Day 7- Third-Parties
There are five steps in the life cycle of third party management.
1. Business Justification and Business Sponsor;
2. Questionnaire to Third Party;
3. Due Diligence on Third Party;
4. Compliance Terms and Conditions, including payment See more +
Day 7- Third-Parties
There are five steps in the life cycle of third party management.
1. Business Justification and Business Sponsor;
2. Questionnaire to Third Party;
3. Due Diligence on Third Party;
4. Compliance Terms and Conditions, including payment terms; and
5. Management and Oversight of Third Parties After Contract Signing.
Step 1 - Business Justification
The first step breaks down into two parts:
1. Business Sponsor
2. Business Justification
The purpose of the Business Justification is to document the satisfactoriness of the business case to retain a third party. The Business Justification should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third party relationship is renewed.
Step 2 - Questionnaire
The term ‘questionnaire’ is mentioned several times in the FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. u should not walk but run away from doing business with such a party.
Step 3 - Due Diligence
Most compliance practitioners understand the need for a robust due diligence program to investigation third parties, but have struggled with how to create an inventory to define the basis of risk of each foreign business partner and thereby perform the requisite due diligence required under the FCPA. Getting your arms around due diligence can sometimes seem bewildering for the compliance practitioner.
Step 4 - The Contract
You must evaluate the information and show that you have used it in your process. If it is incomplete, it must be completed. If there are Red Flags, which have appeared, these Red Flags must be cleared or you must demonstrate how you will manage the risks identified. In others words you must Document, Document and Document that you have read, synthesized and evaluated the information garnered in Steps 1-3. As the DOJ and SEC continually remind us, a compliance program must be a living, evolving system and not simply a ‘Check-the-Box’ exercise.
Step 5 - Management of the Relationship
I often say that after you complete Steps 1-4 in the life cycle management of a third party, the real work begins and that work is found in Step 5– the Management of the Relationship. While the work done in Steps 1-4 are absolutely critical, if you do not manage the relationship it can all go downhill very quickly and you might find yourself with a potential FCPA or UK Bribery Act violation. There are several different ways that you should manage your post-contract relationship. Here we will explore some of the tools which you can use to help make sure that all the work you have done in Steps 1-4 will not be for naught and that you will have a compliant anti-corruption relationship with your third party going forward.
Final Thoughts
I continually give my Mantra of FCPA compliance, which is Document, Document, and Document. Each of the steps you take in the management of your third parties must be documented. Not only must they be documented but they must be stored and managed in a manner that you can retrieve them with relative ease. The management of third parties is absolutely critical in any best practices compliance program. As you sit at your desk pondering whether this assignment given to you by the CCO is a career-ending dead-end; you should take heart because there is clear and substantive guidance out there which you can draw upon.
Three Key Takeaways
1. Use the full 5-step process for 3rd party management.
2. Make sure you have BD involvement and buy-in.
3. Utilize continuous due diligence going forward.
See less -
