Simplifying third-party due diligence in a complex world
A challenging landscape Understanding who you conduct business with has become more than just good business practice; it is increasingly becoming a smart compliance imperative. Multinational organizations are rapidly adjusting to enforcement standards according to which companies are responsible for the actions of their business partners and vendors, and need to conduct effective third-party due diligence on them. Be it the Foreign Corrupt Practices Act (FCPA) in the US, the UK Bribery Act or the recently enacted anticorruption regulations in India, Brazil, Russia, China and Mexico, governments are taking clear steps against the practice of making improper payment through third parties. The Criminal Division of the United States Department of Justice (DOJ) and the Enforcement Division of the United States Securities and Exchange Commission (SEC) recently provided guidance on compliance with the FCPA.
• Understand the business rationale for including a third party
in a transaction. You should understand the role of and need for the third-party due diligence to be conducted and ensure that the contract terms specifically describe the services to be performed and the potential risks involved with these.
• Monitor your third-party relationships once they begin. Where appropriate, this may include acquiring and exercising audit rights, updating existing due diligence, conducting regular training sessions and requesting third party to obtain annual compliance certification.
Proper due diligence and monitoring not only helps to reduce the risk of corruption, but can also cut down on fraudulent transactions, embezzlement, conflict of interest, related-party transactions and money laundering. They help a company to safeguard its assets and reputation. Responding to these emerging standards in a standardized and efficient manner is however a huge operational challenge. Management is often challenged by widely varying availability of information across markets and fragmentation of their own internal systems. The question is — how can one create a consistent and, practical diligence process for third parties in New York, New Delhi, Ningbo and Nairobi in order to mitigate third- party risk? While guidance is in the context of anticorruption controls, the principles generally help third parties deal with risk.
Some key points relating to third parties include:
• Understand the qualifications and associations of a third-party
partner, including its business reputation and its relationship, if any, with government officials. The degree of scrutiny should be risk-based, and you should increase your scrutiny if and when red flags surface.
Simplifying third-party due diligence in a complex world
ndor/Supplier
55%
stributor
ent
int venture partner
26%
more likely to arise from third parties than from internal staff. of respondents have no systems or processes in place to manage and monitor third-party relationships.
Overcoming obstacles
Integrity
Consistency Client needs
Accessibility
Our Integrity Diligence teams understand this problem. We help clients design, implement and maintain effective third-party diligence systems around the world. Our offerings are built on our wide and long experience of conducting complex international fraudand corruption-related investigations, as well as fraud and corruption risk consulting projects, in every major market worldwide. Our Integrity Diligence offering is designed to respond to the following needs of our clients
1 Consistency Standardized risk-based procedures for diligence that can be practically implemented wherever our clients do business worldwide
2 Accessibility The ability to continuously update and monitor diligence programs from locals market to headquarters as well as a broad global network of forensic professionals who are located near our clients and their third parties
3 Integrity A careful approach to applicable laws on data privacy and collection in relevant jurisdictions
Simplifying third-party due diligence in a complex world
EY_ID is a technology tool created by EY to help its clients efficiently and effectively address the risks involved in their third-party business relationships worldwide. The tool is a web-based, globally accessible platform and provides companies with the opportunity to collect relevant information about their third-party partners, segment third parties by their level of risk, conduct and document multiple levels of due diligence conducted on these, obtain certifications from third parties and incorporate streamlined approval processes in their operations. It is designed to enhance standardization, transparency and accountability throughout the life cycle of a third-party partnership.
It also offers a highly customizable platform that can be configured to meet your specific program design, including features such as the following: • End-to-end third-party life cycle management in a clientbranded and secure website
• Automated risk-scoring engine and self-directed risk
assessment tool to calculate third-party risk, based on clients’ risk tolerance and priorities
• Highly customizable workflow manager with client-driven approval hierarchy
• Secure and archived repository for third party records, red-flag analyses and approvals
Addressing third-party risk in today’s environment requires a systematic approach, and EY_ID is there to provide the tools.
EY_ID offers advanced dashboards with visual data analytics and an enhanced search functionality.
Simplifying third-party due diligence in a complex world
• Today, EY Fraud Investigation & Dispute Services India has more than 65 thirdof respondents party due diligence specialists with multibelieve risks are more likely to arise lingual capabilities. The in-house team from third parties than from is proficient in English, German, French, internal staff. Spanish, Chinese, Japanese, Bangla and various other Indian languages.
55%
65%
3
1
al
2
g
3
when conducting third-party due diligence Omission of certain key personnel/ shareholders
of respondents have
• An analysis of over 30,000 third-party due no systems or processes in place diligence checks which were undertaken to manage and monitor in the lastthird-party three years highlighted that relationships. almost 50% of cases which were reviewed had red flags.
26%
Commonly raised red flags
of respondents say all of their third parties are required to comply with their companies’ ABAC codes of conduct.
A lack of information or trading history (this factor alone would not rule out start-ups)
A business address in a non-commercial zone or at service office suites
Sector focus Pharmaceutical
Low capitalized company Suppliers with a small capital base acting merely as middlemen for undisclosed suppliers
Oil & Gas
Commonly raised red flags from using forensic data analytics Automobile
Multiple suppliers with same address services SharedFinancial or similar addresses, contact details or bank accounts are potential red flags, as are overly close relationships within a small group of local vendors.
FMCG Multiple payments just below authorized level Evidence of unusual data trends such as split payments to bypass approval thresholds, large numbers of one-time vendor payments to bypass Retail supplier due diligence procedures; duplicate payments; lack of proper supporting documentation around vendor set-up, diligence or payments; and multiple duplication in vendor master files are examples of this type of red flag. Technology
Tampering or irregularities with the tendering process Acceptance of late bids or bids being accepted despite failings in technical specifications or scoring, and bids at or very close to set budgets
Generic description of expense reimbursement claims Text mining within databases to identify “concepts” or generic descriptions can further focus on high risk transactions.
Types of third parties representing the biggest compliance risk 12% Vendor/Supplier
55%
of respondents believe risks are more likely to arise from third parties than from internal staff.
26%
of respondents have no systems or processes in place to manage and monitor third-party relationships.
Distributor
22%
Agent 57% 9%
Joint venture partner
Source: EY Asia-Pacific Fraud Survey 2013
Simplifying third-party due diligence in a complex world
Se
Our offices Ahmedabad
Hyderabad
6th floor, Wing A & B,
2nd floor, Shivalik Ishaan
Oval Office, 18, iLabs Centre
Worldmark 1, Aero city
Ernst & Young LLP
Near C.N. Vidhyalayva
Hitech City, Madhapur
Opp. Holiday Inn, Mahipalpur,
Ambawadi
Hyderabad - 500081
New Delhi - 110037
EY | Assurance | Tax | Transactions | Advisory
Ahmedabad - 380 015
Tel: + 91 40 6736 2000
Tel: + 91 11 6671 8000
Tel: + 91 79 6608 3800
Fax: + 91 40 6736 2200
Fax: + 91 11 6671 9999
Kochi
4th & 5th Floor, Plot No 2B, Tower 2, Sector 126, NOIDA 201 304
Fax: + 91 79 6608 3900 Bengaluru
9th Floor, ABAD Nucleus
12th & 13th floor
NH-49, Maradu PO
UB City, Canberra Block
Kochi - 682304
No.24 Vittal Mallya Road
Tel: + 91 484 304 4000
Bengaluru - 560 001
Fax: + 91 484 270 5393
Tel: + 91 80 4027 5000
+ 91 80 6727 5000
Fax: + 91 80 2210 6000 (12th floor) Fax: + 91 80 2224 0695 (13th floor) 1st Floor, Prestige Emerald
Kolkata
Gautam Budh Nagar, U.P. India Tel: + 91 120 671 7000 Fax: + 91 120 671 7171 Pune
22 Camac Street
C-401, 4th floor
3rd floor, Block C
Panchshil Tech Park
Kolkata - 700 016 Tel: + 91 33 6615 3400 Fax: + 91 33 2281 7750
No. 4, Madras Bank Road
Yerwada (Near Don Bosco School) Pune - 411 006 Tel: + 91 20 6603 6000
Lavelle Road Junction
Mumbai
Bengaluru - 560 001
14th Floor, The Ruby
Tel: + 91 80 6727 5000
29 Senapati Bapat Marg
Fax: + 91 80 2222 4112
Dadar (W), Mumbai - 400028
Fax: + 91 20 6601 5900
Chandigarh - 160 009 Tel: + 91 172 671 7800
Nirlon Knowledge Park
Fax: + 91 172 671 7888
Goregaon (E)
Off Western Express Highway Mumbai - 400 063
Chennai
Tel: + 91 22 6192 0000
Tidel Park, 6th & 7th Floor A Block (Module 601,701702)
Fax: + 91 22 6192 3000
No.4, Rajiv Gandhi Salai, Taramani Chennai - 600113 Tel: + 91 44 6654 8100 Fax: + 91 44 2254 0120
NCR Golf View Corporate Tower B Near DLF Golf Course
EY refers to the global organization, and/or one or more of the independent member firms of Ernst & Young Global Limited
Sector 42 Gurgaon - 122002 Tel: + 91 124 464 4000 Fax: + 91 124 464 4050
Contacts
Partner and Head – India and Emerging Markets Arpinder Singh
+ 91 12 4443 0330
arpinder.singh@in.ey.com
+ 91 22 6192 0584
dinesh.moudgil@in.ey.com
Partner Dinesh Moudgil
Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited Liability Partnership Act, 2008 in India, having its registered office at 22 Camac Street, 3rd Floor, Block C, Kolkata - 700016
This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither Ernst & Young LLP nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.
1st Floor, SCO: 166-167 5th Floor, Block B-2
Ernst & Young LLP is one of the Indian client serving member firms of EYGM Limited. For more information about our organization, please visit www.ey.com/in.
EYIN1502-010 ED NONE
Fax: + 91 22 6192 1000
Sector 9-C, Madhya Marg
EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.
Š 2015 Ernst & Young LLP. Published in India. All Rights Reserved.
Tel: + 91 22 6192 0000 Chandigarh
About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.
Simplifying third-party due diligence in a complex world