Continuous improvement can take many ways, shapes and forms. Typically, when it comes to third-party risks, a Chief Compliance Officer (CCO) or compliance professional will consider the ownership structure to see if there is any involvement by a government official or employee of a state-owned enterprise, or a close friend or family member. There may also be inquiry into knowledge of anti-corruption legal regimes such as the Foreign Corrupt Practices Act (FCPA) and compliance programs. Other information about criminal and legal history and references, both professional and commercial, may also be required. Hopefully these indicia are reviewed and updated on a regular basis. In this current economic environment, this information is even more critical.
One thing that is most generally not considered is the financial health of the third-party. It turns out such an oversight may have some significant ramifications for an accurate picture of a third-party. The financial health of third parties is not only a key metric but also a key due diligence tool which allows a more robust assessment prior to contract signing and in managing the relationship after the contract has been signed.
A third-party which is in a weakened financial position can come back to damage your business in a variety of ways. Obviously, a company which is under financial strain is more susceptible to cutting corners to obtain business. You can almost begin to see the fraud triangle forming at this point and a rationalization for committing a FCPA violation forming in the mind of a third-party.
But it is more than simply being open to potentially illegal conduct such as violating the FCPA to get business. James Gellert, Chairman of Rapid Ratings International Inc. has noted, “Cybersecurity is, obviously, a hot topic for everybody. A company that, at the beginning of a working relationship, maybe onboarding or the due diligence procurement event, one may do a series of checks from a compliance and info security perspective and that company looks fine, it gets green lit and it comes on board as a supplier. Over time, if that company is weakening in its financial condition, the chances are likely that they are going to begin under-investing in maintaining the quality of their cybersecurity program. In a case like that, over time, a company partner of that firm is taking increased risks for cybersecurity breach, because that company is weakening but because they’re not managing the financial condition of it on an ongoing basis, they’ve missed a leading indicator of that cybersecurity problem and when that problem actually hits, it’s too late, it’s effecting revenue, it’s effecting reputation, it’s effecting all sorts of things.”
A database of financial health is important because “traditional risk management has focused more on protecting downside risk and detecting downside risk is being able to understand where a company or a partner exists on a spectrum of risks that can be from poor to really good, and that means a user of our data is in a position to be able to do more than just protect from a company’s failing for one reason or another, but be able to align with the strongest partners and that creates resiliency and a third-party ecosystem.”
This is considering your third parties in a much broader manner which allows a more robust assessment of their strengths and weaknesses. The financial health of a third-party may provide indicia of the anticipated compliance performance of the third-party. Such information can be useful for business planning, particularly around strategic risk. Understanding the financial viability of third parties, be they traditional vendors, business partners, or even fourth parties, can help you meet your compliance requirements, maintain operational stability, through the avoidance of business disruption and support business continuity initiatives. Even better, you can cut through siloes to develop risk management strategies across multiple business functions.
This moves compliance into the business process cycle, creates greater efficiencies and at the end of the day, more profitability. This type of approach allows the compliance function to demonstrate solid return on investment (ROI) going forward. It also allows compliance to cut through many corporate siloes including such disciplines as business development, supply chain or procurement, manufacturing and finance.
Continuous improvement through monitoring of ongoing financial health is a tool where technological solutions can have an impact. Understanding the financial viability of third parties can help the compliance practitioner meet the Department of Justice (DOJ) requirement to more fully operationalize a compliance program. It can also lead to more and better operational stability and with that ever-sought increase in corporate profitability. As compliance moves into the business process, this type of review should become part of your compliance toolkit going forward.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2020