More than 1,400 subcontractors represented thousands of workers responsible for building the Freedom Tower. Contractors and project managers alike were required to know the professional experience of each subcontractor to ensure quality craftsmanship.
How could each individual company on this massive worksite be thoroughly vetted? That could require its own workforce, especially for the primary contractor on the project. A comprehensive, scalable third-party due diligence program is essential to meeting organizational and regulatory standards through project completion.
ITEM: Global manufacturer charged with violating the Foreign Corrupt Practices Act (FCPA) when subsidiaries arranged illicit payments to foreign officials in more than a dozen countries. ($26 million fine.)
Often overlooked, supply chain should be a top priority within a company’s overall compliance program. With global corruption and enforcement on the rise, governments worldwide are expanding their focus on investigations of third-party relationships. In order to reach this level of security, while protecting an organization and its supply chain, an end to end workflow process can increase stability and prevent violations critical to business operations.
It begins with vendor on-boarding and identity verification, followed by thorough screening against robust, accurate and up-to-date databases of relevant compliance-related information on companies and individuals. Analysis and assessment of risk may then require further investigation and monitoring of certain third parties.
ITEM: Investigation of a major global retailer for possible violations of federal anti-bribery law has extended into some of the retailer’s most important international markets.
Workflow allows tracking of decisions and all information usedproviding an audit trail, demonstrating the company’s adherence to its compliance program. In today’s global environment, if an organization is unable to achieve this critical level of security, it can have a major impact on business operations and growth.
The lack of transparency and the rapidly evolving nature of international business increasingly contribute to the formation of more complex supply chains. This demonstrates the need for implementation of a rigorous third-party due diligence screening and monitoring process to avoid any violations threatening the supply chain.
A tailored workflow process enables companies to look deep into their entire network of third parties—consultants, lobbyists, agents, foreign dealers and resellers, suppliers, subcontractors, etc.—to identify hidden risks and mitigate accordingly.
Best Practices for Third-Party Compliance Workflow
1. Introduce a Thorough Onboarding Process
Capability to capture customer and third-party information, questionnaire data, delivery and acceptance of supplier code of conduct, etc.
2. Integrate Identification and Authentication
Integrate external data sources and/or documents to verify identity to regulatory specifications.
3. Implement Comprehensive Screening
Check entity and related persons against government sanctions lists, PEP, Iran data and adverse media.
4. Provide an In-Depth Risk Assessment
Complete analysis of the customer/third party to determine level of risk and depth of any further due diligence required.
5. Perform Enhanced Due Diligence
Additional manual investigation of the entity to mitigate or quantify risk. Ranges from remote research to comprehensive site visit.
6. Conduct Ongoing Monitoring
Continuous review of external data (lists/media) and/or internal data to detect risk relevant events or indicators.
7. Promote Workflow Case Management
Workflow to manage compliance decisions, documentation audit trail, etc., and show dashboards of workstream.
ITEM: There are currently 91 publicly traded and an unknown number of private companies subject to active investigations by the DOJ/SEC. In the overwhelming majority of instances of foreign corruption cases, third parties such as suppliers, distributors and third-party intermediaries were an essential player in facilitating bribes.
By adopting a resilient framework, companies can build a comprehensive, efficient, dynamic and risk-based compliance program that empowers them to compete confidently and aggressively in the global marketplace.
Kelvin Dickenson has over 25 years’ experience managing risk and compliance in financial services. He has worked at Dun & Bradstreet for the past seven years and prior to that he directed regulatory compliance, credit, loss prevention/risk management and collections activity for a major credit card bank. His body of work ranges from designing compliance procedures to writing lending policies. He is now focused almost singularly on regulatory compliance relative to third parties and is a member of the advisory board at the Association of Certified Financial Crime Specialists. Dickenson is not an attorney and this article is not intended to provide legal advice.