Latest Report: The 2022 Gartner® Market Guide for IT Vendor Risk Management Solutions
In my previous post, A Quick Guide to ESG and Risk Management in the Extended Enterprise, I outlined what environmental, social and governance (ESG) is and how it impacts third-party risk management. This post expands on a specific aspect of governance in ESG: anti-bribery and corruption (ABAC).
Organizations today face a tremendous amount of anti-bribery and corruption risk – especially as they conduct business globally. Anti-bribery and corruption laws govern business transactions and prohibit exchanges of value that illegally influence the actions of either party in a transaction. There is a range of laws meant to enforce ABAC measures – from the U.S. Foreign Corrupt Practices Act (FCPA, passed in 1977), to more recent legislation such as the U.K. Bribery Act (2010) and France's Sapin II (2016). In fact, 46 different countries have bribery and corruption laws. These laws address bribery in business transactions, often focusing on the actions of foreign government officials.
Enforcement of ABAC laws is expanding. For instance, 2019 was once a high-water mark for FCPA violations, with the U.S. Department of Justice (DoJ) and Securities and Exchange Commission (SEC) collecting $2.65 billion in penalties. COVID-19 did not slow down law enforcement, with 2020 seeing $2.78 billion in FCPA penalties. In the United Kingdom, the Serious Fraud Office (SFO) is also expanding its enforcement activities. And the European Union’s Directive on Mandatory Human Rights, Environmental, and Good Governance Due Diligence will require significant due diligence for organizations operating in EU countries, with ABAC falling under the Good Governance section.
Bribery and corruption risk has increased because of COVID-19, and risk exposure will likely continue to climb as the pandemic continues to play out in 2021. With constrained supply chains, limited government contracts and permits, and backlogs in customs for import/export, organizations are facing a greater risk of bribery and corruption. For instance, we may see increasing numbers of employees and agents of third parties offer bribes to secure contracts and permits, or to expedite and prioritize shipping and customs. This increased risk exposure requires attentive due diligence of transactions and third-party relationships to ensure that the organization is not implicated in bribery or corruption charges.
Third-party relationships are one of the most significant bribery and corruption risk exposures to organizations. When unpacking FCPA bribery and corruption enforcement actions, Stanford Law School discovered that over 90% of incidents involve a third-party intermediary. All third parties who act as agents of a company – such as distributors, sales representatives, brokers, consultants, freight forwarders, lobbyists – can expose the organization to liability for bribery and corruption. In fact, a company can be held liable for the actions of its third parties, even if the company claims to have no knowledge of an incident. Often, all that is needed for an indictment is a "high probability" of bribery or evidence that a company was "willfully blind" to a third party’s corruption on their behalf.
Managing ESG Risks Across the Extended Enterprise
This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.
An effective governance program can help your organization address its third-party bribery and corruption risks. Key elements include:
The complexity and risk exposure inherent to an extended enterprise of third-party relationships requires a structured process to ensure that tasks are completed, that risk is evaluated, and that nothing slips through the cracks. Organizations face increased risk exposure if they rely on manual processes encumbered by spreadsheets and emails to manage this process. One way to minimize the risk of bribery and corruption risk in third-party relationships and develop a defensible compliance program is to implement a third-party risk management solution with that can automate, manage and audit the entire ABAC assessment and monitoring process.
If vendor threats and regulations are leaving your team feeling overwhelmed, then consider these benefits of...
Follow these 7 steps for more secure and efficient offboarding when third-party relationships are terminated.
Learn strategies for mitigating risks stemming from cyberattacks against your IT vendors.