoing monitoring of the ICTY is clearly becoming a natural compliance requirement. This is particularly relevant, as it relates to ABC compliance. A critical component that is needed to meet this requirement are clear contractual conditions that allow companies to verify the books and records of their IPTs. While we have seen a marked increase in regulatory guidance in this area, it is important to recognise that there is no one-size-fits-all solution.
Each company must design a program that meets its sectoral and business requirements. This is because many companies proactively monitor relationships with third parties in order not only to detect potential compliance issues, but also to identify areas for business improvement. In terms of methodology, my preferred approach is risk-based in nature. This includes understanding your IDT population and related risk characteristics, which typically include government interaction, type of service, geographic location, and annual expenditures. By assessing these characteristics, you can identify higher-risk TP populations to consider for further studies. MCC: Starting with the basics. How do you define a “third party”? In 2014, we saw significant FCPA enforcement actions involving third parties. The Alstom case certainly jumps aside, as it resulted in the second highest fine ever imposed by the DoJ: about $773 million. The charge was that Alstom had paid about $75 million in consulting fees to third parties to secure multi-billion euro projects in the Bahamas, Indonesia, Saudi Arabia and Taiwan. This is a good example of a company using TPIs to do business in countries that have historically been difficult to penetrate.
In addition, it is a good example of how intermediary relationships with regulatory risks can affect your business. Use surprise audits. In our Global Corruption Law Compliance Report 2016, only 48% of respondents said they had conducted uns scheduled audits with third parties, a sign that this monitoring tool is not used by executives. Isolating our survey results on companies that did not have a documented fraud response strategy, only 21% of these companies conducted surprising third-party audits. Conversely, 79% of the companies surveyed that had such a strategy used uns scheduled audits as part of their overall fraud monitoring arsenal. MCC: To conclude, I`d like to come back to the discussion on third-party assessments and know your final thoughts on what companies are actually doing in monitoring TPIs. . . .