Risky business: avoiding third party fraud

By Marvin Perrin L. Pe

First published in Business World (03/31/2014 – p.S1/6)

THERE are basic truths to doing business. One of these truths is that to generate profit, you have to take risks — the bigger the profit, the higher the risks. While there are various types of risk that companies today face, we will focus on third-party fraud and corruption risk in this column.

What is a third party?

A third party is an individual or entity that is involved in a transaction, but is not one of its principals. Based on this definition, if your company is the seller (first party), and the customer is the buyer (second party), then all other companies and individuals that are not part of your company or your customer’s company is a third party. Depending on the nature of your business, suppliers, customs brokers, sub-contractors, outsourcing companies, manpower agencies, health care providers and even business consultants can be considered third parties.

Let’s face it. Few businesses can operate without third parties. And as companies start increasing in size and start to delegate functions that entail the exercise of some form of discretion by more people, the chances of fraud and corruption occurring likewise grow.

In January 2014, Ernst and Young released the first Asia-Pacific Fraud Survey results titled “Knowing Your Third Party.” The survey highlighted the risks which companies are exposed to when transacting with third parties. In the survey, the biggest compliance risk to a business operation comes from vendors and suppliers — parties that supply goods or services to the company.

A common observation surfaced in the survey is that a person with discretion over purchasing decisions or recommendations may take advantage of his or her position by demanding a reward or kickback from suppliers bidding to provide services or goods to the company in exchange for purchasing decisions or recommendations. The reward may take the form of excessive entertainment, favors or cash. It is funded through erosion of margin at the supplier and in turn is paid for by a higher purchase cost for the company. The company bears the ultimate cost.

However, the potential damage to businesses caused by third-party fraud and corruption goes beyond higher-priced goods and services. The greater impact may be the risk of a damaged reputation, regulatory fines, and restrictions of business opportunities. The reduced margin at the supplier may impact on the quality of the supplied goods and/or services, and eventually lead to an overall deterioration in the quality of the end-product for the consumer. This, in turn, can translate to reputational issues in the market that would ultimately affect the company’s growth and profitability.

To illustrate this point, let’s say Co. A, a construction company, has built a strong reputation in the industry for delivering high-quality work. Let’s say that Co. A sub-contracts structural work to a third party construction company, Co. B. Unknown to Co. A, Co. B bribes some of Co. A’s engineers to approve its substandard workmanship. Unfortunately for Co. A, Co. B’s faulty work causes the collapse of a section of the building resulting in the injury of several people. In this case, Co. A will receive negative publicity. It would have to settle with the customer who had commissioned the building. The victims can also sue for injuries sustained. Moreover, the company could be banned from bidding in future projects by other prospective customers. Regulatory bodies could also step in and penalize Co. A, or worse, cancel its license.

To address supplier fraud and corruption issues, the survey suggests that third-party due diligence, forensic data analytics (FDA), and frequent compliance audits should form part of a broad set of risk management measures to monitor third parties and identify potential conflicts of interest.

Performing third-party due diligence is critical as it represents a systematic and consistent effort to vet business relationships tiered by levels of inquiry based on a thorough business inventory and risk assessment. It helps business leaders not only understand the third parties with whom the company will be contracting, but also the broader context in which they will operate. This is a step ahead of most companies’ regular practice of simply collecting a set of required documents from prospective suppliers and filing these documents away with little or no analysis done.

The use of FDA enables companies to transform large volumes of transactional data into valuable actionable business intelligence within a short period of time. Within large organizations, data is usually stored in separate and disparate databases across the organization controlled by different business units. FDA can extract and combine data from all relevant sources. Moreover, FDA does not rely on sampling but uses 100% of the available and relevant data to obtain meaningful insights for investigative, legal, regulatory, anti-fraud or risk mitigation matters. It can also assist internal audit and compliance teams to focus on potentially anomalous transactions across business functions and enhance their focus of reviews in times where costs are being heavily scrutinized.

It is also crucial that companies conduct compliance audits on third parties on a regular basis. Simply putting a “right to audit” clause in supplier agreements is not sufficient to mitigate supplier fraud and corruption risks. Regular audits should be performed to demonstrate to third parties the importance of ethical business conduct. Third parties should be made aware that they need to maintain full and transparent information for all business dealings on behalf of the company, making them available for review when required.

In addition, there should be an incentive for compliance or a threat of disengagement for noncompliance. Standards must be applied vigorously to these third parties because of their importance to the company’s performance, and not just for fear that noncompliance could cause issues for the company. Accountability is an important aspect of any business relationship.

The fraud survey on third party risks validates what is already common business knowledge — that a company’s dealings with third parties can be a major source of fraud and corruption risks. If mismanaged, these can cause significant harm to a company on various fronts. While many companies have started to address and minimize third party risks in several ways, these initiatives require genuine commitment and cooperation from key stakeholders in order for them to make a significant impact.

Marvin Perrin L. Pe is a senior director of SGV & Co.

This article is for general information only and is not a substitute for professional advice where the facts and circumstances warrant. The views and opinion expressed above are those of the author and do not necessarily represent the views of SGV & Co.