Tag: business rationale

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Business Rationale in the 3rd Party Risk Management Process

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

This week, we are reviewing the third-party risk management process. Today, we take up the Business Rationale.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
31 Days to More Effective Compliance Programs

The business rationale


The 2020 Update stated, “Prosecutors should also assess whether the company knows the business rationale for needing the third party in the transaction, and the risks posed by third-party partners, including the third-party partners’ reputations and relationships, if any, with foreign officials.” This standard articulates one of the most basic tools to operationalize your compliance program and should form the basis of your third-party risk management process. Indeed this is viewed as an internal control with the 2020 Update going on to pose the following question, “How does the company ensure there is an appropriate business rationale for the use of third parties?”
Another way to think about this issue is by considering the competence of a foreign business partner to provide services to your organization. Such considerations include a review of the qualifications of the third-party candidate for SME, the resources to perform the services for which they are being considered and the third-party’s expected activities for your company. More detailed inquiries include requiring the relevant business unit which desires to obtain the services of any third-party to provide you with a business rationale including current opportunities in territory, how the candidate was identified and why no currently existing third-party relationships can provide the requested services. Your next inquiry should focus on the terms of the engagement, including the commission rate, the term of the agreement, what territory may be covered by the agreement and if such relationship will be exclusive.
Remember, the purpose of the business rationale is to document the satisfactoriness of the business case to retain a third-party. The business rationale should be included in the compliance review file assembled on every third-party at the time of initial certification and again if the third-party relationship is renewed. This means “Document, Document, and Document”.
Three key takeaways:

  1. You should always have a business reason for using a third-party which is articulated by the business folks, not compliance.
  2. A Relationship Manager is the key going forward in operationalizing your compliance program through the life of the third-party relationship with your company.
  3. Always remember to “Document, Document, and Document”.