Making the Case for Compliance Training for Third Parties

How to make the case for implementing third party compliance training in your organization.

A recent article in the San Francisco Chronicle profiled Jay Jorgensen, the new Global Chief of Compliance at Walmart. The article outlined some of the steps he and the company are taking to rebuild the public’s trust and recapture the compliance high road. As part of that initiative, Walmart is focusing heavily on addressing and lowering the risks related to the use of third parties; something all of us should be concerned with.

Third Party Use is On the Rise—So is the Risk

Third party risk management is troublesome for many companies. Providing ethics and compliance training is one of the most effective ways to the reduce risk of misconduct by third parties, and helps establish key defenses when violations occur. However, as our NAVEX Global Training Benchmarking report shows, more than 57% of the companies surveyed said they provided no training for their third parties.

Recognizing the Problem is Not Enough

Additional NAVEX Global research emphasizes the disconnect between the recognition that third parties are a growing risk (92 percent of respondents expected to grow the use of third parties or weren’t sure) and the solutions survey respondents implemented to address the risk (36 percent of respondents only track information on their most critical third party relationships and 35 percent do not track third party information at all).

Related Resource: A Prescriptive Guide to Third Party Risk Management

Implementing Third Party Training Can Be Complex, But Effort is Worth It

It is a significant challenge for compliance officers to identify and train all of their employees, much less third parties. Third parties can be hard to identify, risk rank and train or certify before engaging them.

Increasing the difficulty level is the fact that your business partners often profess to need these third parties “yesterday.” Nevertheless, engaging third parties before completing due diligence places companies at unnecessary risk. And failing to train them after you’re working with them is missing an opportunity to significantly reduce risk.

Training is also clearly a preferred method for meeting the standard suggested in the SEC/DOJ’s “A Resource Guide to the U.S. Foreign Corrupt Practices Act.” When it comes to third parties, the guide makes it clear that, in addition to a risk based due diligence and business purpose tests:

"[The] DOJ and SEC also assess whether the company has informed third parties of the company’s compliance program and commitment to ethical and lawful business practices and, where appropriate, whether it has sought assurances from third parties, through certifications and otherwise, of reciprocal commitments. These can be meaningful ways to mitigate third-party risk. (p.60-61)"

Making Third Party Training a Reality in Your Organization

Effective third party training can be challenging for many companies to manage on their own. Companies without the resources of a company as large as Walmart—or the added sense of urgency a regulatory investigation brings into focus—may find little support for the necessary effort needed to train hundreds or even thousands of third parties.

One key to making third party compliance training a reality in your organization is to conduct a risk assessment and make a business case for implementing best practices, which should include:

  1. Have clear anti-bribery and third party supply chain statements in your code of conduct as well as separate policies;
  2. Identify and rank the risks of third parties;
  3. Complete appropriate risk based due diligence on the risk level of each third party before engaging them, and continuously monitor the third parties for any red flags (optimally using an automated system), and
  4. Ensure that third parties have an effective compliance program in place, and are aware of and trained on your company’s expectations with respect to bribery and corruption.

Chat with a solutions expert to learn how you can take your compliance program to the next level of maturity.

How Do I Know If My Policy Management System Is Working?

Measuring the effectiveness of a policy management system can be a challenge. This article provides links to a set of tools that will help you determine areas where your program is excelling—and areas that may need additional attention and resources.

Previous/Next Article Chevron Icon of a previous/next arrow. Previous Post

Building a Culture-Changing E&C Program: Six Essentials

Compliance programs are effective only to the degree that they help build and support a strong organizational culture. So what does a strong corporate culture look like? And what ethics and compliance tools can help support it? Learn about the essential characteristics of companies whose E&C programs and corporate culture deliver significant value to their business.

Next Post Previous/Next Article Chevron Icon of a previous/next arrow.