Despite the number of serious fraud incidents across Asia, companies are still falling short in mitigating avoidable risks when managing third-party relationships. EY’s latest survey Knowing your third party – Asia-Pacific Fraud Survey 2013 shows that many companies across Asia-Pacific are failing to adopt even the most basic controls, with 26 per cent of our respondents yet to put systems or processes in place to manage and monitor third-party relationships. For some companies this figure may not be alarming but for those operating in Asian markets it should act as a wake-up call. Many companies operating in Asia are highly reliant on third parties to do business, especially when navigating new markets, where the need for local contacts and procurement expertise is high. By not managing third parties with the correct processes and systems, companies will find it difficult to detect fraud, bribery or corruption. So which third-party groups represent the biggest risk to businesses? Our survey finds that two distinct groups pose the biggest risks: vendors and suppliers, those supplying the goods or services to a company; followed by agents, those authorised to act on the company’s behalf. We have seen examples of businesses becoming unstuck. For example, when an agent remunerated on a performance-related basis intentionally or unintentionally offers an inducement to a business associate or government official by way of gift, entertainment or financial reward in return for a business favour or contract. This type of activity can lead the company into breaching its anti-bribery and corruption policy as well as into contravening local laws. If the company is a multinational corporation with connections to the UK or the US, it may have also infringed the UK Bribery Act and/or the US Foreign Corrupt Practices Act (FCPA). Of the FCPA cases reported last year, 90 per cent involved third parties. In Asia-Pacific, this type of case is often linked to the cultural tradition of gift-giving and entertainment – which is part and parcel of business culture – making it difficult to separate the two. Companies need to be cautious of these practices, which may appear to produce a short-term gain but may lead to fines and reputational risk in the longer term. Although fines make headlines, they do not tell the whole story. Companies also bear hidden penalties such as investigation costs, diversion of management resources, reputational damage, loss of business opportunities whilst undergoing the investigation, the risk of class action litigation and the cost of remediation. A lot is at stake, which management at some companies do not seem to appreciate. Companies need to tackle these issues by taking steps to structure and maintain their compliance framework, paying close attention to vendor and supplier relationships – the higher risk third-party group. Executives in charge of managing their company’s risks need to create a strong monitoring system for third-party relations, achievable through a number of key activities including understanding the need and role of agents, conducting third-party due diligence from the outset, introducing technology such as data analytics to monitor behaviour and undertaking frequent compliance audits. When carrying out due diligence on an industry and its geography, business heads should seek to understand cultural and business norms, prior incidents of fraud, previous litigation and adverse press. This information can be used to develop comprehensive risk profiles, allowing business leaders to take a step back and make more logical decisions based on the commercial rationale for the engagement of a third party. Complete transparency in the way that the third party is remunerated is also vital; not only in its fees or commissions, but also in its expenses. As such, a company’s travel and entertainment expense policy should be structured to extend to third parties. In addition, companies should be alert to more subtle indications that a third party carries the risk of exposing the company to fraud, bribery or corruption. Potential red flags include key personnel or shareholders not being included in business dealings, a lack of information or trading history, or a business address in a non-commercial zone or at serviced office suites. Irregularities or tampering with the tendering process is another red flag. For example, the acceptance of late bids, bids being accepted despite failings in technical specifications or scoring, or bids at or very close to set budgets. Despite the risks, companies should not be deterred from relying on third parties. They perform a valuable role in assisting companies venturing into new territories as well as those expanding in home markets. Nevertheless, companies should enter into any third-party dealings with eyes wide open. Taking a proactive stance toward managing third-party risk will lead to fewer challenges down the road. ________________________________________________________ Chris Fordham is the managing partner, Asia Pacific, for fraud investigation & dispute services at Ernst & Young This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Member firms of the global EY organisation cannot accept responsibility for loss to any person relying on this article.