An article in the September, 2011 issue of Compliance Week, entitled, "How
Tyco Turned Around Third-Party Risk Program" by author Karen Kroll,
reported on the program initiated and developed by Tyco International, assisted
by Navigant Consulting, to enable Tyco to develop and initiate a "comprehensive
program to gain a better control over the activities of third parties." This
task seemed particularly daunting as Tyco initially identified over 66,000+ third
party vendors and this group needed to be risk assessed to determine the high
risk third parties which could be handled in the first pass.
Key First Step
Interestingly a key first step in the process was that
Tyco set up a specific project team in the company to handle the task. This is
different to such assignments in a Compliance or Legal Department where a
project is added to an employee's existing portfolio of assignments. The Chief
Compliance Counsel, Matthew Tanzer made the decision to assign a "small group
of dedicated employees to the job". Scott Moritz,
Managing Director of Navigant, who
worked with Tyco on the project, said this was an important early decision and
was quoted as saying "You need to develop bench strength to deal with this, and
staffing that's proportional to the third party population."
The Seven Steps
Tyco developed a process to identify, risk assess,
contract with and then compliance train its third parties in this project. Tyco
distilled this process into the following seven steps.
The Tyco Seven Step Process does end at training. Tyco
continues to manage these risks through an ongoing monitoring program which
they developed in the course of this exercise. This monitoring includes both
substantive compliance and transactional monitoring. Both of these monitoring
systems can be reviewed by a committee or group dedicated to ongoing management
of third parties within Tyco.
The task of getting a handle
on your company's third parties may often seem daunting. However, the Tyco
Seven Step Process provides an excellent framework for the compliance
professional to develop a program for his/her company. I recommend the article
for your review and the program for your consideration.
If you are going to be in
Houston on December 7, myself, Mike Volkov and the Bribery Act guys, Richard
Kovalevsky QC and Barry Vitou will be making their only US appearance this
year. Mike and I will review some of the more significant enforcement matters
of 2011 and discussion lessons which may be drawn from them. Richard and Barry
will discuss the Bribery Act. Best of all the event is free and CLE will be
provided. Event details and registration are found at http://events.r20.constantcontact.com/register/event?llr=myqi4pcab&oeidk=a07e55t5re06e78f1e3.
I hope you can make it!
Visit the FCPA Compliance
and Ethics Blog, hosted by
Thomas Fox, for more commentary on FCPA compliance, indemnities and other forms
of risk management for a worldwide energy practice, tax issues faced by
multi-national US companies, insurance coverage issues and protection of trade
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011
For more information about LexisNexis
products and solutions connect with us through our corporate site.