The Panama Papers scandal should serve as a wake-up call for every organization—and it should prompt compliance officers to closely scrutinize the third party vendors they do business with.
The Panama Papers are made up of millions of documents pulled from the law firm Mossack Fonseca files and leaked to the media. While it may seem like “karma” for Mossack’s clients who may have been trying to obscure shadowy financial transactions, it’s a catastrophic breach for the firm—and for its clients, many of whom may be ethical, law-abiding organizations that have also had their confidential information compromised.
As I recently wrote in reviewing our Third Party Risk Management Benchmark Report, released in March, compliance officers are struggling to deal with the risk of third party misconduct. In the wake of the Panama Papers, the compliance lesson for organizations is that it is more important than ever to take steps to ensure you’re managing that risk.
In any relationship with a third party organization, risk management should begin before engagement and it should begin with due diligence. When an organization considers engaging a third party to represent it, the mindset should be that the third party often stands in for an employee.
A risk-based due-diligence evaluation will include looking for past issues, such as negative publicity, placement on a watch list or other publicly discoverable information. If your organization values and maintains strong compliance and training programs (especially around anti-bribery and corruption) any third party you engage should also be expected to support and visibly demonstrate a similar commitment.