Financial crimes such as bribery, corruption and money laundering are becoming more common and more complex. One of the most common reasons for a company becoming implicated in alleged financial crime is its exposure to the activities of its third parties and suppliers. In this blog, we look at the trends in financial crime that your firm should be aware of. We then suggest how companies can improve their third party risk management to mitigate this risk, and to detect and root out suspected financial crime in general.
Financial crime’s acceleration is being driven by third party risks
The prevalence of financial crime, and companies’ exposure to it, continues to increase year on year. Recent surveys of companies reflect this, including:
- A 2023 survey by Compliance Week and Morgan Lewis found that 48% of respondents anticipate an increase to bribery and corruption risks to their company in the next two to three years, and 39% think the risks will stay the same.
- Kroll’s 2023 Fraud and Financial Crime Report, which interviewed 400 senior executives over three continents and found that 67% predict an increase in financial crime over the next year, while 57% said third-party gatekeepers in particular increase financial crime risk.
Financial crime itself is evolving as criminals devise ever more sophisticated ways to conceal their illicit activities. The acceleration of digital banking and the normalisation of remote working after the pandemic have created vulnerabilities for firms seeking to manage risks. In the past, if a firm’s compliance team flagged a third party as high risk, inspectors could visit their offices to investigate as a form of enhanced due diligence. But today, it has become common for companies to rely on third parties whose staff they never actually meet in person. This creates a grey area which criminals and fraudsters seek to target.
Companies rely on third parties and suppliers around the world to deliver their products and services, and these third parties are increasingly becoming their main exposure to financial crime risk. In the survey by Compliance Week, 82% of company executives said indirect bribery by third parties is a greater risk than bribery by their own personnel.
Wolfsberg Principles offer a roadmap for financial services institutions to manage risks
What should financial services companies such as banks do to manage and mitigate these rising legal, financial, reputational and strategic risks of financial crime carried out by their third parties? Most major companies must adhere to the requirements in laws and regulations spanning numerous jurisdictions. Many of these laws are based on, or adhere to, the Wolfsberg Principles. This makes the Principles a good starting point for improving regulatory compliance in general.
The Principles were updated for the first time in six years in 2023. While not official regulations, they are developed by an association of 13 global banks called the Wolfsberg Group, and regarded as influential guidelines of best practices for anti-bribery and corruption processes and ethical business. The latest iteration singled out activities by a third party as a “potential liability” for financial institutions.
Along with this warning, the Principles identified “red flags” against which banks should screen third parties to detect possible financial crime. Finding these flags could prompt a company to carry out enhanced due diligence on that third party, supplier or customer. They include:
- A third party making “unreasonable” or “unsupported objections” to anti-bribery and corruption due diligence being included in a contract or transaction agreement.
- Use of a shell company or other non-transparent corporate structure.
- A company with a “flawed background or reputation”.
- The “unusual involvement of Public Officials in commercial matters”.
- A third party’s jurisdiction; customer base; industry; and type of products of services.
The guidance concludes that, once companies have identified the level of risk posed by a third party, they should apply proportionate due diligence and anti-bribery and corruption controls–which is known as a risk-based model. Crucially, they should also “periodically assess” whether they are capturing new and emerging risks.
Data and technology can help companies to overcome the growing challenge of financial crime
The complexity of financial crimes also makes it more difficult for companies to capture the full extent of the risks confronting them. The best way to do that is to screen third parties and customers against a very broad range of reliable and authoritative data sources. This should include:
- Legal data including court cases involving a company.
- Sanctions lists and watch lists that reveal which entities and individuals would cause a company doing business with them to be sanctioned.
- Lists of Politically-Exposed Persons (PEPs), whose prominent political positions can make them a target of bribery and corruption–and therefore deserving of enhanced due diligence.
- News data, which can flag perceived and alleged risks involving a company or individual–especially if the data comes with an archive of historic news.
- ESG data, which indicates a company’s impact on the environment, its reputation for social issues, and any failures in governance.
LexisNexis brings together all these data sources and more in one place, and leverages technology to surface relevant mentions of third parties and devise a risk score based on that analysis. In line with regulatory expectations, a company’s risk profile will be updated automatically when new information comes to light.