Compliance & Regulation » Strengthening Third-Party Risk Management: Preparing for FCPA Inquiries

Strengthening Third-Party Risk Management: Preparing for FCPA Inquiries

Strengthening Third-Party Risk Management: Preparing for FCPA Inquiries

June 6, 2024

Strengthening Third-Party Risk Management: Preparing for FCPA Inquiries

According to an article by Navex, the SEC is scrutinizing tech companies’ business relationships with distributors, resellers, and other third parties in high-corruption-risk countries. This SEC sweep aims to identify potential Foreign Corrupt Practices Act (FCPA)  violations, potentially leading to investigations and settlements.

Receiving an SEC letter doesn’t imply accusations of corruption but requires companies to accurately detail their third-party business dealings. Thus, robust third-party risk management (TPRM) is crucial. 

The article highlights these key Third-party risk management (TPRM) capabilities:

  • Due Diligence: Conduct thorough background checks on intermediaries, including their ownership, connections to politically exposed persons, and past misconduct allegations.
  • Contract Management: Continuously monitor and govern business relationships through contract clauses that allow auditing and restrict sub-contracting.
  • Record-Keeping: Maintain documentation proving prudent governance of third-party relationships, supported by internal audits to ensure compliance.
  • Anti-Corruption Training: Educate employees and third parties on the unacceptability of bribes and ensure training is relevant and well-documented.

Effective TPRM requires more than these capabilities; it necessitates strong inter-departmental relationships. Technology plays a vital role, providing screening tools, policy management, and centralized documentation repositories. However, compliance teams must collaborate with procurement and other departments to ensure comprehensive oversight of all intermediaries.

To achieve high third-party risk management performance, compliance teams must communicate their needs, facilitated by the urgency of SEC inquiries, and work with other departments to address policy, procedure, contract, documentation, and training gaps. This collaborative approach helps build robust TPRM systems, preparing companies to respond to SEC inquiries and other emerging risks effectively.

Read full article at:

Navex

Share this post:

Share on LinkedIn

What Legal Depts Need to Know About Ransomware Attacks on Companies

FTC Guidance on AI Chatbot Use: Key Pitfalls and Compliance Strategies

Measuring the Impact of the CrowdStrike Incident

Employment Compliance Challenges for Companies in Growth Mode

Essential Strategies for Organizational Resilience and Competitive Advantage

generative AI in the legal profession

FTC Guidance on AI Chatbot Use: Key Pitfalls and Compliance Strategies

Measuring the Impact of the CrowdStrike Incident

Measuring the Impact of the CrowdStrike Incident