Guaranteeing third-party compliance is among the most important responsibilities for chief compliance officers. In the event a third-party is not aware of pertinent laws, regulations, or additional standards your company is held to, the corporate compliance department may be held accountable for any third-party breaches. This piece will examine what risks to be aware of when working with third parties, as well as ways to ensure compliance when vetting those groups.
The list of risks associated with doing business is continually growing larger, but there are several that stand out when working with other groups. The first risk is ignorance. Though many firms have at least some knowledge of laws and regulations, the corporate compliance officer would be remiss not to educate third-party partners thoroughly on your concerns and priorities. By educating your outside partners on these areas, you can improve the odds of compliance. You can also stem problems that arise generally from a lack of communication. Not communicating frequently with your third-party vendor will allow crucial information to fall by the wayside. When trying to increase the level of communication with your third party, be sure to record as much information as possible. You can refer to this information if there is a disagreement or, in the worst-case scenario, if the information must be used in a civil or criminal proceeding.
By educating your outside partners on these areas, you can improve the odds of compliance. You can also stem problems that arise generally from a lack of communication.
When working with third parties, be sure to learn early of any management or size issues that can cause risk down the road. As to their management, bad leadership can cause great pains to your operations. Even if your contacts are otherwise reliable, the relationship can go sour due to a single poor decision or a lack of legal oversight from within. Equally as risky as bad management is hostile management. A sensible, compliance-minded Chief Executive Officer who is replaced by someone with different priorities may look to curtail compliance efforts. In these instances, it is important to cover all of your bases. For instance, negotiate contracts that will allow you to focus squarely on financial liabilities on the third party if any compliance problems arise.
Negotiate contracts that will allow you to focus squarely on financial liabilities on the third party if any compliance problems arise.
Finally, take pains to determine how the third party’s size impacts your risk portfolio. If the company is too small, they may not be able to handle your compliance needs and may unintentionally let risks you did not expect arise. Be sure to understand the size of potential partners and their capabilities to keep themselves and you out of trouble.
The most commonly accepted way to preempt risk with third parties is to take great efforts when performing due diligence. Understanding the scope of third-party operations can help minimize risk, but the wise compliance officer will dig deeper. In the interview process, ask them for instances where working with a group has proved fruitful and instances where the results have been far from ideal. With the latter, have them dissect the reasons why the partnership was a failure.
Understanding the scope of third-party operations can help minimize risk, but the wise compliance officer will dig deeper.
When trying to ensure broad due diligence, it may be beneficial to work with another group that focuses solely on this issue. Conducting an exhaustive diligence investigation is a tough undertaking for any compliance department. Hiring outside partners to do the necessary work for you, even though the up-front cost can be high, may save your department from significant costs in the future.
For the compliance department, minimizing third-party risk involves taking the right steps early. In doing so, both the vendor and your company will be able to focus on the important work of the partnership rather than battling with regulators.