Despite exposure to corruption risk, due diligence on third-party business partners remains low

Last year marked the first time that every enforcement action brought by the US Department of Justice (DOJ) and the US Securities and Exchange Commission (SEC) under the Foreign Corrupt Practices Act (FCPA) involved the alleged payment of bribes by companies’ third-party business partners, according to Deloitte’s research.

Corporate employees also were found to be involved in most of the cases, Deloitte said. In all instances, the company was found to be culpable because it was alleged to either have knowledge of the activity without stopping it, or intentionally have used the third party to facilitate the activity, according to Deloitte.

Deloitte’s research shows that, in 2005, third-party partners or intermediaries were involved in just 41.7% of the SEC/DOJ FCPA cases.

Despite the risks associated with third-party relationships in foreign markets, corporate due diligence in that area remains low, according to Deloitte.

A Deloitte poll conducted in December with more than 1,200 respondents said that 23.4% reported that their organisations performed due diligence and risk assessments on no more than one-fourth of their third-party business partners. Five percent said they performed no due diligence on their partners.

The expense of conducting due diligence is the most significant obstacle for organisations, according to the report. Cost of implementation was identified by 30.8% of those polled as the biggest challenge for organisations in implementing a company-wide, third-party programme for risk assessment and due diligence. Nearly 6% cited “fear of alienating the sales channel” as the biggest challenge to thoroughly vetting their third-party partners. 

Joe Zier, a leader in Deloitte’s FCPA practice, said companies that work with a large number of third parties and take on such partners in emerging markets sometimes can’t afford to conduct risk assessments on all of them. More than half the respondents in the poll reported that their organisations work with 100 or more third-party partners.

“So they generally do a slice and dice on the ones that they perceive intuitively to be at risk and so therefore will do [due diligence on] a small number of them,” Zier said in an interview. “Unfortunately, it’s generally the ones that they don’t [review] that get them into trouble, particularly in emerging markets.”

The FCPA, signed into law in 1977, among other provisions, bans US companies and individuals from bribing foreign officials for the purpose of obtaining or keeping business. Under amendments made in 1998, the anti-bribery provisions of the FCPA also apply to foreign firms and individuals who cause, directly or through agents, “an act in furtherance of the corrupt payment to take place within the territory of the United States,” according to the DOJ.

The SEC and DOJ stepped up enforcement in recent years. In 2010, the SEC’s Enforcement Division created a specialised unit to improve its enforcement of the FCPA.

Zier said the trajectory of FCPA investigations has included DOJ focus on sectors including energy, life science and pharmaceuticals and, now, technology and financial institutions. Geographically, he’s noticed a focus on Asia. Third-party partners for sales and distribution tend to harbour the greatest risk, Zier said, but suppliers and agents or professional service providers can also open companies up to FCPA risks.