Third Parties and the Red Flags You Don’t See*
Recently, I was reading a White Paper by Dun and Bradstreet titled “Anti-Bribery and Corruption Compliance for Third Parties: Is an off the shelf product enough?” (link here) As the D&B paper points out, “the risks of insufficient third-party diligence have never been greater,” to which I totally agree; however, the question remains, what are the solutions? In this article, I will use the D&B White Paper as a companion guide in discussing third party compliance gaps that I have observed in my own international sales experience. Furthermore, I hope that by discussing these real world perspectives, that compliance professionals and practitioners might see these examples as relevant to their own compliance programs.
As a preface, let me share that the discussion here concerns the difficulties that a corporation or audit entity would most likely encounter when trying to investigate, assess and/or vet a third party which has corrupt intent, and that such intermediaries will often surround themselves with a “ring of lies” which is difficult to expose. Such third party suppliers will often use corrupt means during the on-boarding process, especially when confronted with a corporate entity that is making an honest attempt to execute on due-diligence. While I agree with D&B that exposing that risk “is difficult if not impossible to achieve by purchasing an off the shelf product alone,” I see room for growth in terms of understanding how those intermediaries are attempting to evade and manipulate traditional assessment and vetting protocols.
What do I care, it is not my law
First, we should understand and appreciate that for many third parties, the mentality is “I am not covered” by US and other international anti-bribery acts, so the thinking remains “sure, I will sign anything, as long as I get the agreement.” In other words, it is a “it is not my law,” or worse, “it is not illegal here” mindset. That is a dangerous situation for all involved; such agents are willing to sign affidavits and representations knowing that they have no intention to comply with the law, and that is not the kind of dynamic which normally gets exposed via questionnaires or self-assessments.
A ring of lies
As the D&B paper states, “companies can’t simply rely on paper thin assurances by employees, distributors, or customers,” when it comes to third party transactions, and that “they need to look at the surrounding circumstances of any payment to adequately assess whether it could wind up in a government official’s pocket.” The challenge to that statement is that when it comes to a corrupt third party, it is difficult to make that assessment; such entities will attempt to surround themselves with a “ring of lies.” These deceptions have a number of components, which I will describe, and which are difficult to pierce from an assessment perspective.
The greatest object in the way of a reliable third party risk assessment is when the “internal business sponsor,” as labeled by D&B, is in collusion with the third party in order to assist the agent in circumventing standard assessment protocols. Such collusion can take the form of having the internal business sponsor complete the self-assessment (including additional “coaching”), as well as conspiring as to what financial tools are available in order to transfer necessary funds for a corrupt payment. These types of conversations are difficult to track, and in large organizations, which are managing a multitude of vendors in high and low risk regions, the risk is even greater.
When you have an internal business sponsor and a third party surveying financial tools which can be used corruptly, such conversations can include the use of discretionary discounts, marketing allowances, expense reimbursement, the transfers of samples, or even the use of “scope of work, “ and “after sales agreements,” to facilitate a corrupt transaction. Such discussions are not always on a “grand” basis, but can occur repeatedly, with low financial amounts, to avoid detection. In a discussion I had with a corporate compliance professional he said “what keeps me awake at night is that while some events which occur day in day out, may seem minor, when they become common place and shared among international personnel, it can end up as a significant problem.” Also, as I have shared in the past, such conversations and plans take place far from the C-Suite, usually, with no witnesses present.
My own conclusion is much along the lines of D&B, where they assert that “traditional approaches to managing diligence around third parties, including reliance on off the shelf products alone…have not proven sufficient in preventing bribery.” I think when you look at the “circle of lies” that can often surround a corrupt third party, adding on the mentality of “it is not my law,” and the potential collusion with an internal business sponsor, that a substantial risk which is difficult to detect can exist under the best of due-diligence intentions.
As D&B states, the onboarding process presents the greatest opportunity to develop a practice that prevents “diligence to be bypassed.” Thus, a more thorough and narrative examination of the third party, including the history of the particular market sector (was corruption in that sector in the past?), and a view of the internal business sponsor relationship, might be a guide to a more robust gate to keep out those who may irreparably harm a company through corruption and bribery.
*this article first appeared in Corporate Compliance Insights and is reprinted and edited with their permission.