Continuous improvement can take many ways, shapes and forms. Typically, when it comes to third-party risks, a Chief Compliance Officer (CCO) or compliance professional will consider the ownership structure to see if there is any involvement by a government official or employee of a state-owned enterprise, or a close friend or family member. There may also be inquiry into knowledge of anti-corruption legal regimes such as the Foreign Corrupt Practices (FCPA) and compliance programs. Other information about criminal and legal history and references, both professional and commercial, may also be required. Hopefully these indicia are reviewed and updated on a regular basis.
One thing that is most generally not considered is the financial health of the third party. It turns out such an oversight may have some significantly ramifications for an accurate picture of a third party. The financial health of third parties as not only a key metric but also a key due diligence tool which allows a more robust assessment prior to contract signing and in managing the relationship after the contract has been signed.
A third party which is in a weakened financial position can come back to damage your business in a variety of ways. Obviously, a company which is under financial strain is more susceptible to cutting corners to obtain business. You can almost begin to see the fraud triangle forming at this point and a rationalization for committing a FCPA violation forming in the mind of a third party.
But it is more than simply being open to potentially illegal conduct such as violating the FCPA to get business. James Gellert, CEO of RapidRatings has noted, “Cyber security is, obviously, a hot topic for everybody. A company that, at the beginning of a working relationship, maybe onboarding or the due diligence procurement event, one may do a series of checks from a compliance and info security perspective and that company looks fine, it gets green lit and it comes on board as a supplier. Over time, if that company is weakening in its financial condition, the chances are likely that they are going to begin under-investing in maintaining the quality of their cyber security program. In a case like that, over time, a company partner of that firm is taking increased risks for cyber security breach, because that company is weakening but because they’re not managing the financial condition of it on an ongoing basis, they’ve missed a leading indicator of that cyber security problem and when that problem actually hits, it’s too late, it’s effecting revenue, it’s effecting reputation, it’s effecting all sorts of things.”
A database of financial health is important because “traditional risk management has focused more on protecting downside risk and detecting downside risk is being able to understand where a company or a partner exists on a spectrum of risks that can be from poor to really good, and that means a user of our data is in a position to be able to do more than just protect from a company’s failing for one reason or another, but be able to align with the strongest partners and that creates resiliency and a third party ecosystem”.
This is considering your third parties in much broader manner which allows a more robust assessment of their strengths and weaknesses. The financial health of a third party may tell you how well that third party will perform. Such information can be useful to you for business planning, particularly around strategic risk. Understanding the financial viability of third parties, be they traditional vendors, business partners, or even fourth parties, can help you meet your compliance requirements, maintain operational stability, through the avoidance of business disruption and support business continuity initiatives. Even better, you can cut through siloes to develop risk management strategies across multiple business functions.
This moves compliance into the business process cycle, creates greater efficiencies and at the end of the day, more profitability. This type of approach allows the compliance function to demonstrate solid return on investment going forward. It also allows compliance to cut through many corporate siloes including such disciplines as business development, supply chain or procurement, manufacturing and finance.
Continuous improvement through monitoring of ongoing financial health is a tool where technological solutions can have an impact. Understanding the financial viability of third parties can help the compliance practitioner meet the Department of Justice (DOJ) requirement to more fully operationalize a compliance program. It can also lead to more and better operational stability and with that ever-sought increase in corporate profitability. As compliance moves into the business process, this type of review should become part of your compliance toolkit going forward.
Three Key Takeaways
- What is the financial health of your third-parties? Do you even know?
- Poor financial results can open a company to engaging in risky behavior.
- Financial health monitoring can be used as continuous improvement.
For more information on how an independent monitor can help improve your company’s ethics and compliance program, visit this month’s sponsor Affiliated Monitors at http://www.affiliatedmonitors.com/.