The 2021 Gartner Magic Quadrant for IT VRM Tools is now available! Get your complimentary copy here!

Foreign Corrupt Practices Act (FCPA): How to Assess Third-Party Anti-Bribery Practices

Consider these 5 recommendations to simplify and automate third-party ABAC risk assessments under the FCPA.
By:
Scott Lang
,
VP, Product Marketing
June 16, 2021
Share:
Blog fcpa 0621

Originally passed into law in 1977 and amended in 1988 and 1998, the U.S. Foreign Corrupt Practices Act (FCPA) makes it unlawful for U.S. citizens and companies to make payments to foreign government officials to assist in obtaining or retaining business. The law also contains provisions prohibiting foreign representatives from doing the same within the territory of the United States. The FCPA also requires companies whose securities are listed in the U.S. to keep records and maintain internal accounting controls to detect such transactions.

Foreign Corrupt Practices Act Requirements

With fines for violations of up to $5 million and 20 years in prison, and $25 million for companies, it is important to ensure that not only your organization's practices, but also your third-party vendor's and supplier's practices, are compliant with FCPA to avoid business disruptions or reputational damage.

Provisions in the FCPA include:

  • Public companies filing annual documentation with the Securities & Exchange Commission (SEC) attesting to adherence to FCPA provisions
  • Keeping financial records for all in-scope transactions, which are auditable at any time
  • Maintaining internal accounting controls and monitoring to track and prevent potential violations

The problem many organizations face when assessing their third parties’ anti-bribery and corruption (ABAC) policies is that the effort is highly manual and lacks real time insights into legal filings.

5 Recommendations to Assess Third-Party Vendor and Partner Anti-Bribery & Corruption Policies per the FCPA

Assessing third parties doesn’t have to be a manual, spreadsheet-based process. Consider these 5 recommendations to simplify and automate third-party ABAC risk assessments under FCPA.

1. Implement comprehensive supply chain partner pre-screening

Ensure that procurement and sourcing teams have access to intelligence pertaining to all new supply chain partner ABAC practices. This can include centralized assessment results, reputational information, legal actions, country-level corruption perception index (CPI) scores, and sanctions data – enabling procurement to make informed supplier sourcing decisions.

2. Regularly assess your supply chain partners

Leverage an automated solution that hosts assessment questionnaires, raises risks if results don’t line up with expected risk tolerance levels, and offers specific remediation recommendations. Include supporting evidence and ABAC policy documentation with assessment results to simplify audit reporting.

3. Fill gaps between assessments with continuous reputational monitoring

Regular (usually annual) assessments and attestations are essential to documenting third party controls, policies and processes, but they are static and point-in-time. Adding real-time monitoring of the following sources will help to catch potential adverse events and validate the results of risk assessments.

  • Supplier Reputation: Public and private sources of reputational information, including regulatory and legal actions, M&A activity, adverse media, and conflicts of interest.
  • Financials and Investments: Financial performance, turnover, profit and loss, and shareholder funds transparency.
  • Global Sanctions: Screen against the world’s most important sanctions lists (including OFAC, EU, UN, BOE, FBI, BIS, etc.), global enforcement lists, and court filings (such as the FDA, U.S. HHS, UK FSA, SEC and more).
  • Politically Exposed Persons (PEP): Politically exposed person profiles, including families and associates, to identify potential leadership risks.
  • State-Owned Enterprises: A list of government-owned and government-linked enterprises.

4. Know your Nth parties

Your third parties rely on their own suppliers and third parties to deliver goods and services to you and other customers. And you need to respond quickly when adverse events surface in your extended partner ecosystem. That’s why it’s important to identify and visualize relationships between your organization and third, fourth and Nth parties to discover dependencies and risks and avoid reputational hits.

5. Simplify compliance reporting

The fastest, least-complex approach to meeting audit requirements is to automatically map the assessment results discussed in recommendation number 2 to reporting that aligns with FCPA requirements. This can’t be done using spreadsheets and email – you will need a central platform for collecting, assessing, analyzing, and reporting on findings.

Managing ESG Risks Across the Extended Enterprise

This analyst report from GRC 20/20 uncovers best practices for including ESG in your third-party risk management program.

Read Now
Blog managing esg 1021

Next Steps to Foreign Corrupt Practices Act Compliance

The U.S. federal government does not hesitate to file charges against individuals and companies that violate the anti-bribery provisions in the FCPA. Since third parties can often be a weak link, how much visibility does your organization have into your third-party vendor ABAC policies?

Prevalent can help you centralize the management of third parties, define the appropriate assessment methodology, monitor adherence to requirements, and simplify regulatory reporting with our solutions for Foreign Corrupt Practices Act compliance. Get started today by monitoring your top vendors for free or contacting us for a strategy session.

Tags:
Leadership scott lang
Scott Lang
VP, Product Marketing
Scott Lang has 25 years of experience in security, currently guiding the product marketing strategy for Prevalent’s third-party risk management solutions where he is responsible for product content, launches, messaging and enablement. Prior to joining Prevalent, Scott was senior director of product marketing at privileged access management leader BeyondTrust, and before that director of security solution marketing at Dell, formerly Quest Software. He can be reached on Twitter @scottinohio, LinkedIn and Facebook.
  • Ready to get started?
  • Schedule a personalized solution demonstration to see if Prevalent is a fit for you.
  • Request a Demo