This is an important question, and your TPRM program should absolutely work to safeguard your organization from corporate corruption, just as you should be utilizing your third-party risk management strategies to protect against data breaches. There are scenarios of your own Liability with a vendor's poor conduct when you participate, aid or authorize.
Thinking tactically, beyond your own internal policies against bribery/corruption and in support of sound accounting practices, you can scrutinize your vendors via initial and recurring due-diligence. You will want to ensure you have contract language that allows for your "right to audit" and for anti-corruption commitments. And you can request a compliance certification or annual written confirmation that they are familiar with and understand the FCPA.
The areas and artifacts listed below should allow you to further identify red-flags and validate a vendors' ability and intent to follow the US-based guidance.
- SOC1
- OFAC and PEP check on the vendor
- Evidence of TPRM (ideally via a Policy) that includes OFAC and PEP checks on their own vendors (your 4th-parties).
- Anti-bribery policy and ability to train staff on prohibited transactions
- Travel and Expense Policy
- Compliance Policy
- other audits
I would love to hear what other members are thinking about regarding FCPA.
Original Message:
Sent: 11-01-2023 10:57 AM
From: Anonymous Member
Subject: Foreign Corrupt Practices Act of 1977
This message was posted by a user wishing to remain anonymous
How do you validate whether a TP is complying with the Foreign Corrupt Practices Act of 1977?