When I was a young lawyer in the aerospace industry in the late 1980s it was going through a period of great ethical upheaval. The US Foreign Corrupt Practices Act was written to address the manner in which foreign defence contracts were obtained. The Industry was forced to look at the way it conducted its business and its employees behaved. Top management - who had been part of the problem - paid lip service to policies and procedures of ethical behaviour, but never meant to take them off the shelf. They were mere window dressing. But things changed as these people retired or were forced out. Large fines were imposed and contractors were debarred from bidding on future government contracts. There was a recognition over time that unethical behaviour was too costly and ethical behaviour actually led to better business results.
Much the same has happened with British companies after the UK Bribery Act was introduced. There was a recognition that the way business had been done, whether internationally involving foreign government officials, or commercially between businesses had been less than ethical. To weed out these practices, companies had to review and strengthen their anti-bribery and corruption (ABC) procedures and implement robust training and ethics programmes. This would provide them with the defence of adequate procedures under the Act, should something go wrong.
So, having implemented adequate ABC procedures in your company, you would think the work is now done. Not so! The greatest ABC threat to companies today does not lie within, but is external to the company. It is the wide-ranging field of third parties that a company must interact with to procure parts, clear customs, market and distribute products, team with, joint venture with or even hold shares in. Many of these third-party players are not even in your local jurisdiction but spread globally often in jurisdiction with low Corruption Perception Index (CPI) scores.
Just think of the aviation industry. Suppliers of every kind from catering, cleaners, technicians, ground handling agents are scattered around the world wherever there may be a hub; there is a constant need for interaction with local Government officials; spare parts have to be shipped to supply depots around the world; freight forwarders; customs officials; limousine services; the list is endless. So, what can be done to protect your business from this external threat?
There are simple tips that can be followed to start making changes in your company’s compliance programme to capture third party threats:
Identify Red Flags
These are important because they put you, and the company, on notice of a possible violation.
When interacting with a third party, what facts would you consider to suggest a high likelihood of corruption (i.e. qualify as red flags that you should be looking out for)?
Common red flags include:
- The third party is related to a government official
- The third party refuses to promise in writing to abide by applicable anti-corruption laws or company policies
- The activities take place in a country or in an industry that traditionally has had a reputation for corruption
- The payments to third parties are unusual in their size or method of delivery (e.g. unusually large commissions or payments to a Swiss bank account)
- The third party has been investigated, charged, or convicted of a crime
- A desire to keep the relationship secret
- A failure to provide regular reports or reports are vague or misleading
- Adverse media reporting about the third party or the subject project
- Unexplained or inadequately explained termination of association with one or more other companies
- Requests for over-invoicing, or that all or a portion of the commission be paid in a third country, to a third party, to a foreign bank account, or in cash or otherwise untraceable funds
- The third party is in a different line of business than that for which it has been engaged
- Heavy reliance on political/government contacts versus knowledgeable staff an investment of time and effort to promote company interests
- Unwillingness or inability to assist in developing or implementing a logical market development program
- The third party is merely a shell company incorporated in an offshore jurisdiction
- Third party “consulting agreements” that include only vaguely described services
- Other suspicious conduct on the part of the representative that would raise questions in the eyes of a prudent person
Managing these risks and applicable principles
- Understand the qualifications and associations of third-parties, including their business reputations and relationships, if any, with foreign Officials
- The degree of scrutiny should increase if red flags surface
- Understand and clearly document the business rationale for including the third party in the transaction. This includes:
- Confirming the role and need for the third party.
- Ensuring that the contract terms specifically describe the services to be performed.
- Having adequate and transparent procurement procedures that are well documented.
- Considering payment terms and how they compare to typical terms in the industry.
- Confirming that the third party is actually performing the work for which it is being paid and that the compensation is commensurate with the work being provided.
- Undertaking robust well documented due diligence prior to engagement and then regular monitoring of the third-party relationships.
- Communicating ethical expectations.Ethical ambiguities can be reduced by creating and disseminating an organizational code of ethics. It should state the organization’s primary values and the ethical rules that third parties are expected to follow.
- Seeking Information from third parties about their compliance programs, policies and procedures and, where appropriate, seek assurances thereof through anti-corruption certifications or otherwise.
- Ensuring that compliance training is part of the third party’s compliance programme and where ABC risks are high consider providing training.
- Implementing regular audit programmes of third parties compliance to the organizational code of ethics, more frequently where there is a greater ABC risk.
- The organization needs to provide formal mechanisms so that third parties can discuss ethical dilemmas and report unethical behaviour, such as ethics hotlines.
- An ethics programme is only as good as its last update. Laws and regulations change and the policies and procedures in this area also have to be updated regularly and follow-on training provided.
- Keeping a regular eye on what is happening in the industry and what the regulators are focusing on. This will permit you to stay ahead of the pack and ensure that you always have adequate procedures to deal with ABC matters.
Implementing a focused third party compliance review based on the aforementioned steps will help to avoid traps in dealing with third parties.