1. Fighting corruption in the supply chain
Implementing effective third-party due diligence
Mark Dunn
Market Planning Manager
LexisNexis Risk
29th February, 2012
LexisNexis Proprietary & Confidential: For internal office use only 1
2. LexisNexis: Who we are and what we do
Anti-Money Laundering Anti-Bribery & Corruption Sanctions Screening
Know Your Know Your Know Your Know Your
Customer Supplier Employee Customer’s
Customer
AML Corporate
Procurement Fraud
Security
Human
Strategy
Resources
Compliance Legal Credit
2
4. Third Party Due Diligence
Why is it important?
US Department of Justice: Daimler AG and
Three Subsidiaries Resolve Foreign Corrupt US Department of Justice: Innospec Agent Pleads
Practices Act Investigation and Agree to Pay Guilty to Bribing Iraqi Officials and Paying
$93.6 Million in Criminal Penalties; Combined Kickbacks Under the Oil for Food Program
Criminal and Civil Penalties of $185 Million to M2 PressWIRE, June 28, 2010
be Paid
M2 PressWIRE, April 5, 2010
Chinese Court Hands Jail Terms to Rio Tinto
Mabey & Johnson to pay £6.6m for bribing Employees on Bribery and Secret Theft Charges
officials and UN breaches Global Insight, March 29, 2010
Construction News, September 28, 2009
Pfizer To Pay About $60 Mln To Settle Bribery Probe
Wall Street Journal November 20th, 2011
Halliburton to pay $559 million to settle bribery
investigation
WALL STREET JOURNAL, January 27, 2009 Tuesday
Alstom fined $42 mln in Swiss bribery probe
Reuters - November 22, 2011
LexisNexis Proprietary & Confidential: For internal office use only 4
5. Effective Third Party Due Diligence
Why is it important?
Financial fallout
of non-
compliance
Prerequisite
for conducting
Impact Business
reputation
business
Business
efficiency
LexisNexis Proprietary & Confidential: For internal office use only 5
7. Third-party due diligence
Process Overview
• Risk assessment determines extent
of due diligence required
• Approach to due diligence covers
three stages: Conduct
Monitor health check
5. Conduct health check third-parties
Update records on existing third-parties
Third-Party
8. Manage incoming checks
Conduct due diligence on new third-parties
Due Diligence
11. Monitor third-parties
Conduct spot checks and periodic reviews
Manage
Arrow 2
incoming checks
7
8. Third-party due diligence
Process Overview
Identify
Review
Risk
Due Diligence
Communication Assessment
Monitor High Level
And
Training
Process
Audit Verify
8
10. Anti-Corruption Risk Assessment
Common External Risks
• Country risk
This is evidenced by perceived high levels of corruption, an absence of effectively implemented anti-bribery
legislation and a failure of the foreign government, media, local business community and civil society
effectively to promote transparent procurement and investment policies
• Sectoral risk
Some sectors are higher risk than others. Higher risk sectors include the extractive industries and the large
scale infrastructure sector
• Transaction risk
Certain types of transaction give rise to higher risks, for example, charitable or political contributions,
licences and permits, and transactions relating to public procurement
• Business opportunity risk
Such risks might arise in high value projects or with projects involving many contractors or intermediaries; or
with projects which are not apparently undertaken at market prices, or which do not have a clear legitimate
objective
• Business partnership risk
Certain relationships may involve higher risk, for example, the use of intermediaries in transactions with
foreign public officials; consortia or joint venture partners; and relationships with politically exposed persons
where the proposed business relationship involves, or is linked to, a prominent public official
Source: UK Ministry of Justice: Guidance about procedures which relevant commercial organisations
can put into place to prevent persons associated with them from bribing (section 9 of the Bribery Act 2010)
LexisNexis Proprietary & Confidential: For internal office use only 10
11. Anti-Corruption Risk Assessment
Common Internal Risks
• Deficiencies in employee training, skills and knowledge
• Bonus culture that rewards excessive risk taking
• Lack of clarity in the organisation’s policies on, and procedures for, hospitality and promotional
expenditure, and political or charitable contributions
• Lack of clear financial controls
• Lack of a clear anti-bribery message from the top-level management
Source: UK Ministry of Justice: Guidance about procedures which relevant commercial organisations
can put into place to prevent persons associated with them from bribing (section 9 of the Bribery Act 2010)
LexisNexis Proprietary & Confidential: For internal office use only 11
13. Third-party due diligence
What type of checks are conducted?
To identify and verify Sources
The business partner’s full, legal name, registered address •Business partner questionnaire
and company number or equivalent •Checks of local company registers
Details of the business partner’s shareholdings and •Business partner questionnaire
shareholders, including wholly and partly owned •Checks of local company registers
subsidiaries or parent companies
A list of the business partner’s directors and officers, and •Business partner questionnaire
any other employees who will be carrying out services for •Checks of local company registers
the organisation, including providing CVs, proof of •Media searches
citizenship, relationships with any politically exposed
persons, references where appropriate and details of other
companies in which they are involved
Details of other clients of the business partner, or parties •Business partner questionnaire
with whom they regularly do business (especially public •Media searches
officials and government bodies), and how the business •Checks with local business groups and
was obtained embassies
•Watchlists and PEP databases
Source: Extracts from Due diligence: know your business partners (Reed Smith): Serious
Economic Crime: A boardroom guide to prevention and compliance (UK Serious Fraud Office)
14. Third-party due diligence
What type of checks are conducted?
To identify and verify Sources
Financial information, including accounts and annual •Business partner questionnaire
reports as well as details of any history of insolvency of the •Checks of company registers
business partner and any of its directors. •Media searches
Details of any legal proceedings or regulatory •Business partner questionnaire.
investigations involving the business partner or any of its •Litigation records.
key personnel, with particular focus on matters involving •Media searches
allegations of corruption.
The precise nature of the intended relationship with the •Business partner questionnaire
business partner, what services it intends to provide, how •Contract documentation
and by whom these services will be provided, and how it is
going to calculate what remuneration it receives for doing
so.
What, if any, anti-bribery and corruption policies and •Business partner questionnaire
procedures the business partner has in place, and what
due diligence it carries out on third parties with which it
does business.
Source: Extracts from Due diligence: know your business partners (Reed Smith): Serious
Economic Crime: A boardroom guide to prevention and compliance (UK Serious Fraud Office)
15. ABC Third-Party Due Diligence
High Level Process Overview Third-Party
Collect documents from third-
Identify party (incorporation docs etc)
Risk Assessment
Simplified Due Diligence Enhanced Due Diligence
(Low Risk) (High Risk)
Company Check Person Check Company Check Person Check
Key company data ID verification Key company data ID verification
Sanctions & watchlists PEPs Sanctions & watchlists PEPs
Senior executives Sanctions & watchlists Negative news Associates
Person Checks on all Sanctions & watchlists
directors Directorships
Person Checks on key Shareholdings
shareholders Negative news
Audit
Monitoring and Review
15
17. Risk assessment and due diligence resources
High
Outsourced
Risk Advisors
Aggregated
Subscription
Risk Services
Assessment
Individual
Subscription
Services
Low High
Due Diligence Resources
17
18. Due diligence resources
Google
Benefits
• Free content
• Global coverage
• Easy to access
• Prerequisite for due diligence and screening / complements other research
Things to consider:
• Archival data increasingly requires subscription
• Difficult to achieve consistency as data sources change daily
• Difficult to audit as source data sometimes hard to verify
• Lack of security (IP tracing)
• No support or guarantees
18
19. Due diligence resources
Individual Subscription Services
Benefits:
• Enables selected content to be purchased to meet specific requirement (i.e. country company data)
• Content maintained, up to date and accurate
• Access secure
Things to consider:
• Additional subscription services may be required over time to cover changing business requirements
• Requires users to learn different search interfaces which impacts consistent process and time efficiency
• Requires users to combine multiple search results into standard reports
• Requires company to maintain multiple contracts with information providers
19
20. Due diligence resources
Aggregated Subscription Services
Benefits:
• Consolidates all key data via single service for consistent process
• Single interface also helps users speed up due diligence process
• Content maintained, up to date and accurate
• Access secure
• Single contract easier to manage
Things to consider:
• Ensure content required is in line with risk-based approach (e.g. Country coverage, depth of content)
• Availability of local language content and interfaces
20
21. Due diligence resources
Outsourced Risk Advisors
Benefits:
• Due diligence done for you
• Able to conduct investigations on the ground particularly in high risk markets
• Secure and trusted
Things to consider:
• High costs for basic due diligence research reports
• Impractical for high volumes of simplified due diligence
• Time lag in receiving information
• Reports received may need further validation after review
21
22. Risk assessment and due diligence resources
Align your risk-based approach to third-party due diligence with your technology purchasing:
Simplified or enhanced due diligence determines what content you need to search:
• Do the third-parties include individuals?
• Are the third-party companies: public or private?
• Are the third-parties based in the UK or overseas?
• Are the third-parties in developed or emerging markets?
• Are the third-parties in selected countries or many countries?
• Determines use of ‘free’ content resources versus paid content services?
• Determines use of niche content providers versus aggregators?
22
23. Risk assessment and due diligence resources
Number of third-parties determines how you may prefer to use and pay for technology services:
• How many new third-parties do you take-on?
• How many existing third-parties do you need to screen?
• How often do your monitor existing third-parties?
• How many people are conducting due diligence checks?
• Do you need single search or batch search?
• Do you need several niche content providers or a content aggregator?
What payment approach do you take?
• Do you pay based on search volumes or number of seats?
• Do you pay on a transactional or subscription basis?
• Do you receive volume based, multiple product or multi-year discounts?
• Do providers enable flexible overuse or cut off system access?
What IT approach do you take?
• For example: Do you want to access batch services via web or behind your company firewall?
• What in-house IT resources do you have available?
23
25. Evaluating existing due diligence resources
• Opportunity to:
• Review existing internal systems that may be used
• Consider how the new products you purchase may also be used by other parts of the company
• Benefits of a consistent approach:
• Delivers greater ROI to the business through:
• Improved process efficiencies (training, account admin, headcount)
• Improved customer service (saves time, reduces number of times client has to be
contacted)
• Cost savings through companywide discounts
• Consistent approach helps demonstrate robust compliance
• Develops enterprise risk management approach
Due diligence is firmly established as an element of corporate good governance and it is
envisaged that due diligence related to bribery prevention will often form part of a wider due
diligence framework
Source: The Bribery Act 2010: Guidance about procedures which relevant commercial organisations can put into place to prevent
persons associated with them from bribing (section 9 of the Bribery Act 2010) (Ministry of Justice)
25
26. Evaluating existing due diligence resources
AML Fraud Audit Strategy Procurem Corpora
Corporate Credit
AML Fraud Audit Strategy Procurement Credit
ent te
Security
Security
Company M&A Employee
due diligence ID due diligence screening
Credit
verification
reference
List Supplier Investigations
checking Reputation due diligence
checks
Transaction Country
monitoring Conflicts risk
checking
26
27. Adopting a consistent and more efficient process
AML Fraud Audit Strategy Procurem Corpora
Corporate Credit
AML Fraud Audit Strategy Procurement Credit
ent te
Security
Security
AML Fraud
Corporate
Security
Group Security Function
27
29. How we help clients realise a consistent process
Simplified Due Diligence
Company or individual Ongoing Monitoring
Investigations across: Automated checks
Yes Sanctions and Watch Lists
Business
ID verification data Report Approval PEP checks
Sanctions and Watch Lists Proprietary watchlists
PEP checks Negative Media
Proprietary watchlists No
Low / Med
Alert
Third
New Risk
Party
Interest Yes Identified? No
Med / High
Ultra High
Enhanced Due Diligence Media Monitoring
Perform in-depth checks Automated monitoring of
across: global entities:
Media and Negative News Lexis Content
Company Information Ultra High “of Special Interest” Web Sources
Legal Case History Social Media
Paid Subscription Services
29
30. How we help clients realise a consistent process
Yes
Bridger Insight™ XG Business
Approval
Bridger Insight™ XG
Report
No
Low / Med
Alert
Third
New Risk
Party
Interest Yes Identified? No
Med / High
Ultra High
Lexis®Diligence LexisNexis Analytics
Ultra High “of Special Interest”
30
43. Global Corruption
Further Reference
• US Department of Justice
Foreign Corrupt Practices Act (FCPA) Page
http://www.justice.gov/criminal/fraud/fcpa/
• US Department of Justice
FCPA Lay-Person’s Guide
http://www.justice.gov/criminal/fraud/fcpa/docs/lay-persons-guide.pdf
• US Department of Justice
FCPA Related enforcement actions
http://www.justice.gov/criminal/fraud/fcpa/cases/2010.html
• Transparency International
Includes Corruption Perceptions Index and Bribe Payers Index
http://www.transparency.org.uk/working-with-companies/adequate-procedures
• United Nations
Fighting Corruption in the Supply Chain report
http://www.unglobalcompact.org/docs/issues_doc/Anti-Corruption/Fighting_Corruption_Supply_Chain.pdf
43
44. UK Bribery Act 2010
Further Reference
• UK Ministry of Justice
Bribery Act 2010 guidance
http://www.justice.gov.uk/guidance/making-and-reviewing-the-law/bribery.htm
• Transparency International
Adequate Procedures - Guidance to the UK Bribery Act 2010
http://www.transparency.org.uk/working-with-companies/adequate-procedures
• UK Serious Fraud Office
Corruption indicators
http://www.sfo.gov.uk/bribery--corruption/corruption-indicators.aspx
Prosecution guidance
http://www.sfo.gov.uk/press-room/latest-press-releases/press-releases-2011/bribery-act-prosecution-guidance-pu
Serious Economic Crime: A boardroom guide to prevention and compliance
http://www.seriouseconomiccrime.com/
44
45. Principle 4: Due Diligence
UK Ministry of Justice Guidance: Case Study 9 - Due diligence of agents
A small UK company (‘N’) relies on agents in country (‘P’) from which it imports local high quality perishable
produce and to which it exports finished goods. The bribery risks it faces arise entirely as a result of its reliance on
agents and their relationship with local businessmen and officials. N is offered a new business opportunity in P
through a new agent (‘Q’). An agreement with Q needs to be concluded quickly.
N could consider any or a combination of the following:
Conducting due diligence and background checks on Q that are proportionate to the risk before engaging Q; which could
include:
• making enquiries through N’s business contacts, local chambers of commerce or business associations, or internet
searches
• seeking business references and a financial statement from Q and reviewing Q’s CV to ensure Q has suitable experience.
• Considering how best to structure the relationship with Q, including how Q should be remunerated for its services and
how to seek to ensure Q’s compliance with relevant laws and codes applying to foreign public officials
• Making the contract with Q renewable annually or periodically
• Travelling to P periodically to review the agency situation.
Source: Extracts: Guidance about procedures which relevant commercial organisations can
put into place to prevent persons associated with them from bribing (UK Ministry of Justice)
45
46. Principle 4: Due Diligence
UK Ministry of Justice Guidance: Case Study 6 - Due diligence of agents
A medium to large sized manufacturer of specialist equipment (‘G’) has an opportunity to enter an emerging
market in a foreign country (‘H’) by way of a government contract to supply equipment to the state. Local
convention requires any foreign commercial organisations to operate through a local agent. G is concerned to
appoint a reputable agent and ensure that the risk of bribery being used to develop its business in the market is
minimised.
G could consider any or a combination of the following:
• Compiling a suitable questionnaire for potential agents requiring for example, details of ownership if not an individual;
CVs and references for those involved in performing the proposed service; details of any directorships held, existing
partnerships and third party relationships and any relevant judicial or regulatory findings.
• Having a clear statement of the precise nature of the services offered, costs, commissions, fees and the preferred means
of remuneration.
• Undertaking research, including internet searches, of the prospective agents and, if a corporate body, of every person
identified as having a degree of control over its affairs.
• Making enquiries with the relevant authorities in H to verify the information received in response to the questionnaire.
• Following up references and clarifying any matters arising from the questionnaire or any other information received with
the agents, arranging face to face meetings where appropriate
Source: Extracts: Guidance about procedures which relevant commercial organisations can
put into place to prevent persons associated with them from bribing (UK Ministry of Justice)
46
47. UK Bribery Act 2010 vs. US Foreign Corrupt Practices Act
Provisions UK Bribery Act 2010 US Foreign Corrupt Practices Act
Extra-territorial Yes, persons are liable for sections 1, 2 or 6 offences committed Yes, the FCPA applies to violative acts by US issuers, domestic
application outside the UK if they have a ‘close connection’ with the UK. concerns and their agents and employees that occur wholly outside US
The territory, and to acts by US citizens or residents, wherever they occur.
‘failure to prevent bribery’ offence applies to: (i) UK entities that
conduct business in the UK or elsewhere; and (ii) any
corporation, wherever formed, which carries on business or part
of a business in the UK (section 7(5)).
Third parties Yes, liability for acts of associated persons who perform services Yes, the FCPA prohibits corrupt payments through intermediaries. It is
for or on behalf of the company. unlawful to make a payment to a third party, while knowing that all or a
portion of the payment will go directly or indirectly to a foreign official.
The term ‘knowing’ includes conscious disregard and deliberate
ignorance. Intermediaries may include joint venture partners or agents.
Failure to keep Covered by other legislation. Yes.
Accurate books
and records
Criminal penalties Individuals: up to ten years sentence and unlimited fines; Corporations and other business entities are subject to a fine of up to
$2,000,000 per violation. Officers, directors, stockholders, employees
Companies: Unlimited fines. and agents are subject to a fine of up to $250,000 per violation and
imprisonment for up to five years. Under the Alternative Fines Act, the
actual fine may be up to twice the benefit that the defendant sought to
obtain by making the corrupt payment. Fines imposed on individuals
may
not be paid by their employer or principal.
Source: The UK 2010 Bribery Act Adequate Procedures
(Transparency International)
47
48. UK Bribery Act 2010 vs. US Foreign Corrupt Practices Act
Provisions UK Bribery Act 2010 US Foreign Corrupt Practices Act
Bribery of foreign Yes (section 6). Yes, the FCPA applies only to bribery of foreign officials.
public officials (15 U.S.C. §§78dd-1(a) and (f)(1)).
Private-to-private Yes, the main provisions of the Bribery Act apply to the private No.
bribery sector as well as the public sector except for the FPO offence.
Receipt of a bribe Yes (section 2). No.
Intent Mixed. Intention is required for some ‘cases’ of the section 1 and In alleging violations of the bribery provisions of the FCPA, the
2 offences. No ‘corrupt’ or improper ’ intent is required in the FPO government must show that the defendant had the requisite state of
offence, section 7. mind
with respect to his actions i.e., negligence, recklessness, intent
(15 U.S.C. § 78dd-1(f)(2).).
Facilitation The Act does not permit an exception for facilitation payments. Permitted under very limited circumstances when paid to foreign officials
payments in order to expedite or secure the performance of a ‘routine
governmental action’. This excludes a decision by a foreign official to
award new business or to continue business with a particular party e.g.,
to obtain a license or be granted a concession (15 U.S.C. §78dd-
1(b) and §78dd-1(f)(3)).
Promotional The Act makes no specific provision for promotional expenses. Yes, affirmative defence if they are reasonable and bona fide business
expenses expenses that are directly related to the promotion, demonstration or
explanation of products or services (e.g., demonstration or tour of a
pharmaceutical plant) or in connection with the execution of a particular
contract with a foreign government.
Source: The UK 2010 Bribery Act Adequate Procedures
(Transparency International)
48
49. Consolidate workflow and data to drive ROI
Search global sources including web and print publications, criminal
records, sanctioned party and politically exposed persons…using
LexisNexis or similar platforms.
All such searches, whether conducted internally or by an external firm,
should be conducted not only on the supplier, but also on the names of
its verified owners, directors, officers and partners
Fighting Corruption in the Supply Chain (United Nations)
49