Approximately 90 percent of Foreign Corrupt Practices Act (FCPA) enforcement actions involve a third party. That’s according to a recent article in the FCPA blog. The U.S. Department of Justice (DOJ) has taken notice, including an entire section on third-party risk management as part of its updated guidance for evaluating corporate compliance programs.
The DOJ’s firm stance is third-party risk management should be primarily preventative. A solid compliance program in the DOJ’s eyes enables a corporation to detect potential FCPA violations and stop them before they can occur.
Prevention begins during the third-party evaluation and onboarding processes. It continues with ongoing relationship management controls. These controls help quickly raise red flags to head off potential compliance violations or end the third-party relationship entirely.
A third-party risk management technology system can make this a reliable and efficient closed-loop process. The system can be a valuable commercial resource as well. The data it produces can be utilized to reveal and understand market interdependencies, business vulnerabilities, and risk profiles. It can also be used to prevent harm to the reputation and revenue of the company.