Your business could be the model for compliance. Leadership has bought on and is accountable, risks have been identified and managed, and you have successfully folded corporate compliance into the fabric of your company.
As efficient as your business is, do you ever work with consultants, law firms, accountants, brokers, marketing companies, or other service and product providers? Of course you do and you will, so the question is no longer centered on your internal controls and methods. Can a third party put you or your business in jeopardy? Yes, they can. It is paramount to have third-party risk management practices in place.
Your Hand May Be Forced
After reading about third parties, you may be quick to state that you have established practices to mitigate any risk brought in by one, such as a standard due diligence process, comprehensive anti-corruption paragraphs in contracts, and a third party training program. However, in the event of a competitive market where there are manufacturing and logistics disruptions, you could find yourself needing to work with a third party that you otherwise would not have—solely out, ensuring that your business survives.
When your supply chain isn’t functioning as it should, you still have to find a way to keep your business’s wheels turning. Short-term missteps can evolve into long-term disasters. There are no shortcuts, and you still need to identify your risks in advance, regardless of outside pressure.
Bad actors are trying to take advantage of the world crisis everywhere.
The goal is to focus on responsible sourcing, having supply chain and service providers transparency, and ensuring ethical conduct amongst your employees and third parties. How? If you have the infrastructure and resources to devote to compliance systems, you have a path forward to safeguard your business.
However, the third parties that your program has already approved in the past or is quickly approving now may bring you surprises even though they were persuaded to sign all of your nice compliance policies and contracts addendum, to answer well prepared questionnaires and to check the box for training sessions designed for them. All of these measures are very important, however they will just help your company to defend itself after wrongdoings and not necessarily to prevent them from existing. Why? Because these third parties don’t have ethics and compliance set in their culture, the root cause is not treated therefore the exposure has been covered up.
Investing time and money into ethics and compliance programs may not be cost-effective for those with limited resources and financial reach, and that’s the case of the vast majority of third parties that big companies used to hire. Ironically, the answer to third-party compliance may be hiring a third party. We are referring to the idea of engaging a compliance consultant to oversee large corporations’ third parties and to assist them to have ethics and compliance embedded in their culture, allowing them to incorporate the concepts and procedures of an ethical company, of doing business with lower compliance risks.
A compliance program tailored to a third party, which enables it to get the most suitable technology, and to establish affordable processes that fit to its budget, at the end of the day will protect not only that small and mid-sized companies but also the big ones who engage them in their businesses.
Among the companies’ approved third parties there are the strategic ones. There’s also a subgroup emerging from the strategic third parties which are the preferred third parties. Strategic third parties meet a set of criteria and deliver more value to the business than others. This set of criteria should include the existence of ethics and compliance culture. In case the strategic business partner doesn’t meet this criteria, in order to help it to be a preferred third party, the company that hires it could suggest to the vendor to have a compliance program properly designed to its size and industry.
Hence, the larger business would not only safeguard itself but also propagate ethics and compliance practices in a way that benefits other organizations and the community in general.
Prae Venire helps small and mid-sized companies develop processes and programs to identify, manage and mitigate compliance risks, to ensure compliance with applicable laws, business ethics and standards. Prae Venire also assists large corporations that already have robust compliance programs in place to enhance their third parties compliance culture and create content for internal or external compliance training. If you have any further questions or wish to book a consultation, contact Prae Venire today.