ISACA Ireland

Effective crowd control

Managing third party integrity risks

www.pwc.co.uk

30 April 2014

Managing third party integrity risksPwC

Agenda

Background:

• The third party risks faced by organisations

• How third party risks can be managedQuestions

April 2014Slide 2

Managing third party integrity risksPwC

Background

Slide 3April 2014

Awareness of third party risks faced by organisations:

•Highlighting the spectrum of risks; and•Exploring how they can be managed.

Driving factors:

•Anti-bribery legislation; •Regulatory landscape; and•Drive for transparency and accountability.

PwC

The risks faced by organisations Adequate procedures

Slide 4April 2014

The UK Bribery Act requires organisations to put in place ‘adequate procedures’ to prevent bribery and corruption. Directors are personally responsible for ensuring this happens and the potential costs of non-compliance are great.

Know who you are doing business with: Third party suppliers, joint venture partners, acquisition targets,

agents, distributors, customers, licensees

Managing third party integrity risks

Managing Third Party Integrity RiskPwC Slide 5

April 2014

Third parties: opportunity or threat?

• 41% of UK companies pursued an opportunity in a high risk market in 2013, many of which involved a third party in support.

• The average FTSE100 company has over 100,000 third party relationships of many types.

• For SMEs, third party business partners and suppliers represent the most accessible route to new markets.

• 80-90% of reported corruption enforcement cases in last 2 years involved illicit payments by a third party.

• Companies are responsible for acts of “associated persons” performing services on their behalf under the UK Bribery Act.

• 22% of UK companies reported having suffered procurement fraud in 2013.

Managing Third Party Integrity RiskPwC

Rolls-Royce has been plunged into a fresh crisis. The SFO has launched a criminal investigation into allegations that the company paid multimillion-pound bribes in Indonesia and China.(2014)

Total S.A. was fined for paying bribes to intermediaries of an Iranian government official who helped the company obtain valuable contracts to develop oil and gas fields. Total agreed to pay $398 million to settle SEC and criminal charges. (2013)

FCA fines insurance company for “lack of bribery controls”.JLT was fined £1.8m by the FCA for having an "unacceptable" approach to bribery in overseas markets, and failing to carry out proper checks before beginning new working relationships with introducers overseas. (2013)

Freight forwarding agent Panalpina

and its clients were fined by the SEC

and DOJ for bribing foreign officials for

customs clearances between 2002 and

2007. Panalpina was also charged with

conspiring to violate books and records

provisions of the FCPA. (2010)

Slide 6April 2014

Tesco sales tumble on horsemeat scandalBritain's biggest supermarket hit by sales slide in nine of its 11 global markets and warns non-food items face further decline (2013)

PwC

The risks faced by organisations

Slide 7April 2014

Lack of controls

Lack of experience / qualifications

Poor quality of service

Interference in recommending / securing

third parties

Third parties

M&A activityJoint venture arrangements

Agent/distributor channels

Unclear corporate structures

Territories

Sectors

Reputational damage/Loss of integrity

Managing third party integrity risks

Regulatory

Bribery and corruption

Insider dealing

Cartel activity

Conflicts of interest

Regulatory / legal failures

PwC

The risks faced by organisations Territory risk – perceived levels of corruption

8

PwC

How risks can be managedThe toolkit

Slide 9April 2014

Emerging market ‘red flags’

Due diligence and monitoring programme

Comprehensive employment screening programme

Tone from the top, buy-in

Formal and robust compliance policy and procedures

Monitor, review and refine policies and processes

Technology and best practice

Communication, training and embedding

Regular fraud risk assessments

Effective internal audit and financial reporting systems and

reviews

Monitoring and reportingChanges in personnel and management structures

Key risks management tools

Managing third party integrity risks

PwC

Third Party Identificatio

n

Risk Assessme

nt(+business

case)

Due Diligence

Policy, Procedures

, Engageme

nt

Ongoing Monitorin

g

Continuous review and enhancement

Effective crowd control: Key stages

Approvals

Slide 10April 2014Managing Third Party Integrity Risk

PwC

Managing third party integrity risksKey messages

Slide 11April 2014

Effective risk management is more than just financial

Organisations face significant risks as a result of increasing exposure to third party arrangements

Best practice and regulatory requirements make it increasingly difficult for organisations to sit back and do nothing

Managing third party integrity risks

PwC

Q&A

April 2014Slide 12

Managing third party integrity risks