The Evaluation, in Prong 10, Third Part Management asks, “What was the business rationale for the use of the third party in question?” This question is one of the most basic tools to operationalize your compliance program and should form the basis of your third-party risk management process.
It is common sense that you should have a business rationale to hire or use a third party. If that third party is in the sales chain of your international business it is important to understand why you need to have that specific third party representing your company. This concept is enshrined in the 2012 FCPA Guidance, which says “companies should have an understanding of the business rationale for including the third party in the transaction. Among other things, the company should understand the role of and need for the third party and ensure that the contract terms specifically describe the services to be performed.”
The Internal Revenue Service (IRS) also considers a business rationale to be an important part of any best practices anti-corruption compliance regime. Clarissa Balmaseda, a special agent in charge of Internal Revenue Service (IRS) criminal investigation, speaking at a presentation, said that the lack of business rationale to be a Red Flag, indeed the IRS views such lack of business rationale as possible indicia of corruption. With the Department of Justice; Securities and Exchange Commission and IRS all noting the importance of a business rationale, it is clear this is something you should use to operationalize your compliance program.
But the business rationale also provides your company the opportunity to help drive compliance into the fabric of your everyday operations. This is done by requiring the employee who prepares the business rationale to be the Business Sponsor of that third party. The Business Sponsor can provide the most direct means of communication to the third party and can be the point of contact for compliance issues.
Tyco International takes this approach in its Seven Step Process for Third Party Qualification. Tyco breaks the first step into two parts, which include:
- Business Sponsor – Initially identify a business sponsor or primary contact for the third party within your company. This requires not only business unit buy-in but business unit accountability for the business relationship and puts the onus on each stakeholder to more fully operationalize this portion of your compliance program.
- Business Rationale – The Business Sponsor should then articulate a commercial reason to initiate or continue to work with the third party. You need to determine how this third party will fit into your company’s value chain and whether they will become a strategic partner or will they be involved in a one-off only transaction?
What should go into your Business Rationale? At the most basic level, you should craft a document, which works for both you as the compliance practitioner and the business folks in your company. There are some basic concepts which include the following. You need the name and contact information for both the Business Sponsor and the proposed third party. You need to inquire into how the Business Sponsor came to know about the third party because it is Red Flag is a customer or government representative points you towards a specific third party. You should inquire into what services the third party will perform for your company, the length of time and compensation rate for the third party. You will also need an explanation of why this specific third party should be used as opposed to an existing or other third party, is such were considered. All this information should be written down and then signed by the Business Sponsor.
Another way to think about this issue is by considering the competence of foreign business partner to provide services to your organization. Such considerations include a review of the qualifications of the third-party candidate for subject matter expertise, the resources to perform the services for which they are being considered and the third party’s expected activities for your company. More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
Remember, the purpose of the Business Rationale is to document the satisfactoriness of the business case to retain a third party. The Business Rationale should be included in the compliance review file assembled on every third party at the time of initial certification and again if the third-party relationship is renewed. As explained by the Tom Fox Mantra for compliance, this means Document Document Document.
Three Key Takeaways
- You should always have a business reason for using a third party which is articulated by the business folks, not compliance.
- A Business Sponsor is the key relationship going forward in operationalizing your compliance program through the life of the third-party relationship with your company.
- Always remember to Document Document Document.
Requiring business unit involvement in the drafting of the business rationale operationalizes compliance.Click to tweet
This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos ABAC Accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.