As organizations move away from lockdowns and begin escalating their commercial activities, it is more important than ever for compliance professionals to assess their organization’s third-party population to ensure they have not been involved in unethical activity during the pandemic.
Third parties are critical to corporate success, but pose significant risks for potential bribery and corruption-related activity. Many third parties are viewed as assets to the business strategy and success of the organization they are affiliated with, and as such, have been through a rigorous risk assessment and due diligence process. Yet, as COVID-19 spread throughout the globe and businesses and their third parties ceased many operations, the possibility of bribery and corruption by third parties had the potential to increase. This potential scenario creates the “perfect storm” for third parties to facilitate or participate in illicit activities that pose a substantial risk to the reputation and integrity of the business partner they represent.
It’s imperative to proactively assess what an organization’s third-party population may have been involved with during the lull in business. As such, cautious optimism should not be the standard, rather a comprehensive evaluation and understanding your third-party population should be the norm. Organizations should evaluate their third parties against the risk assessment process previously conducted and consider factors such as the countries they operate in, how the jurisdiction has been impacted by the virus, the country’s financial sector and how it is prepared to deal with commerce and the vast array of supply chain issues they may be faced with when a decision is made to restart operations.
As restrictions begin to be reduced globally, businesses will want to resume and reestablish their efforts to maximum capacity. Organizations should pause before leaping into their corporate efforts and assess their third parties holistically, evaluating the potential risk a third party may have been exposed to in their respective jurisdictions while business operations temporarily ceased. It is extremely important to conduct internal discussions on this topic and to engage with third parties in frank and direct communication regarding what and how they have been operating in the market during this time. At this restart moment, ensuring that a third party is aware of the organizational mandate of “zero tolerance” for unethical behavior and their willingness to adhere to the organization’s code of conduct is imperative to ensure that they have acted ethically as a partner. To accomplish this, every member of the organization who engages with a third party must ask probing questions to ensure that a third party has continued to meet the organization’s established requirements. The COVID-19 epidemic should not serve as an opportunity for third parties to not comply with to an organization’s code of conduct, contractual obligations and other ethical requirements.
Getting an on the ground perspective from internal business stakeholders, along with evaluating the existing risk assessment conducted, is an important first step in reestablishing and validating a third party’s activities prior to reengaging with them as a business service provider. To ensure that an organization’s third parties have not been involved in activities that pose a substantive risk to the organization, its reputation and integrity, “re-certification” due diligence should be considered to flush out any change in a third party’s profile and to ensure that they have not been involved in any unethical or criminal activity during the gap in the relationship with the business. By conducting an appropriate level of due diligence, an organization can identify and manage any potential risk a third party may have been involved with. This approach will address whether it is in the best interest of the organization to continue the relationship with the third party while meeting regulatory expectation of conducting an appropriate level of due diligence. It is more important than ever to recognize that through due diligence an organization is able to gain a greater understanding of potential risks and can make a commitment to managing them appropriately or terminating the relationship with a third party.
No one expected or planned for the COVID-19 pandemic, but the ability of compliance professionals globally to recognize, respond and adapt their organizations’ way of doing business, while addressing potential risks third parties pos post COVID 19 reflects their dedication and commitment to their profession. This is a defining moment for compliance professionals as they seek to clarify the status of their third parties. It is imperative that third parties be assessed, at an acceptable level, to ensure that they not only provide the services the business needs, but more importantly they are not putting the organizations they are engaged by at risk based on their previous activities. Conducting robust due diligence can protect an organization from liability, instill trust and provide a greater understanding of their third-party population. Personal knowledge of a third party should not be the reason to not conduct due diligence.
Post-COVID-19, it is more imperative than ever that organizations conduct third-party due diligence as the third parties’ conduct during the pandemic may not meet the organization’s ethical standards and requirements. This crisis should give compliance professionals a reason to pause, yet this moment should serve as an opportunity for all to evaluate how and what the “New Normal” will be in the industry and third-party relationships.