Sign up to save your podcasts
Or
Share One Month to a More Effective Compliance Program for 3rd Parties-3rd Party Risk Management Process
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
One Month to a More Effective Compliance Program for 3rd Parties-3rd Party Risk Management Process
As every compliance practitioner is well aware, third parties still present the highest risk under the FCPA. The 2020 Update devotes an entire prong to third-party management. It begins with the following:
Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials. For example, a prosecutor should analyze whether the company has ensured that contract terms with third parties specifically describe the services to be performed, that the third party is performing the work, and that its compensation is commensurate with the work provided in that industry and geographical region. Prosecutors should further assess whether the company engaged in ongoing monitoring of the third-party relationships through updated due diligence, training, audits, and/or annual compliance certifications by the third party.
This specifies that the DOJ expects an integrated approach operationalized throughout the company. This means you must have a process for the full life cycle of third-party risk management. Five steps in the life cycle of third-party risk management will fulfill the DOJ requirements as laid out in the 2020 FCPA Resource Guide and in the Hallmarks of an Effective Compliance Program. The five steps in the lifecycle of third-party management are:
Three key takeaways:
Learn more about your ad choices. Visit megaphone.fm/adchoices
View all episodes
By Thomas Fox
5
11 ratings
As every compliance practitioner is well aware, third parties still present the highest risk under the FCPA. The 2020 Update devotes an entire prong to third-party management. It begins with the following:
Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials. For example, a prosecutor should analyze whether the company has ensured that contract terms with third parties specifically describe the services to be performed, that the third party is performing the work, and that its compensation is commensurate with the work provided in that industry and geographical region. Prosecutors should further assess whether the company engaged in ongoing monitoring of the third-party relationships through updated due diligence, training, audits, and/or annual compliance certifications by the third party.
This specifies that the DOJ expects an integrated approach operationalized throughout the company. This means you must have a process for the full life cycle of third-party risk management. Five steps in the life cycle of third-party risk management will fulfill the DOJ requirements as laid out in the 2020 FCPA Resource Guide and in the Hallmarks of an Effective Compliance Program. The five steps in the lifecycle of third-party management are:
Three key takeaways:
Learn more about your ad choices. Visit megaphone.fm/adchoices