Managing risk with third parties or intermediaries
Out of sight, never out of mind
INSIGHT ARTICLE |
It’s no surprise that middle market companies do not have the same global footprint as their Fortune 500 competitors. However, it may come as a surprise that their presence on the international stage is becoming more prominent.
In a recent survey of top U.S. middle market executives, 54 percent said their companies were doing business in foreign markets, a 14 percent rise from a similar survey conducted just two years ago.1 While access to international markets clearly has the potential to boost revenue growth, it also heightens the risk of complex fraud and corruption activity, particularly when business leaders often must rely on foreign intermediaries to help open doors on behalf of their companies.
According to the Organization for Economic Cooperation and Development (OECD), third-party intermediaries (third parties) are people who help connect two or more trading partners, generally as “a conduit for goods or services offered by a supplier to a consumer.”2 However, 87 percent of leaders polled in RSM’s 2016 Global Corruption Law Compliance Survey reported that they were “extremely” or “very” worried about the activities of these third parties, particularly when they had been recommended by local officials in foreign countries. Over half of the executives in our survey were concerned about questionable or potentially illicit behaviors by these partners, such as unusual compensation arrangements, audit refusals, incorrect invoice or overbilling issues, and non-routine requests for customer discounts. These findings suggest that most middle market companies recognize serious issues exist with third parties, but struggle with effectively managing these risks.
The high cost of failed third-party oversight
Through the end of 2016, the U.S. Securities and Exchange Commission (SEC) and the Department of Justice (DOJ) resolved 57 actions against companies and individuals for violations of the Foreign Corrupt Practices Act (FCPA). That was the second highest number of completed FCPA enforcement actions in a calendar year, and it generated a record $2.65 billion in settlements.3 While several large companies were penalized, middle market firms were not immune.
While most third parties play a completely legitimate role in helping U.S. businesses facilitate transactions in foreign markets, business leaders need to be aware that the behavior of these individuals reflects on their companies. Thus, if a third party makes illicit payments, gifts or other acts in violation of the FCPA, a company can be exposed to potential criminal or civil liability. Consider the following examples:
- In January 2017, the SEC and DOJ jointly announced an agreement with an Indiana-based medical device maker, under which the company agreed to pay over $30 million to conclude government investigations of multiple FCPA violations. After an initial deferred prosecution agreement in 2012, the SEC noted that the firm continued improper transactions with a known prohibited distributor in Brazil, and also engaged a third party to pay bribes to customs officials in Mexico. Regulators said the latter was done to ease importation of unregistered and mislabeled dental products.4
- In December 2016, the DOJ and the SEC reached a $75.7 million settlement with an $800 million Kentucky-based manufacturer, based on a series of FCPA anti-bribery and internal controls violations. For a period of 12 years ending in 2015, regulators said local subsidiaries of the company made improper payments to government officials in Angola, Thailand, China, Indonesia, Egypt and Bangladesh. Additionally, the agencies alleged that a senior company executive had approved excessive commission payments to a sales agent doing business with state-owned entities in Angola.5
- In January 2017, a $650 million health care equipment manufacturer based in Texas reached a $14 million settlement with the SEC, which had alleged that the company had both significant accounting failures related to recordkeeping and internal controls, as well as FCPA violations related to improper payments. On the latter point, regulators said that third parties hired by the company’s Brazilian subsidiary had made improper payments to doctors at government-owned hospitals to increase sales for the parent firm.6
Incidents like these are not rare. In fact, in our 2016 Global Corruption Law Compliance survey, nearly 20 percent of respondents said their companies had first-hand experience with bribery or corruption cases involving foreign officials in the preceding 12 months.
In third-party oversight, details matter
Generally speaking, effective compliance practices are an extension of sound business management that involve understanding and responding to factors such as:
Local politics and new third-party relationships. The political climate in many foreign countries—especially those with a documented track record of corrupt activities—makes it crucial to take multiple factors into account when vetting third parties. For example, third-party firms whose officers are in conflict with the ruling political regime are sometimes subject to corruption charges and adverse, state-owned media when they fall out of favor with a corrupt regime.
Individual accountability for existing third-party relationships. Businesses benefit from understanding the chain of accountability associated with third parties. For example, business leaders are often surprised to learn that:
- Third parties are being supervised by contractors or other intermediaries, meaning that no direct employees of the company are accountable for the third party’s activities or performance.
- Long-term third-party individuals have been engaged under contract terms that were executed before more rigorous corruption compliance controls were established.
- Progress reports and other deliverables that are contractually required are not requested by individuals overseeing the relationship—and therefore not received. Lack of work product from third parties can be considered a red flag.
Scenarios such as these can put an organization at greater risk of misconduct.
Degree of leverage and influence within the relationship. Third parties in foreign markets often have more leverage than initially anticipated, particularly when familial, economic or political circumstances position them as “the only game in town.” Even if the third party is acting within legal and regulatory boundaries, this leverage can become problematic if the third party (for example) demonstrates lack of commitment to the company’s products and services, claims excessively high volumes of damaged products upon receipt, or requires higher than average investments in promotional marketing. Third parties with significant leverage may also be more likely to ignore a company’s code of ethics, contractual terms or global anti-bribery laws. Therefore, it’s important that businesses have visibility into the total costs, margins and risks associated with doing business with third parties. This information can help aid timely decisions to identify alternates or exit markets altogether.
Clear compliance mindset. When oversight of third parties is delegated to local market employees, it cannot be assumed that those workers will both understand and abide by all anti-corruption regulations. For instance, assume several third-party distributors tell an employee that they are losing interest in the company’s core products, but that the issue could be resolved if more funds were made available for “marketing expenses.” Without clear, documentable evidence of how those funds would be used, the employee is faced with a choice: Risk losing the distribution channels (and perhaps their job in the process), or produce the funds and risk being out of compliance with the FCPA or other anti-corruption laws and regulations. For those reasons, compliance training—including specific guidance on handling anomalous circumstances—should be part of the organization’s overall continuing education program. Accordingly, it’s critical to create and promote channels for employees to raise concerns with senior management and compliance leaders, who in turn can provide guidance, create positive incentives for information-sharing and use the circumstances as case studies to inform future trainings.
Tips to manage third-party risks
As demonstrated by the regulatory settlements noted earlier in this article, third-party risks should not be taken lightly. For that reason, consider how the following tips may help your company successfully meet this challenge:
Have a documented fraud response strategy. The power of a written fraud response plan can be summarized by the following ratio: 7-to-1. In our 2016 survey, we found that companies with a documented fraud response strategy were seven times more likely than firms lacking such a road map to initiate follow-up investigations when illicit activity is suspected. Advance planning is particularly valuable to help companies anticipate and navigate third-party “cultural differences,” which 35 percent of respondents in last year’s survey identified as a significant challenge to conducting bribery or corruption investigations.
Conduct rigorous background checks. Regulatory bodies look more favorably on companies that demonstrate solid due diligence in their efforts to combat fraud. This is particularly vital in screening potential third-party relationships. In its FCPA resource guide, the SEC specifically notes that “as part of risk-based due diligence, companies should understand the qualifications and associations of third-party partners, including business reputation and relationship, if any, with foreign officials,” later adding: “The degree of scrutiny should increase as red flags surface.”7 That language should serve as strong motivation for leaders to ensure their companies are currently conducting third-party background checks, and that they have good reasons to be confident in the thoroughness of their screening process.
Use surprise audits. In our 2016 Global Corruption Law Compliance Report, just 48 percent of respondents said they had used unscheduled audits with third parties, a sign that this monitoring tool is underutilized by business leaders. In fact, when isolating our survey findings to companies that did not have a documented fraud response strategy, just 21 percent of those firms conducted surprise audits of third-party partners. Conversely, 79 percent of surveyed firms that had such a strategy in place used unscheduled audits as part of their overall fraud monitoring arsenal.
Without question, third parties can be a substantial asset in helping mid-market companies grow market share in global locations. When business leaders invest appropriate time and resources toward proper evaluation, hiring and monitoring of these international advocates, they can reap the rewards of their skills—while also having confidence that the activities of these third parties are ethically and legally sound.
To learn more about tools to help your company business reduce its potential exposure to fraudulent activity, contact RSM’s forensic accounting and fraud investigations team.
1. Brooke, Z., “Middle Market Companies Excel by Exporting,” (January 1, 2017) American Marketing Association
2. “OECD Foreign Bribery Report: An Analysis of the Crime of Bribery of Foreign Public Officials,” (2014) OECD Publishing
3. “FCPA Winter Review 2017,” (February 6, 2017) Miller & Chevalier
4. “Biomet Charged with Repeating FCPA Violations,” (January 12, 2017) U.S. Securities and Exchange Commission
5. “Wire and Cable Manufacturer Settles FCPA and Accounting Charges,” (December 29, 2016) U.S. Securities and Exchange Commission
6. “Medical Device Company Charged with Accounting Failures and FCPA Violations,” (January 18, 2017) U.S. Securities and Exchange Commission
7. “A Resource Guide to the U.S. Foreign Corrupt Practices Act,” (November 14, 2012) U.S. Securities and Exchange Commission