Over the month of April, I will consider the risk management of third parties in an operationalized compliance program. As every compliance practitioner knows, third parties still present the highest risk under the FCPA. You must assess whether the company has a business rationale for needing the third party in the transaction, and the risks posed by third parties, including their reputations and relationships, if any, with foreign government officials. You should ensure that contract terms with third parties specifically describe the services to be performed, the third party performing the work, and that its compensation is commensurate with the work provided in that industry and geographical region.   Finally, you must continuously monitor the third-party relationships through updated due diligence, training, audits, and/or annual compliance certifications by the third party.

In this introduction, I visit with Alexander Cotoia, a Regulatory and Compliance Attorney at the Volkov Law Group, to consider how recent FCPA enforcement actions point towards the use cases for a robust third-party risk management system. In 2022, most FCPA-related enforcement actions involved third parties and required organizations to reprioritize third-party risk management. In this episode, we consider case studies involving ABB Limited, GOL Airlines, and Oracle, demonstrating the importance of understanding bribery and corruption schemes, making voluntary disclosures, and reassessing third-party risk management.

3 Key Takeaways:

1. How can organizations reprioritize third-party risk management as a core compliance function?

2. How can organizations avoid FCPA violations and maximize cooperation credit?

3. How can organizations effectively assess the risks posed by potential business partners?

Check out The Compliance Handbook, 3rd edition, here.