By Sanday Chongo Kabange, The Red Flag Group®
Regulators strongly advise businesses to constantly monitor the activities of their partners to ensure compliance and minimise liability in an event of third party misconduct. This is for a simple reason that failure to engage in periodic mandatory ongoing due diligence is an assumption of risk and could be equated with a lack of internal controls.
Thus, it’s important to have a mandatory ongoing due diligence process and constantly monitor the conduct of your partners to minimise exposure to compliance, business and integrity risks, given that the initial due diligence is immediately dated, in the sense that the information is useful but is only a snapshot in time. Ongoing monitoring enable businesses to keep their materials updated and keeps a close eye on partners, thus encourages ethical partner conduct.
There are several ways that ongoing due diligence can be performed to help minimise exposure to risk. More importantly, you can outsource these tasks with The Red Flag Group® which is a much better use of time and resources than having to do them in-house.
Using a risk-based approach
Identify partners that are likely to expose you to risk based on what they do for you, business volumes and where they are located after which you can initiate repeat due diligence over a preset time frame. For instance, if you have partners that are wholly or partially state-owned, or are in high-risk regions, you may set up a mandatory time on which you will perform repeat due diligence on a periodic basis. This can be done annually, biennial or at contract renewal from the time you performed initial onboarding due diligence. Conducting periodic repeat due diligence will ensure that you have oversight on the activities of your partners and timely remediate issues that may cause harm to you. Repeat due diligence provides you an opportunity to upgrade or downgrade the level of due diligence on your partners, depending on their activities, risk profile, prevailing business environment, regulatory changes or socio-economic instabilities in markets they are doing business for you.
On-site health checks
Unlike compliance audits, health checks are less detailed, are focused and would primarily involve understanding your partner’s compliance culture through management interviews, staff interviews and basic document review to ascertain best ethical practices. Health checks are best done on-site through a day’s roundtable, one-on-one discussions with selected members of staff and management. During health checks you may check whether your partner provides compliance training to its staff and how such training is tracked for effectiveness. Once you’ve assessed your partner’s understanding of compliance, you can provide some key recommendations in areas requiring improvement. This is one way you can keep a constant eye on your partners and signifies your concerns over your partner’s compliance culture.
Audits are more detailed than health checks in the sense that they involve a comprehensive analysis of your partner’s adherence to regulatory guidelines. Audits include checking the availability and thoroughness of your partner’s policies. This includes analysing financial transactions, books and records or reviewing compliance documentation such as codes of conduct or gifts, travel and entertainment policies. Compliance audits may provide you a better of understanding of your partner’s commitment to regulatory compliance. Compliance audits allows you to let your partners know that you are watching them and keeping an eye on their activities, which can only encourage adherence to compliance.
Request a free ComplianceDesktop® | Compliance Technology Platform demo to learn how you can track all payments in a secure system with a full audit trail for robust compliance.
Another common way to monitor your partners is certifying that they abide by your code of conduct and ethics. Your partner must certify that they fully comply with the terms of their contract, including providing proof that they conduct routine due diligence on their sub-contractors (if any), regularly provides mandatory compliance training to their staff, especially high risk employees in sales and procurement. Your partners must also certify their willingness to timely report any occurrences that may potentially impact your business relations and your reputation. Getting your partners certify their adherence to your compliance requirements shows that you are on top of their compliance.
Compliance programme review
To ensure effective ongoing monitoring in your partners, it is recommended that you review their compliance framework. Reviewing and assessing your partner’s compliance programme will help you to ascertain their efficacy and completeness, especially for large strategic partners with strong brands and reputation. This can be done by going through your partner’s compliance programme and other related policies to ensure that they conform to international guidelines. Compliance programme reviews are ideal for large well-established partners (multinationals) requiring low level due diligence or are in jurisdictions where the culture of compliance is mature like in the United States, England or Australia.