How to manage compliance risks created by intermediaries

February 1, 2017

Multinational companies frequently turn to intermediaries to conduct business on their behalf in countries where they have no established operations. But dealing with intermediaries contains risk, and that risk increases if the intermediaries have no interest, capacity, or resources to formulate their own effective compliance programmes.

Any business that engages intermediaries or agents in its product supply chain is exposed to risks and needs to extensively scrutinise these intermediaries. Such scrutiny may include, but is not limited to:

If you do not undertake these basic requirements, you may end up being fined for offences committed by your intermediaries in countries where they provide services on your behalf. Even after fines have been paid, the reputational stigma can be a perpetual problem.

The case study: Lessons learned from Rolls-Royce’s compliance programme

Rolls-Royce, the aircraft engine manufacturer, recently agreed to pay £671 million (US$830 million) to the United Kingdom, the United States, and Brazil, largely for the actions of intermediaries in locations where the British firm had no local resources. As part of a court-approved agreement, Rolls-Royce was spared prosecution in what authorities say is the largest fine ever paid to Britain's Serious Fraud Office. For a while now, critics have labelled the Serious Fraud Office as a toothless agency for failing to prevent corruption and imposing lenient penalties.

Rolls-Royce’s case is significant and relevant to compliance practitioners because it happened to a company that has one of the most highly regarded compliance programmes. The illicit acts also occurred in high-risk countries such as Indonesia, Thailand, India, Russia, Nigeria, China, and Malaysia.  These are countries where the concept of supply-chain compliance is relatively new or unheard of—markets where a risk-based approach should have been in sharp focus by the company. This has left some in the compliance industry wondering why Rolls-Royce did not detect these activities among its intermediaries.  

Now that a deferred prosecution agreement has been approved and Rolls-Royce has agreed to the payout, without specifically holding those involved accountable, what can other companies do so that they are not next? Companies should:

  • Continuously evaluate the efficacy of compliance programmes no matter how comprehensive they are.
  • Promote the culture of know-your-supplier in the compliance framework.
  • Conduct periodic internal audits to ensure policies are compliant with market requirements.
  • Undertake intense risks assessments in low- and high-risk locations where the company wishes to engage intermediaries.
  • Routinely carry out due diligence on intermediaries.
  • Take remedial measures and ensure that erring individuals are personally held accountable.
Previous Article
The new DOJ guidance explained: The top to bottom of what it means for your corporate compliance programme
The new DOJ guidance explained: The top to bottom of what it means for your corporate compliance programme

Due diligence of third parties is a critical component of an anti-bribery and corruption programme. However...

Next Article
Essential screening for vessels used in your supply or distribution chain
Essential screening for vessels used in your supply or distribution chain

Standard due diligence on vessels and their related parties may not reveal ties to governments, entities, a...

Looking for the perfect due diligence programme for your business?

Contact us