Have summaries of our latest blogs delivered to your inbox, so you can stay up to date on the topics and current events that matter to your business.
What’s your strategy for uncovering intelligence that can give you an edge in the market? We’ve all experienced the transformative power of data and algorithms when using Google, streaming...
In 2021, a McKinsey survey revealed that 80% of organizations were prioritizing new business building to better adapt to disruption and shifts in demand. Market intelligence metrics play a crucial role...
For businesses in the nonprofit industry that rely on donor funding, one of the biggest hurdles can be finding donors in the first place. While your institution may have a set group of reliable givers...
In the three years since the corporate world shifted to a remote-forward work culture, employees have been able to see into the lives of their coworkers. With video conferencing, people can view someone’s...
Creating a Workflow process is one of the best ways businesses can keep up with the changing landscape of office life. Workflows are being implemented across industries for good reason; according to a...
Global companies have been fined hundreds of millions of dollars for alleged compliance breaches in the last year. Whether the allegations against them related to bribery and corruption or breaches of new human rights due diligence legislation, a recurring theme in many cases was the involvement of third parties.
In this blog, we dive deeper into four of those cases and offer clear lessons that companies can learn to improve their third-party due diligence–with help from LexisNexis.
Managing risk should be a priority for any company in the modern world of business characterized by interconnections and globalized supply chains. Companies are generally able to control their own activities to ensure they comply with regulatory requirements and ethical expectations.
However, they have less control--and more risk exposure--over the activities of their third parties, suppliers, and subsidiaries. These risks are reflected in the frequency with which third parties were cited in the regulators’ explanations of recent enforcement actions against companies.
In the next sections, we’ll look at four specific incidents of enforcement actions and lessons from each instance.
A chemicals firm was fined $218 million by US regulators in September 2023 over its alleged use of third parties to bribe government officials in Vietnam, Indonesia, and India. This violated the US Foreign Corrupt Practices Act (FCPA), which prohibits foreign bribery. At the announcement of the settlement, the US Attorney warned other firms: “Corruption has no borders, but neither does justice. Companies are expected to adhere to the same ethical and legal standards whether they are doing business on US soil or overseas.”
The lesson from this fine is that firms need to carry out due diligence on all third parties to determine their risk of bribery and corruption. They should employ a risk-based model which applies enhanced due diligence to third parties in countries or industries with a greater perceived risk of corruption.
In this case, the firm in question also received leniency from the regulator because they identified and self-reported the activity, which is further incentive for companies to put in place effective third-party monitoring.
MORE: Due diligence checklist: A step-by-step guide to managing third-party risk and corruption
In March 2023, a multinational telecommunications company based in Sweden pleaded guilty to breaching the anti-bribery provisions of the FCPA and was fined $206 million. This came after it allegedly failed to meet the conditions of a previous Deferred Prosecution Agreement over alleged bribery of government officials and falsification of records in China, Vietnam, Indonesia, Kuwait, and Djibouti. The regulator singled out the use of third parties to allegedly facilitate bribery payments and hold “slush funds”.
This fine offers several takeaways for compliance officers. One is that Politically Exposed Persons (PEPs) such as government officials can raise the risk of bribery and corruption, so checks should be done against lists of PEPs to identify any connections to third parties.
This case also showed that regulators will come down especially hard on companies which have been warned in the past, as this firm was already under a Deferred Prosecution Agreement. A company’s senior management should set clear expectations to employees and third parties about conducting business ethically and in line with all relevant regulations.
MORE: Stop the risk: Asking the right questions for complete due diligence
A UK tobacco firm agreed to pay more than $635 million in April 2023 after its subsidiary in Singapore admitted to violating US sanctions by selling products to North Korea. The US has previously imposed economic sanctions against North Korea to ensure companies are not indirectly supporting its nuclear and ballistic missile activities.
This fine reflects the growing risk firms face from economic sanctions. Sanctions are constantly being imposed, and lifted, by national authorities like the US and Russia, and supranational bodies like the United Nations and the European Union. Firms need to screen all third parties and subsidiaries against sanctions lists to ensure they are not inadvertently in breach, or face severe penalties. Regulators also expect them to refresh this monitoring on an ongoing basis to capture any future changes.
MORE: 9 steps to prevent costly sanction breaches
One of the first cases under Germany’s Supply Chain Due Diligence Act was brought against several major car companies in mid-2023. It was alleged that forced labor was involved further down the supply chain in the production of their vehicles in Xinjiang, China. These are only allegations at the time of writing, and no fines or convictions have followed.
A key trend in global legislation and regulations has been to mandate companies to carry out human rights and environmental due diligence on their third parties and suppliers. It often takes a few years for enforcement actions to follow the introduction of new regulations, so it is significant to see cases already being brought only six months after Germany’s legislation came into force.
The lesson for companies is that it is no longer enough to carry out due diligence on third parties for legal and financial risks, but they must also understand their third parties’ ESG records.
MORE: Global spread of human rights due diligence continues with Japanese initiative
It should be clear by now that, if companies fail to identify and manage third-party risk appropriately, they will face legal and financial penalties–not to mention reputational damage and strategic risks of interruptions to their operations. It is therefore critical that companies embed a due diligence process that captures all relevant risks posed by current and prospective third parties, to allow management to decide whether or not to proceed with each third-party relationship.
Technological tools can make this process more efficient and effective than requiring compliance officers to spend vast amounts of time undertaking manual searches. Solutions like Nexis Diligence+™ allow companies to upload spreadsheets of their third parties, then provide risk scores based on a search of our comprehensive data sources. These include:
Looking for more tips on how to implement an effective due diligence operation to identify and manage third party risks? Our E-Book identifies the ten main trends companies need to understand and respond to. Download it for free today.