ETHICS CORNER DEFENSE CONTRACTING
Reduce Risks in Overseas Third-Party Relationships (UPDATED)
Small- and medium-sized defense companies face potentially significant legal, regulatory, financial and reputational risks when engaging with overseas third parties. These risks stem from increased corruption exposure due to the nature of the defense industry, the limited resources smaller companies have at their disposal and the inherent challenges in screening overseas third parties.
While engaging with overseas third parties may be a necessity, it also potentially increases a company’s exposure to corruption. Overseas contracted defense work is often carried out in countries known for this type of problem. Furthermore, the work is often in an industry that is highly susceptible to corruption, such as logistics or construction support. Overseas third parties can also have significant exposure to government officials, thus increasing the chances of bribery or other corrupt practices.
Properly identifying these risks prior to an engagement can pose a challenge for small- and medium-sized defense firms. Smaller companies often lack the resources to fund a large-scale due diligence program. Even if a company conducts a thorough third-party screening prior to an engagement, it may later run into problems due to a failure to monitor high-risk relationships after a third party is onboarded.
Smaller defense firms also face risk due to the inherent difficulty in performing due diligence on overseas third parties. They may lack the in-house foreign language expertise required for investigations. Adverse information can often only be found in local language media sources, while legal and regulatory databases are frequently only accessible to those who not only know how to find them but are also able to read the content. Regional cultural knowledge may also be required to provide important contextual understanding for any potential red flags identified.
Taken together, these challenges may increase smaller defense contractors’ chances of running afoul of anti-bribery regulations, such as the U.S. Foreign Corrupt Practices Act.
Stating that an alleged act of corruption was carried out by a third party, and not the firm directly, is not a strong defense, as the ongoing joint U.S.-U.K.-France investigation into alleged Airbus third-party bribery shows.
Despite these challenges, however, smaller defense companies do not have to break the bank by setting up elaborate and costly due diligence programs. Instead, they can develop a defensible and cost-effective program that mitigates much of the risk posed by overseas third-party relationships.
A one-size-fits-all approach is neither effective nor efficient. Defense firms engage with a wide variety of third parties, such as suppliers, service providers, distributors, agents and buyers — each of which presents its own type of risk. Developing a risk assessment allows various third parties to be segmented into low, medium and high risk. This assessment should use objective criteria that is relevant to the company. Criteria should include, at a minimum, the industry sector, jurisdiction and type of the third party; the nature of the contractor’s relationship; and the third party’s relationship with government entities.
Use the assessment to create a systemic approach to screening third parties according to the contractor’s risk tolerance. Avoid spreading limited resources too thin by focusing on low-risk relationships. Instead, prioritize vetting the riskiest partners. It is key, however, to identify some level of screening for all third parties.
Conduct the prescribed level of due diligence prior to any engagement. Once a program is in place, ensure that it is followed across the enterprise. Avoid allowing subjective opinions to override established policies unless cleared by informed leadership.
Leverage knowledgeable and foreign language-capable investigators. Properly screening overseas third parties requires not only local jurisdictional knowledge and foreign language capabilities, but also cultural awareness. Ensure some level of foreign language search is part of any screening effort, especially for high-risk third parties. Pleading innocence due to an inability to understand foreign language reports about corruption allegations involving a new overseas supplier is a weak legal defense.
Consider using a third-party management system. Such systems help improve staff efficiency and thereby reduce operating costs. They also ensure consistency of compliance efforts. Furthermore, centralized control of all due diligence records will help a contractor in the event of an audit.
Conduct ongoing monitoring of select third-party relationships. This should be done according to both the company’s risk tolerance and the risk profile of a third party. Prioritize monitoring high-risk relationships over low-risk ones. For example, third parties in jurisdictions or industries considered highly corrupt should receive the lion’s share of monitoring efforts. When appropriate, consider conducting periodic re-screening of critical, but risky, relationships.
While no compliance program will eliminate a company’s corruption exposure stemming from overseas third-party relationships, failure to establish a defensible due diligence program will all but guarantee a future legal, regulatory or reputational headache. However, efforts to mitigate these risks need not drive a small defense company into the red.
Instead, relying upon a cost-effective, risk-based due diligence program that works smarter, not harder, can help achieve a satisfactory outcome.
Daniel M. Hartnett is an associate managing director in the compliance risk and diligence division of Kroll, a division of Duff & Phelps, where he advises corporate clients on third-party risk management. He can be reached at firstname.lastname@example.org.
Correction: Due to a technical glitch, a previous online version of this article listed the wrong name for the author. It was written by Daniel Hartnett, not Dan Hartman. National Defense apologizes for the error.