isaca ireland effective crowd control managing third party integrity risks 30 april 2014
TRANSCRIPT
ISACA Ireland
Effective crowd control
Managing third party integrity risks
www.pwc.co.uk
30 April 2014
Managing third party integrity risksPwC
Agenda
Background:
• The third party risks faced by organisations
• How third party risks can be managedQuestions
April 2014Slide 2
Managing third party integrity risksPwC
Background
Slide 3April 2014
Awareness of third party risks faced by organisations:
•Highlighting the spectrum of risks; and•Exploring how they can be managed.
Driving factors:
•Anti-bribery legislation; •Regulatory landscape; and•Drive for transparency and accountability.
PwC
The risks faced by organisations Adequate procedures
Slide 4April 2014
The UK Bribery Act requires organisations to put in place ‘adequate procedures’ to prevent bribery and corruption. Directors are personally responsible for ensuring this happens and the potential costs of non-compliance are great.
Know who you are doing business with: Third party suppliers, joint venture partners, acquisition targets,
agents, distributors, customers, licensees
Managing third party integrity risks
Managing Third Party Integrity RiskPwC Slide 5
April 2014
Third parties: opportunity or threat?
• 41% of UK companies pursued an opportunity in a high risk market in 2013, many of which involved a third party in support.
• The average FTSE100 company has over 100,000 third party relationships of many types.
• For SMEs, third party business partners and suppliers represent the most accessible route to new markets.
• 80-90% of reported corruption enforcement cases in last 2 years involved illicit payments by a third party.
• Companies are responsible for acts of “associated persons” performing services on their behalf under the UK Bribery Act.
• 22% of UK companies reported having suffered procurement fraud in 2013.
Managing Third Party Integrity RiskPwC
Rolls-Royce has been plunged into a fresh crisis. The SFO has launched a criminal investigation into allegations that the company paid multimillion-pound bribes in Indonesia and China.(2014)
Total S.A. was fined for paying bribes to intermediaries of an Iranian government official who helped the company obtain valuable contracts to develop oil and gas fields. Total agreed to pay $398 million to settle SEC and criminal charges. (2013)
FCA fines insurance company for “lack of bribery controls”.JLT was fined £1.8m by the FCA for having an "unacceptable" approach to bribery in overseas markets, and failing to carry out proper checks before beginning new working relationships with introducers overseas. (2013)
Freight forwarding agent Panalpina
and its clients were fined by the SEC
and DOJ for bribing foreign officials for
customs clearances between 2002 and
2007. Panalpina was also charged with
conspiring to violate books and records
provisions of the FCPA. (2010)
Slide 6April 2014
Tesco sales tumble on horsemeat scandalBritain's biggest supermarket hit by sales slide in nine of its 11 global markets and warns non-food items face further decline (2013)
PwC
The risks faced by organisations
Slide 7April 2014
Lack of controls
Lack of experience / qualifications
Poor quality of service
Interference in recommending / securing
third parties
Third parties
M&A activityJoint venture arrangements
Agent/distributor channels
Unclear corporate structures
Territories
Sectors
Reputational damage/Loss of integrity
Managing third party integrity risks
Regulatory
Bribery and corruption
Insider dealing
Cartel activity
Conflicts of interest
Regulatory / legal failures
PwC
How risks can be managedThe toolkit
Slide 9April 2014
Emerging market ‘red flags’
Due diligence and monitoring programme
Comprehensive employment screening programme
Tone from the top, buy-in
Formal and robust compliance policy and procedures
Monitor, review and refine policies and processes
Technology and best practice
Communication, training and embedding
Regular fraud risk assessments
Effective internal audit and financial reporting systems and
reviews
Monitoring and reportingChanges in personnel and management structures
Key risks management tools
Managing third party integrity risks
PwC
Third Party Identificatio
n
Risk Assessme
nt(+business
case)
Due Diligence
Policy, Procedures
, Engageme
nt
Ongoing Monitorin
g
Continuous review and enhancement
Effective crowd control: Key stages
Approvals
Slide 10April 2014Managing Third Party Integrity Risk
PwC
Managing third party integrity risksKey messages
Slide 11April 2014
Effective risk management is more than just financial
Organisations face significant risks as a result of increasing exposure to third party arrangements
Best practice and regulatory requirements make it increasingly difficult for organisations to sit back and do nothing
Managing third party integrity risks