Tag: Third parties

Categories
Blog

The Hobson FCPA Trial: Commissions, Coded Cash, and the Compliance Risk Indicators

The Foreign Corrupt Practices Act (FCPA) trial of a former coal company executive offers a real-time reminder that FCPA cases are rarely about a single payment. They are about systems;  how third parties are engaged, how commissions are justified, how money moves, and how people communicate when they think no one is watching. The trial of former Corsa Coal executive Charles Hunter Hobson has featured opening statements from both sides, testimony from a cooperating former colleague, testimony from an FBI agent who reviewed messages and bank records, and expert testimony on the status of the foreign counterparty and the legality of bribery under Egyptian law.

Prosecutors have advanced a bribery theory based on inflated commissions paid to a sales agent, with kickbacks allegedly returning to the executive. Defense counsel has argued a lack of knowledge, a lack of control over the agent’s downstream conduct, and challenges around whether the foreign buyer qualifies as a state-owned enterprise for FCPA purposes. At this point, the defense has not presented its Case-in-Chief, so it is unknown if the defendant will testify. The value for compliance professionals lies in seeing how ordinary-seeming commercial mechanics are translated into an FCPA narrative before a jury.

The Prosecution Narrative: High Commissions, Bribes to “the Team,” and Business Won

In opening arguments, prosecutors told jurors that the company’s Egypt-based agent received higher-than-normal commissions and used a portion of those payments to bribe officials connected to the buyer, Al Nasr, in exchange for coal purchase contracts valued at roughly $143 million. Prosecutors further alleged that the agent paid $4.8 million to individuals described as government employees or employees of a state-owned business, and that the executive received approximately $200,000 in kickbacks.

In the government’s telling, this was not incidental. It was purposeful: pay the agent more than market, allow the agent to distribute those funds to secure business, and then share the proceeds back to the executive. The business obtained through the relationship and the revenue tied to those contracts form the “benefit” side of the alleged corruption equation. The alleged bribe payments and kickbacks form the “means.”

For compliance professionals, the risk indicator is not merely “third party in a high-risk market.” It is the combination of (1) pricing and award dynamics, (2) commission pressure, (3) coded communications, and (4) money movement patterns that appear designed to avoid normal transparency.

The Defense Narrative: No Direction to Bribe, No Control After Payment, and Disputed Knowledge

The defense has pressed a different story: that the executive did not hire the broker, did not personally pay him, and did not direct bribery; that once commissions were paid, the company did not control what the agent did with his earnings; and that the executive did not know or believe the buyer was government-affiliated at the relevant time.

Defense counsel also highlighted practical gaps a jury may notice: the absence of testimony from the foreign agent and foreign officials, and the difficulty of proving what happened abroad when the investigation is largely built on U.S.-available records. This posture is familiar in many FCPA matters: the defense seeks to separate commission payments from corrupt intent and to isolate the alleged misconduct to a third party’s independent actions.

The risk indicator here is the argument itself: organizations routinely assume that once a third party is paid, the risk transfers. However, that is not true in compliance or under the FCPA. Most certainly, such a willful blindness approach will not sit well with the DOJ when there is evidence suggesting knowledge, willful blindness, or coded coordination.

Third-Party Risk: Onboarding, Commission Benchmarking, and Relationship Ownership

Across the testimony elicited to date, the third-party storyline turns on three governance pressure points: how the agent was onboarded, how commission levels were justified, and who “owned” the relationship operationally. A cooperating former colleague of the defendant testified that the commissions were unusually high compared to industry norms and described communications he interpreted as references to individuals who needed to be “taken care of,” including discussions about keeping commissions high to support pricing and approvals. That is the heart of third-party compliance risk: when the commission structure becomes the economic channel through which influence is allegedly purchased, the company’s controls on justification, approvals, and monitoring become central to how the story is told to a jury.

State-Owned Enterprise and Egyptian Law: Why It Matters and What the Jury Heard

A key FCPA element is whether the recipients are “foreign officials,” which can include employees of state-owned enterprises. The DOJ presented expert testimony that the buyer was a public entity under Egyptian law and that bribery involving public officials is illegal under the Egyptian Penal Code. The defense challenged the expert’s treatment of Egyptian corporate structure and attempted to undermine the legal framing by citing academic discussions of corruption as socially prevalent, an approach the court rejected while allowing limited exploration of the distinction between written law and real-world practice. For compliance professionals, the risk indicator is straightforward. If your counterparty’s status as state-owned is ambiguous, you must assume that ambiguity will be litigated, and prosecutors will use foreign-law testimony to make the entity’s status legible to a U.S. jury.

The Money Trail: How the Government Says Funds Moved and Why It Matters

The most operationally revealing testimony described in coverage to date comes from the FBI agent who reviewed communications and financial records. The government presented a picture of commerce and payments operating in parallel:

  1. Commercial negotiation and commission splitting. Messages allegedly mixed coal pricing discussions with references to commission allocations associated with initials that the agent said corresponded to individuals at the foreign buyer and to the two principals themselves. The government’s point was not merely that commissions were paid; it was that commissions were structured and discussed in a manner consistent with the intended distribution.
  2. Coded references to cash and timing pressure. The phrase “Mr. Yen” was presented as a coded term for money, with messages allegedly asking for “Mr. Yen” by a certain day and asking whether it would be in U.S. dollars. In the government’s narrative, the coding supports consciousness of wrongdoing and intent to conceal.
  3. Use of informal transfer mechanisms and offshore touchpoints. Testimony referenced Western Union transfer records and a Dubai-based company, with messages and timing tied to travel and financial activity. The government described the executive receiving money through these channels, including activity linked to a Dubai entity and subsequent movement of funds to a U.S. entity sharing the executive’s address.
  4. Invoice construction to facilitate payment. The jury heard about exchanges in which an invoice was drafted for a substantial payment (described as $150,000), including efforts to create documentation, such as a business seal, and then a wire to the Dubai entity, followed by the transfer of a large portion of the funds.

The compliance relevance of this money trail is not that every company has Dubai entities or international wires. The relevance is that prosecutors can take a set of operational steps that may be individually explainable and argue that, taken together, they show an intent to route funds in ways that obscure purpose and beneficiaries. In a trial context, the story is built from the alignment of sequencing, communications, and financial records.

Conclusion

The Hobson trial, at this point, is a live demonstration of how an FCPA case can be built from a combination of commission economics, business obtained, communications, and money movement. Prosecutors say inflated commissions funded bribes and that kickbacks flowed back to the executive; the defense says the executive did not direct bribery, did not control the agent’s conduct after payment, and did not know the buyer’s alleged government affiliation at the time.

For the readers of this Blog, the value is not in sensational details. The value is in the compliance risk indicators that a jury is now being asked to interpret: what was said, what was paid, how it was routed, and what business it helped secure. That is the terrain where compliance programs either demonstrate discipline or discover, far too late, that “commissions” can become the government’s favorite word for “bribery.”

Resources

All Law360 articles written by Matthew Santoni. Unfortunately, a subscription is required to access the articles.

Coal Exec Used ‘Mr… Yen’ To Talk Kickbacks, FBI Testifies

Egypt’s ‘Social Law’ Doesn’t Endorse Bribery, Jury Told

Coal Exec’s Co-Worker Says Emails Hinted At Egypt Bribes

Coal Exec Knew Egyptian Broker Paid Bribes, Jury Told

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 20 – Third Party Risk Management Process

Welcome to 31 Days to a More Effective Compliance Program. Over this 31-day series in January 2026, Tom Fox will post a key component of a best-practice compliance program each day. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, with three key takeaways that you can implement at little or no cost to help update your compliance program. I hope you will join each day in January for this exploration of best practices in compliance. In today’s Day 20 episode, we delve into third-party risk management, a crucial aspect of corporate compliance under the FCPA.

Key highlights:

  • Introduction to Third-Party Risk Management
  • The Five Steps of Third-Party Risk Management
  • Key Takeaways

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 6th edition, by clicking here.

Categories
FCPA Compliance Report

FCPA Compliance Report – Virna Di Palma on The Evolution of Third-Party Risk Management and the Role of AI

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom Fox welcomes Virna di Palma, Head of Global Content and Brand at Ethixbase360.

Virna offers insights into her extensive background in third-party risk management, with a focus on FCPA compliance and the evolution of due diligence. They discuss the ongoing importance of third-party risk management, recent shifts in FCPA enforcement, and the growing impact of new regulations on corporate compliance. Virna highlights the transformative role of automation and AI in enhancing compliance programs while emphasizing the need for human analysis. The conversation also addresses emerging issues, such as modern slavery and sustainability, and explores how organizations can optimize investments in risk management to drive business growth and resilience.

Key highlights:

  • Importance of Third-Party Risk Management
  • Impact of FCPA Enforcement Pause
  • Technological Advancements in Compliance
  • Human Rights and Modern Slavery
  • Future of Third-Party Risk Management

Resources:

Virna Di Palma on LinkedIn

Ethixbase360

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Blog

Third-Party Due Diligence: Five Lessons from Star Trek’s The Mark of Gideon

In the modern compliance landscape, third-party due diligence is not optional but essential. Regulators from the DOJ to the SFO have made it clear: if your business partner is involved in misconduct, you are on the hook if you did not take reasonable steps to know who you were dealing with.

Few pop culture moments capture the risks of blind engagement as vividly as Star Trek: The Original Series’ “The Mark of Gideon.” In this episode, Captain Kirk beams down to what he believes is the planet Gideon for diplomatic talks—only to find himself aboard what appears to be an empty Enterprise. What follows is a masterclass in the dangers of walking into a deal without verifying the facts. For compliance professionals, Gideon’s deception is the perfect allegory for the hazards of onboarding a third party without a thorough vetting process. Let’s break down five key lessons.

Lesson 1: Verify the True Identity of Your Counterparty

Illustrated By: When Kirk believes he is beamed down to Gideon, he is actually inside a replica of the Enterprise. The Gideonites have created this fake environment to isolate him for their purposes.

Compliance Lesson. If you do not confirm the true identity of a third party, you may find yourself dealing with a façade. Shell companies, undisclosed beneficial owners, and entities with misleading corporate registrations are the corporate world’s “empty Enterprise.”Always confirm a third party’s corporate existence and ownership through independent sources. This means checking official registries, using reliable due diligence databases, and, when needed, engaging investigative firms to trace beneficial ownership. Without these checks, you risk contracting with a front for illicit activity.

Lesson 2: Understand the Real Motives Behind the Partnership

Illustrated By: The Gideonites’ true purpose is not peaceful diplomacy; instead, they want to infect their overpopulated planet with a deadly virus carried by Kirk. They present their plan as a noble solution to their problem, but it’s built on deception and exploitation.

Compliance Lesson. Third parties sometimes have agendas that differ sharply from what they present. They may seek access to your brand to legitimize questionable practices, gain entry to restricted markets, or launder illicit funds. Beyond standard questionnaires, compliance teams should assess the commercial rationale for the relationship. Why do they want to work with you? Who else do they do business with? Are their financials consistent with the scale of the deal? If their motives don’t align with your values and compliance commitments, that is a red flag.

Lesson 3: Never Rely Solely on What the Other Party Tells You

Illustrated By: Kirk repeatedly asks the Gideonites to explain what is happening, but their answers are vague, evasive, and occasionally contradictory. They hope his lack of information will keep him compliant long enough to serve their plan.

Compliance Lesson. Self-reported information from a potential third party should be viewed as one data point, not the whole picture. Misrepresentations are common, whether deliberate or due to internal ignorance. Cross-verify all claims with independent checks, customer references, industry reputation research, litigation and sanctions screening, and on-site visits when possible. If the only source for a claim is the counterparty itself, your risk exposure rises dramatically.

Lesson 4: Assess the Operating Environment Before Engagement

Illustrated By: The Gideonites hide the actual conditions on their planet. Kirk learns later that Gideon is overcrowded to the point of people standing shoulder-to-shoulder, unable to move freely. Had this been disclosed, he would have understood the real risks before arriving.

Compliance Lesson. A third party’s operating environment, political stability, corruption levels, and regulatory enforcement directly affect your compliance risk. Entering into a business relationship without assessing this environment is akin to beaming down blind. Incorporate country risk analysis into your process. Use resources like Transparency International’s Corruption Perceptions Index, U.S. State Department human rights reports, and local legal counsel. An otherwise legitimate partner in a high-risk jurisdiction requires enhanced due diligence and monitoring.

Lesson 5: Build Exit Strategies Into the Relationship

Illustrated By: Once Kirk understands the Gideonites’ true intentions, he must escape the replica Enterprise to stop their plan. Without a clear route back to his crew, he risks being trapped indefinitely.

Compliance Lesson. Some third-party relationships turn sour despite your best due diligence efforts. Whether due to leadership changes, shifts in political conditions, or the surfacing of previously hidden misconduct, you need a plan to disengage without disrupting your operations. Include termination clauses tied to compliance breaches in your contracts. Maintain operational flexibility so you can pivot to alternate suppliers or partners if needed. Regularly re-screen third parties to ensure ongoing compliance, not just a one-time check at onboarding.

Final ComplianceLog Reflections

In The Mark of Gideon, the Enterprise crew’s lack of verified intelligence before Kirk’s “beam down” mirrors what happens when companies rush into a third-party relationship to seize a perceived opportunity. The Gideonites knew how to manipulate the Federation’s diplomatic eagerness. Likewise, unscrupulous partners today exploit companies’ urgency to enter new markets or secure rare supply chains.

The lesson? Due diligence is not a delay; it is a safeguard. The few extra weeks spent vetting a partner can prevent years of litigation, regulatory penalties, and reputational damage.

The Mark of Gideon” is not just a quirky Star Trek morality tale. It is a warning for every compliance professional. Without thorough third-party due diligence, you risk waking up in a corporate “replica Enterprise,” surrounded by partners whose true motives only become clear when it’s too late.

Your job as a compliance officer is to ensure the company doesn’t act blindly. By verifying identities, probing motives, cross-checking information, assessing environments, and building exit strategies, you safeguard your organization’s reputation and operational integrity. In short: trust, but verify, especially when the other side is as smooth-talking as the people of Gideon.

Resources:

⁠⁠Excruciatingly Detailed Plot Summary by Eric W. Weisstein⁠⁠

⁠⁠MissionLogPodcast.com⁠⁠

⁠⁠Memory Alpha

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Internal Controls for Third Parties

Welcome to “Compliance Tip of the Day,” the podcast that brings you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, our goal is to provide you with bite-sized, actionable tips to help you stay ahead in your compliance efforts. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

How to make specific internal controls for 3rd parties.

For more information on this topic, refer to The Compliance Handbook: A Guide to Operationalizing Your Compliance Program, 6th edition, recently released by LexisNexis. It is available here.

Categories
Upping Your Game

Upping Your Game – Harnessing AI to Revolutionize Third-Party Risk Management

In February, the Trump Administration suspended investigations under and enforcement of the FCPA. Many compliance professionals have since wondered what this will mean for corporate compliance programs going forward. Hui Chen challenged compliance professionals with the statement, “It’s time to up your game.”

This podcast series, sponsored by Ethico and co-hosted by Ethico co-CEO Nick Gallo, aims to meet Hui Chen’s challenge for compliance professionals. We will discuss how compliance professionals can ‘Up Their Game’ by utilizing currently existing Generative AI (GenAI) tools to significantly enhance their compliance programs. As compliance professionals, it is crucial to recognize that this moment is not merely about incremental improvements but about elevating our profession to an entirely new level of effectiveness, efficiency, and organizational value.

In this episode, Tom and Nick delve into the transformative potential of AI in mitigating third-party compliance risks. They discuss the inherent limitations of traditional compliance methods, which are often reactive and manual. The conversation highlights how AI can streamline processes, minimize false positives, and boost efficiency by offering real-time monitoring and data analysis. They also highlight the broader business value of AI, which can expedite onboarding, enhance risk identification, and ultimately drive greater return on investment (ROI). They conclude that the importance of investing in AI training for compliance teams lies in staying ahead of the curve and maximizing the benefits of these emerging technologies.

Key highlights:

  • Challenges in Third-Party Risk Management
  • AI as a Game Changer
  • Types of Third-Party Risks
  • Business Value of AI in Compliance
  • Innovations and Tools in AI
  • Practical Applications and Examples

Resources:

Upping Your Game-How Compliance and Risk Management Move to 2030 and Beyond on Amazon.com

Nick Gallo on LinkedIn

Ethico

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day – Terminating Third Parties

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements. Whether you’re a seasoned compliance professional or just starting your journey, we aim to provide bite-sized, actionable tips to help you stay on top of your compliance game. Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law. Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Why you should plan for 3rd-party termination and how to do so.

For more on this topic, check out The Compliance Handbook, a Guide to Operationalizing Your Compliance Program, 6th Edition, which LexisNexis recently released. It is available here.

Categories
31 Days to More Effective Compliance Programs

31 Days to a More Effective Compliance Program: Day 20 – Third-Party Risk Management Process

Welcome to a special podcast series on the Compliance Podcast Network, 31 Days to a More Effective Compliance Program. Over these 31 days of the series in January 2025, Tom Fox will post a key part of a best practices compliance program daily. By the end of January, you will have enough information to create, design, or enhance a compliance program. Each podcast will be short, at 6-8 minutes, and will include three key takeaways you can implement at little or no cost to help update your compliance program. I hope you will join us each day in January for this exploration of best practices in compliance.

On Day 20, we delve into the third-party risk management process, a crucial aspect of corporate compliance under the FCPA. Third parties continue to pose the highest risk, necessitating an integrated and operational approach throughout the company. The episode outlines the five essential steps in the third-party risk management life cycle, as mandated by the DOJ in the 2020 FCPA Resource Guide. These steps include business justification, third-party questionnaires, due diligence, compliance terms and conditions, and post-contract management and oversight. Each step is explored in detail, emphasizing the importance of documenting business cases, performing thorough due diligence, and maintaining diligent oversight to mitigate potential FCPA violations. Key takeaways include the necessity of using the full five-step process, involving business development and ensuring all steps are operationalized with business unit representatives. Join us tomorrow for Day 21 to discuss managing your third parties.

Key highlights:

  • Introduction to Third Party Risk Management
  • The Five Steps of Third-Party Risk Management
  • Key Takeaways

Resources:

Listeners to this podcast can receive a 20% discount on The Compliance Handbook, 5th edition, by clicking here.

Categories
Blog

AI in Compliance: Part 2, Leveraging AI for Third-Party Risk Management

We continue our week-long look at the use of AI in compliance. Today, we consider third parties. Third-party relationships remain one of the most significant areas of risk for corporate compliance programs. From supply chain partners to distributors and everything in between, third parties act as the face of your organization in many jurisdictions, making their actions, and any misconduct, your problem. To mitigate these risks, companies traditionally relied on periodic due diligence and reactive responses. But in today’s fast-moving and increasingly interconnected world, such approaches fall short.

This is where artificial intelligence (AI) can revolutionize third-party risk management. With AI tools, compliance teams can shift from static, checklist-driven processes to dynamic, continuous monitoring systems. In this post, we’ll explore how AI enhances third-party risk management by screening, monitoring, and evaluating third parties in real time and how it helps meet the DOJ’s 2024 Evaluation of Corporate Compliance Programs (2024 ECCP) expectations for robust, data-driven compliance practices.

The DOJ’s 2024 ECCP places a strong emphasis on using data analytics and continuous monitoring to strengthen compliance programs. These expectations are included with the requirements of a proactive risk management and data-driven compliance. AI allows compliance teams to manage a large volume of third-party relationships efficiently and effectively. To fully align with DOJ expectations, companies should document their use of AI tools, including how they support risk assessments and monitoring activities. Regular audits of AI systems can ensure they remain effective and compliant with legal standards.

AI: The Compliance Professional’s New Ally

The compliance risks tied to third parties are well-documented:  bribery and corruption, reputational damage, and legal and regulatory violations. AI excels at handling exactly the complexity of third-party management entails. It can process vast amounts of data from multiple sources, identify patterns, and provide actionable insights in real-time. Let’s break down how AI can be used at each stage of the third-party lifecycle.

  • Initial Screening.

Traditional screening processes rely on questionnaires and public database checks—important but limited in scope. AI-powered tools enhance this step in a variety of ways. By aggregating diverse data sources, AI systems can pull information from public records, news outlets, litigation databases, social media platforms, and proprietary sources. Through the use of natural language processing (NLP) algorithms, you can detect hidden risks through the analysis of news articles, blogs, or social media posts to uncover potential red flags, such as allegations of fraud, regulatory violations, or ethical misconduct. Finally, with scored risk profiles, AI models assess the likelihood of misconduct based on factors such as geographic risk, industry norms, and historical behavior. This risk scoring allows compliance teams to prioritize their efforts.

  • Onboarding Due Diligence

The onboarding phase is critical for setting the tone of the relationship and understanding the potential risks. AI can assist you in a variety of ways. With automated document review, AI tools can process contracts, certifications, and policies submitted by third parties, flagging inconsistencies or missing information. One area that continues to bedevil due diligence is the identification of Beneficial Ownership. By cross-referencing corporate records, AI can reveal ultimate beneficial owners, including individuals who might otherwise remain hidden. Machine learning (ML) models trained on historical compliance data can predict the likelihood of future misconduct, enabling proactive risk mitigation strategies through predictive insights. The bottom line is that by ensuring a thorough onboarding process, AI helps organizations comply with DOJ guidance, which emphasizes the importance of understanding third-party relationships.

  • Continuous Monitoring

A one-time due diligence exercise is no longer sufficient. The 2024 ECCP made clear the need for ongoing monitoring to ensure that third-party relationships remain compliant. AI facilitates this mandate by offering real-time alerts, where AI-driven systems can monitor news feeds, regulatory databases, and other sources 24/7, sending alerts when a third party is implicated in a legal issue, sanctions violation, or reputational scandal. One of the more challenging areas for compliance professionals has in around transaction monitoring. Here, AI can analyze financial transactions involving third parties, flagging anomalies that might indicate fraud or corruption. Finally, in the area of behavioral analytics, AI tools can track changes in a third party’s behavior, such as a sudden increase in high-risk transactions or shifts in geographic focus. These patterns often signal emerging risks. The bottom line is that with continuous monitoring, companies can address potential problems before they escalate into full-blown compliance failures.

  • Periodic Risk Re-Evaluation

AI ensures that risk assessments are dynamic, reflecting changes in the external environment and the third party’s circumstances. As far back as 2020, the DOJ told compliance professionals that risk assessments should be performed with your organization’s risk change, so a periodic risk re-evaluation directly aligns with the DOJ’s expectations. Key AI capabilities in this area include geopolitical risk analysis, using AI to evaluate the impact of geopolitical events, such as sanctions, trade disputes, or political instability, on third-party relationships. Your industry trends are something the DOJ has been talking about for at least 10 years, and AI systems can monitor regulatory developments and industry trends, helping organizations anticipate new compliance risks. Perhaps most excitedly are the customizable risk models you can create with AI. This would allow compliance teams to adjust risk assessment models based on evolving business needs, ensuring that evaluations remain relevant and actionable.

Overcoming Challenges in AI Implementation

While the benefits of AI are clear, implementing these tools effectively requires careful planning and preparation in several areas. First is your data quality. The old adage of GIGO (Garbage In, Garbage Out) has been replaced by BIBO (Best Input, Best Output). Here, AI is only as effective as the data it analyzes. Organizations must invest in robust data governance practices to ensure accuracy, completeness, and consistency.

Transparency is a key issue for compliance in using AI, and it was directly addressed in the 2024 ECCP. The black-box nature of AI decision-making can be a concern. Compliance teams should work with internal teams and vendors to ensure algorithms are interpretable and results are explainable. AI tools must integrate seamlessly with existing compliance systems to avoid creating silos or inefficiencies. While the US is far behind the rest of the world in data privacy laws, GDPR and others still apply to any internationally facing organization. This means companies must deploy AI responsibly, respecting privacy laws and ensuring that monitoring does not cross ethical boundaries.

The Future of Third-Party Compliance

AI is transforming third-party risk management from a reactive, one-size-fits-all process into a dynamic, data-driven discipline. By leveraging AI tools for screening, onboarding, monitoring, and reassessment, compliance professionals can manage third-party risks with unprecedented precision and agility. However, as with any powerful tool, AI must be used thoughtfully. By focusing on data quality, transparency, and ethical considerations, organizations can harness the full potential of AI while maintaining trust and accountability.  At the end of the day, a best practices compliance program is not simply about checking the box; rather, it is about creating a system that evolves with the risks it manages. AI is that system’s next evolution.

Categories
Blog

Lessons on Managing 3rd Parties from Star Trek: The Omega Glory

Last month, I wrote a blog post on the tone at the top, exemplified in Star Trek’s Original Series episode, Devil in the Dark. Based on the response, some passionate Star Trek fans are out there. I decided to write a series of blog posts exploring Star Trek: The Original Series episodes as guides to the Hallmarks of an Effective Compliance program set out in the FCPA Resources Guide, 2nd edition. Today, I will continue my two-week series by looking at the following hallmarks of an effective compliance program laid out by the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) in the FCPA Resources Guide, 2nd edition. Today, we look at lessons learned on managing third parties from The Omega Glory episode.

Trust, verification, and alignment with core values are paramount in third-party management. These principles are crucial in today’s complex business environment, where organizations rely on external partners to achieve their objectives. Interestingly, these concepts are vividly illustrated in an unlikely source: the classic Star Trek episode The Omega Glory. This episode provides a fascinating backdrop for exploring the intricacies of third-party management. Today, we dive into the narrative and draw valuable lessons for managing third-party relationships.

In The Omega Glory,  Captain James Kirk and his crew encounter a planet named Omega IV, where two factions, the Yangs and the Kohms, are locked in a perpetual conflict. The Yangs parallel the American patriots of the Revolutionary War, while the Kohms resemble the communists. The Enterprise crew discovers that a Starfleet officer, Captain Ron Tracey, has violated the Prime Directive, the Federation’s core principle of non-interference, by intervening in the planet’s internal affairs to gain immortality from the planet’s unique properties. Tracey’s actions cause chaos and disrupt the natural progression of Omega IV’s societies. In the end, Captain Kirk is forced to confront Tracey and restore balance, emphasizing the need for adherence to principles and respect for the natural order.

Lesson 1: The Importance of Adhering to Your Core Values

One of the primary lessons from The Omega Glory is the significance of adhering to core values and principles. In the episode, Captain Tracey abandons the Prime Directive to pursue personal gain, resulting in disastrous consequences. This mirrors real-world scenarios where third-party relationships can be compromised when organizations or individuals prioritize short-term gains over long-term values and ethical standards.

Organizations must ensure their partners share and adhere to the same core values when engaging with third parties. Establishing clear guidelines and ethical standards is essential for maintaining alignment and preventing deviations that could harm the organization’s reputation and objectives. Regular audits and assessments help verify that third parties operate by these values.

Lesson 2: The Necessity of Due Diligence and Verification

Captain Tracey’s actions underscore the importance of due diligence and verification. He assumed that the planet’s properties could provide eternal life without fully understanding the implications of his interference. This assumption led to unintended consequences and endangered his crew and the planet’s inhabitants.

Due diligence is a critical component of third-party management. Organizations must thoroughly assess potential partners to evaluate their capabilities, integrity, and compatibility with organizational goals. Verification processes, such as background checks, financial audits, and compliance assessments, ensure that third parties meet the required standards. Regular monitoring and ongoing evaluations help maintain transparency and accountability in the relationship.

Lesson 3: The Dangers of Unchecked Authority

Most compliance professionals rarely see unchecked power from third parties, yet this episode provides important insight for compliance professionals. Captain Tracey exercises unchecked authority, disregarding Starfleet regulations and the ethical implications of his actions. His uncontrolled power leads to chaos and conflict, highlighting the dangers of allowing individuals or entities to operate without oversight.

Unchecked authority in third-party management can lead to breaches of trust, legal violations, and reputational damage. Organizations must establish clear governance structures and oversight mechanisms to ensure third parties operate within defined boundaries. Implementing robust contractual agreements, performance metrics, and reporting frameworks can help maintain control and mitigate risks associated with third-party relationships.

Lesson 4: The Role of Communication and Collaboration

Throughout the episode, communication breakdowns contribute to misunderstandings and conflicts. Captain Kirk ultimately resolves the situation by facilitating dialogue and collaboration between the Yangs and the Kohms, emphasizing the importance of open communication in resolving disputes and achieving mutual understanding.

Effective communication is a cornerstone of successful third-party management. Organizations should establish open lines of communication with their partners, fostering a collaborative environment that encourages feedback, transparency, and problem-solving. Regular meetings, status updates, and joint planning sessions help align objectives and address potential issues before they escalate. This will also help manage the commercial relationship after the contract is signed.

Lesson 5: The Need for Flexibility and Adaptability

The episode highlights the need for flexibility and adaptability in complex situations. Captain Kirk’s ability to adapt to changing circumstances and devise innovative solutions is crucial in resolving the conflict and restoring balance. Third-party relationships often involve dynamic and evolving challenges. Organizations must remain flexible and adaptable to changing circumstances, such as shifts in market conditions, regulatory requirements, or technological advancements. Developing contingency plans, embracing innovation, and fostering a culture of continuous improvement can help organizations navigate uncertainties and maintain successful third-party relationships.

Third-party relationships also mandate ongoing monitoring from a data analytics perspective. Compliance may need to conduct additional investigation if there are significant changes in the volume of goods sold by a third party or the amount of commissions paid to a particular third-party agent, region, or business unit. However, third parties must understand and receive a steady diet of communication and training on the need to do business ethically and in compliance with your company’s values.

The Omega Glory serves as a compelling training vehicle for the complexities and challenges of third-party management. The episode’s themes of adherence to core values, due diligence, oversight, communication, and adaptability provide valuable insights for organizations seeking to optimize their third-party relationships. By learning from Captain Kirk’s experiences on Omega IV, businesses can enhance their third-party management practices, mitigate risks, and achieve sustainable success in an interconnected world.

In conclusion, organizations must prioritize trust, verification, business justification, and alignment with core values in their third-party management strategies. By adhering to these principles and drawing lessons from unconventional sources like Star Trek, businesses can navigate the complexities of modern partnerships and achieve their strategic objectives with integrity and success.

Join us tomorrow as we consider the lessons on ongoing monitoring and continuous improvement of Spectre of the Gun Ultimate.