While I have devoted the first two postings to outlining all the downside risks of third-party management and threats to overall organization resiliency and operations, it is important to consider the positive upside of managing your third party population. After all, a large number of third parties represent your organization, such as agents, distributors, and resellers, in the marketplace and frequently interact with company customers.
Instead of looking at the downside of this situation, let’s look at the upside. Third-party representatives, while creating certain legal risks (e.g. bribery, sanctions, money laundering, antitrust), can be managed to promote your company’s culture, and should reflect an onboarding and due diligence process designed to ensure that your third party population operate consistent with your ethics and culture requirements. This is an important opportunity to extend your company’s culture in the marketplace.
A starting point, therefore, in third-party risk management is to identify expectations for conduct by your third parties in the marketplace. A guiding set of principles is an important starting point. Every company should outline basic requirements on each side of the equation — as a sales agent, distributor or reseller, and as a vendor or supplier.
In practice, this requirement typically translates into two documents — a Distributor Code of Conduct and a Vendor/Supplier Code of Conduct. The Codes of Conduct outline important principles governing the relationship between your organization and these third parties and usually include representations that are referenced in commercial contractual agreements. Companies should review these documents and specific contracts and purchase order forms to incorporate salient points to underscore the importance of the company’s ethics and culture as well as references to contractual provisions.
To reinforce the importance of ethics and compliance issues, companies should look for opportunities to promote these important ideas. Organizations should ensure that robust training programs are required for relevant third parties to communicate the importance of the company’s ethics and compliance commitments. This message should be reinforced by appropriate third-party certifications as to adherence to the company’s code of conduct and values.
Many companies hold annual meetings of its distributors and sales agents as an important way to coordinate business opportunities and ensure compliance with company requirements. These are important events and frequently bolster commercial and compliance performance by third parties. Annual meetings, whether global or regional, bring together third parties and build loyalty and commitment among third parties and company representatives. CCOs should ensure that they appear at the meeting and make use of the opportunity by conducting training and furthering discussion of legal and compliance issues.
Companies that have a defined ethical culture have to design and implement third-party risk management policies and procedures that promote their culture through the onboarding, oversight and auditing process. The onboard and due diligence process is an important opportunity to explain and underscore the company’s ethics and culture.
Proactive companies view the onboarding process as an opportunity to communicate to the third-party the importance of ethics and corporate culture and values. These companies incorporate opportunities to explain the corporate culture, reaffirm to the prospective third-party the company’s code, the specific third-party code of conduct, compliance and training obligations and the overall corporate mission and values. To ensure that more than just one employee at the third party is initially aware of these important issues, CCOs should seek certifications, signatures and other opportunities to disseminate widely the initial onboarding documentation beyond the completion of a questionnaire or other electronic filing.
Once the onboarding process has been completed and a contract is executed, an initial training session and orientation would be another valuable practice, although such requirements may bump against the reality of expedited onboarding and immediate business interactions. But there is no reason that such interactions could not occur simultaneously or close in time with training and orientation.
An effective and robust initial onboarding process is critical to communicate an initial set of expectations and follow up practices. Once this occurs, and the third-party learns about the organization’s commitment to ethics and compliance, a positive business relationship can be built.