My grandfather was a comic book collector. He collected
all kinds and types of comics, from super-heroes to the Archie series. One of
the series that he collected that I still think about from time-to-time was
Classics Illustrated. Classics Illustrated was a comic book series featuring
adaptations of literary classics which began publication in 1941 and finished
its first run in 1971, producing 169 issues. I won't divulge how many classic
novels that I read in such fashion as a youngster but I will say that that
group is the only set of magazines and comics that I collected in the 60s of
which I still have a complete set.
There is another illustrated series which may be of more
use to the modern day compliance practitioner which can be found in Compliance
Week Magazine. In the February 2012 edition OCEG President Carole Switzer
continues her series on an illustrated six-part anti-corruption program. In
this issue she focuses on third party due diligence. She begins by noting that
one of the surest ways to develop and strengthen your anti-corruption
compliance program, whether based upon the US Foreign Corrupt Practices Act
(FCPA) or the UK Bribery Act is to discover "what you do not understand about
the third-parties who help you to do business abroad." She explains that if
your company does not "expand its knowledge of activities of your business
partners," the Department of Justice (DOJ) or UK Serious Fraud Office (SFO) may
well do so for you in an enforcement action. Switzer provides a six-step
process with a nifty diagram attached to the article.
To begin you should define your objectives and then
design your process. This should include all forms that you will use including
questionnaires, background checks, references and certifications. You should
also delineate your process to review and clear any Red Flags which may arise
in the process.
This step should begin with a country review to make an
initial determination of risk of corruption. You can use the Transparency
International (TI) Corruption Perceptions Index (CPI) or similar resource.
Determine how you can make real-time checks, whether through a third-party
software provider such as World Compliance or other mechanism for initial due
diligence. You will also need to collect data directly from the proposed third
party business partner in the form of a questionnaire or other document. There
should also be an initial discussion of the "nature, scope and intended
relationship" with the third party.
Under this step, Switzer believes that you should
initially set up categories for your third parties of high, moderate and low.
Based upon which risk category the third party falls into, you can design
specific due diligence. She defined low risk screening as "trusted data source
search and risk screening such as the aforementioned World Compliance";
moderate risk screening as "enhanced evaluation to include in-country public
records...and research into corporate relationships"; high risk screening is
basically a "deep dive assessment" where there is an audit/review of third
party controls and financial records, in-country interviews and investigations
"leveraging local data sources."
Approve/Deny/Approve with Condition
Under this step you should establish business rules and
process triggers to "facilitate control and monitoring throughout the life of
each contract." As the risk level increases you should apply more stringent
controls on the third party. This would also include more intense monitoring of
the relationship on an ongoing basis.
Your company should establish anti-corruption training
for each risk level of third party with which you do business. You should
administer the training, whether live, computer based or webinar, for different
third party audiences "taking cultural issues into consideration and addressing
role-specific needs." You should assess and certify the results of your
training or certify third party awareness through its own training program.
Lastly the "control" portion of this step relates to compliance terms and
conditions, which should be included in any written agreement with your third
Switzer ends her six-point program by noting that you
should "establish monitoring and re-approval requirements for each risk level."
There should be continued contact and monitoring by a combination of business
unit sponsor and trusted outside professionals. There should be mandatory
re-approval at fixed points as well as an action plan to address any red flags
which might arise during the relationship.
I find the OCEG Anti-Corruption Illustrated series to be
a very useful tool to help visualize the compliance process. While not in the
same league as Classics Illustrated they certainly are a useful tool for the
compliance practitioner. I would urge you to visit the OCEG website for their
series and many other useful tools.
Visit the FCPA Compliance and Ethics Blog,
hosted by Thomas Fox, for more commentary on FCPA compliance, indemnities and
other forms of risk management for a worldwide energy practice, tax issues
faced by multi-national US companies, insurance coverage issues and protection
of trade secrets.
This publication contains general information
only and is based on the experiences and research of the author. The author is
not, by means of this publication, rendering business, legal advice, or other
professional advice or services. This publication is not a substitute for such
legal advice or services, nor should it be used as a basis for any decision or
action that may affect your business. Before making any decision or taking any
action that may affect your business, you should consult a qualified legal
advisor. The author, his affiliates, and related entities shall not be
responsible for any loss sustained by any person or entity that relies on this
publication. The Author gives his permission to link, post, distribute, or
reference this article for any lawful purpose, provided attribution is made to
the author. The author can be reached at email@example.com.
© Thomas R. Fox, 2012
more information about LexisNexis products and solutions connect with us
through our corporate site.