Third-Party Due Diligence: Creating a Credible & Defensible Program
The cornerstones for third-party oversight are due diligence and monitoring–but building those concepts into a credible compliance program requires a multi-pronged effort; one that aligns an organization’s people, processes, and technology to prevent and detect violations.
This white paper provides an overview of the standards and principles related to the systematic vetting of third parties such as resellers, agents, distributors, sales and marketing representatives, and joint venture partners.
An excerpt:
Achieving a credible third-party program remains an urgent compliance priority, as is spelled out in multiple guidance documents from the US Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”). The DOJ and SEC’s Guide to the U.S. Foreign Corrupt Practices Act, Second Edition (“The FCPA Resource Guide,” last revised July 2020) continues to be a blueprint for effective compliance programs today.
One section contained this passage about third-party due diligence: DOJ’s and SEC’s FCPA enforcement actions demonstrate that third parties, including agents, consultants, and distributors, are commonly used to conceal the payment of bribes to foreign officials in international business transactions. Risk-based due diligence is particularly important with third parties and will also be considered by DOJ and SEC in assessing the effectiveness of a company’s compliance program.
In other words, if a third party violates the law on your behalf, the absence of authorization from your company, combined with a credible and defensible compliance program, will send a strong message to regulators about your company’s commitment to compliance. Those elements cannot guarantee the avoidance of criminal prosecution, but they do firmly tilt the company toward that outcome. As stated in the DOJ’s June 2020 updated guidance to prosecutors on Evaluation of Corporate Compliance programs (“DOJ’s 2020 Guidance,”) regulators will look to see if the compliance program is risk-based, proportionality resourced, data-driven, and regularly reviewed. Both the DOJ’s June 2020 Guide and 2020 FCPA Resource Guide incentivize organizations to have robust, well-structured, and evolving compliance programs in place before an occurrence or violation.
