The DOJ expects an integrated approach that is operationalized throughout the company. This means you must have a process for the full life cycle of third-party risk management. There are five steps in the life cycle of third-party risk management that will fulfill the DOJ requirements as laid out in the 2023 FCPA Resource Guide, 2nd edition, and in the Hallmarks of an Effective Compliance Program. The five steps in the lifecycle of third-party management are:
1. Business Justification by the Business Sponsor.
2. Questionnaire to Third-party.
3. Due Diligence on the Third Party.
4. Compliance Terms and Conditions, including payment terms.
5. Management and Oversight of Third Parties After Contract Signing.
Three key takeaways:
1. Use the full 5-step process for third-party management.
2. Make sure you have business development involvement and buy-in.
3. Operationalize all steps going forward by including business unit representatives.
For more information on Ethico and a free White Paper on top compliance issues in 2024, click here.