Software platforms can provide a lot of efficiencies such as a reduction of time, resources and a more manageable audit trail. Still, software cannot do everything. Subject matter expertise is still essential to building a quality supplier risk management programme.

Combining the right platform with bench strength will lead to better risk analysis and supplier communications.
In this podcast, I visit with Jared Connors, Mrg. of Supply Chain Solutions for the Red Flag Group on the benefits of using a software technology platform combined with bench strength to help build a more effective risk management programme. We discuss:

  • The benefits of a quality technology platform approach
  • Automating processes and increasing the audit trail efficiency
  • The value of subject matter expertise and risk analysis

Jared and I will explore these topics further in a Red Flag Group Webinar on Thursday, October 20 at 10 AM CDT. You can register by clicking here.

China DollI was recently in New York and was able to see the theater production of the new David Mamet play China Doll. It stars Al Pacino and it is probably worth it simply to see Pacino on stage. As you might expect from any Mamet script, it is about rapid-fire language. I was a tad apprehensive when I read the show’s reviews, which said that Pacino could not or had not learned his lines well enough to recite them without the use of a teleprompter and even an earpiece in which he was fed his lines.

I am happy to report that the production works. Although the Opening Night was moved from November 19 to December 4 to continue the previews, it was still a very good show. There were two laptops strategically placed on the set and it did appear that occasionally Pacino would scan the screens to get some lines. A large part of the play occurs while Pacino’s character was on the phone so some lines could have been fed to him in that manner. Finally he did take several pauses but it was never clear to me if he was fumbling a line or it was a dramatic pause.

The saving grace is that it was Pacino. From time-to-time, he was that cool controlled Pacino who graced us as Michael Corleone. More rarely he was Tony (let me introduce you to my little friend) Montanze from Scarface. For either of those moments the play was worth it. If you have the chance to see it, I heartily suggest you check it out.

If you have made it this far in this blog post and want to see the play be prepared for a SPOILER ALERT. If you are not going to see the play, no worries however a significant plot device turns on, of all things, the Foreign Corrupt Practices Act (FCPA). Imagine my utter shock when Pacino’s character was told he would be charged with violating the FCPA because a company in his Supply Chain (SC) had paid a bribe to have Pacino’s financé perform design work on an airplane that Pacino had custom ordered. So, first we had a movie (Syriana), television show (House of Cards) and now a Broadway theater production, which all prominently feature the FCPA as a show element. When art begins to imitate life, it certainly speaks to the ubiquitousness of the issue.

China Doll also reminded me that one of the areas many companies do not focus on is possible corruption in their SC for goods and services provided on a company’s behalf. The FCPA risks can be just as great through those entry points as it can be through the sales side of an organization. You need to know who your company is doing business with through the SC as much as you need to know your agents seeking business opportunities on your behalf.

This determination of the level of due diligence and categorization of a supplier should depend on a variety of factors, including, such factors as whether the supplier is (1) located, or will operate, in a high risk country; (2) associated with, or recommended or required by, a government official or his or her representative; (3) currently under investigation, the subject of criminal charges, or was recently convicted of criminal violations, including any form of corruption; (4) a multinational publicly traded corporation with a recognized exemplary system of compliance and internal controls, that has not been recently investigated or convicted of any corruption offense or that has taken appropriate corrective action to remedy such conduct; or (5) a provider of widely available services and products that are not industry specific, are offered to the public at large and do not fall under the definition of Minimal Risk Supplier, such as wide circulation newspapers, magazines, florists, daily limousine and taxi, airline and food delivery (including coffee shops, pizza parlors and take out) services. You should note that any supplier, which has foreign government touch points, should move up into the high level of scrutiny. 

A High-Risk Supplier is an individual or an entity that is engaged to provide non-project specific goods or services to a company. It presents a higher level of compliance risk because of the presence one or more of the following factors: (a) It is based or operates in a country (including the supply of goods or services to a company) that poses a high risk for corruption, money laundering, or commercial bribery; (b) It supplies goods or services to a company from a high-risk country; (c) It has a reputation in the business community for questionable business practices or ethics; or (d) It has been convicted of, or is alleged to have been involved in, illegal conduct and has failed to undertake effective remedial actions. Finally, it presents one or more of the following factors, in which case the Chief Compliance Officer (CCO) should be consulted for further direction: (1) It is located in a country that has inadequate regulatory oversight of its activities; (2) it is in an unregulated business; (3) Its ultimate or beneficial ownership is difficult to determine; (4) the company has an annual spend of more than $100,000 with the supplier; (5) It was established or registered in a jurisdiction where ownership is not transparent or that permits ownership in the form of bearer shares; (6) It is registered or conducts business in a jurisdiction that does not have anti-corruption, anti-money laundering (AML) and anti-terrorism laws comparable to those of the US and UK; or (7) It lacks a discernable and substantial business history.

A Low-Risk Supplier is an individual or a non-publicly held entity that conducts business such as a sole proprietorship, partnership or privately held corporation, located in a Low-Risk Country. Some indicia include that it (1) supplies goods, equipment or services directly to a company in a Low-Risk Country; (2) a company has an annual spend of less than $1,000,000 with the supplier; and (3) the supplier is not involvement with any foreign government, government entity, or Government Official. However, if the supplier has other indicia of lower risk such that it is a publicly-held company, it may be considered a Low-Risk Supplier because it is subject to the highest disclosure and auditing and reporting standards such as those under the US Securities Exchange Act of 1934, including those publicly traded on a reputable and highly regulated stock exchange, such as the New York or London exchanges, and are, therefore, subject to oversight by highly regarded regulatory agencies.

Below the high and low risk categories I would add two other categories of suppliers that present very low compliance risks. The first is ‘Minimal-Risk Suppliers’ which generally provide to a company goods and services that are non-specific to a particular project and the value of the transaction is USD $25,000 or less. Some examples might be for the routine purchase of fungible items and services, including, among others: Office supplies, such as paper, furniture, computers, copiers, and printers; Industrial or factory supplies, including cleaning materials, solvents, safety clothing and off-the-shelf equipment and parts; Crating and other standard materials for packing products for shipping; Leasing and rental of company cars and other equipment; and Airline or other travel tickets or services. It may also include legal services from professional firms that are approved and overseen by a company’s Legal Department; Investigative services from professional firms that are approved and overseen by a Legal Department and that do not interact with government agencies on behalf of a company; and Accounting and financial services from professional firms that are approved and overseen by a company Finance Department or Audit Committees and that do not interact with government agencies on behalf of a company.

Finally, are the category of third parties that provide widely available services and products, ‘Common Product and Services’, that are not industry specific, are offered to the public at large and do not fall under the definition of Minimal-Risk Supplier. These include, among others, wide circulation newspapers, magazines, florists, daily limousine and taxi, airline and food delivery (including coffee shops, pizza parlors and take out) services. These third parties raise even less than Minimal Risk to a company, especially when their services and products are provided in a non-high risk country. Suppliers in this category require no FCPA due diligence.

In China Doll, Pacino’s character bemoans that not only did he not authorize any bribe payments made to facilitate the construction and delivery of his airplane but that he did not even know bribes were paid to help construct his product. As a political fixer, he should have been better versed in the law and acted accordingly. For the rest of us, you need to risk rank your third parties which your company might engage through your SC for FCPA exposure.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at

© Thomas R. Fox, 2015