Join me for an exciting webinar to learn how to avoid a car crash in your third-party due diligence program! On Thursday, August 29th at 12:00 p.m. Easter, you’ll learn:

• How to deal with the most critical part of your program – scope

• How to handle policies and procedures in a sane way

• How to manage the business and create partnerships for tackling red flags

• How to deal with attestations, due diligence questionnaires and nasty fights over “critical” third parties that refuse to participate

• The Eight Commandments of a successful due diligence program

To join me: Sign up HERE!

“But I consider the client a friend, and I’ve been giving him gifts paid for by the company for ten years now.  I have to, or we might lose his business. The whole industry gives these kinds of gifts.  This limit for reimbursement is ridiculous!”  The foregoing conversation is a real one that I had with a sales manager.  Details have been changed to protect the clueless.

 We all know that we need a good gifts and charitable donations policy.  Many of the highest profile bribery prosecutions, in the U.S. and abroad have dealt with gifts, hospitality, third-party travel, and charitable contributions violations.  Excessive gifts or charitable contributions meant to influence a decision-maker for an unfair business advantage can cause havoc, as well as violations of the FCPA, UK Bribery Act, and local law. 

 Many compliance officers struggle when putting together a gifts and charitable donations policy.  What are best practices?  What is normal?  What is excessive?  And most importantly, what is defensible to a prosecutor? 

 We at Spark Compliance have researched this issue often.  We constantly give advice and write such policies for our clients.  To help you with this task, we’ve compiled benchmarking and best practices for gifts and charitable donations.  Previously we wrote about best practices relating to entertainment and third-party travel policies.  You can read that post HERE.

 Benchmarking Your Gifts Policy

Many companies set the threshold amount for gifts at $50.00.  A survey of Fortune 500 companies showed that more than 90 percent of the respondents set gift limits at $250 or less, with more than 65 percent reporting gift limits of $100 or less.

 Additionally, in most companies with which we have consulted, pre-approval by compliance or legal is required for all gifts to government officials. 

 In many companies, Internal Audit performs spot-checks of gifts receipts to ensure the process was properly followed. 

Best Practices for Gifts Policies…

“But I want to send my wife to the Manolo Blahnik launch party in Barcelona. What’s the big deal – I’ve gone every year?  Yes, this year I’ll be in Africa on business at the time, but since it has a plus-one, so this time my wife can take my daughter. I don’t understand the problem.”  The foregoing conversation is a real one that I had with a CEO.  Details have been changed to protect the clueless.

We all know that we need a hospitality and third-party travel policy.  Many of the highest profile bribery prosecutions, in the U.S. and abroad have dealt with gifts, hospitality, third-party travel, and charitable contributions violations.  Excessive hospitality, gifts or charitable contributions meant to influence a decision-maker for an unfair business advantage can cause havoc, as well as violations of the FCPA, UK Bribery Act, and local law.

Many compliance officers struggle when putting together an entertainment and third-party travel policy.  What are best practices?  What is normal?  What is excessive?  And most importantly, what is defensible to a prosecutor? 

We at Spark Compliance have researched this issue often.  We constantly give advice and write such policies for our clients.  To help you with this task, we’ve created the definitive guide to gifts, entertainment, charitable contributions, and third-party travel policies.  This is the first of two posts – this one on benchmarking and best practices for entertainment and third-party travel policies. 

Benchmarking your Entertainment and Third-Party Travel Policy

A survey of Fortune 500 companies showed that more than 80 percent of respondents have spending limits of $250 or less for entertainment or hospitality, with approximately 35 percent of respondents limiting entertainment expenses to less than $100.

The vast majority of our clients have spending limits of $100 or $150 for hospitality to non-governmental officials.  In many companies, Internal Audit performs spot-checks of hospitality and third-party travel receipts to ensure the process was properly followed. 

Best Practices for Hospitality and Travel Policies…

Jean-Paul Sartre famously said that, “Hell is other people.”  For many compliance officers, hell is dealing with other people known as third-parties, and the companies they own.

Third-party management is a perennial headache.  Recently at the Compliance Week conference, on-the-ground polling found that third-party management was the greatest challenge facing compliance officers today.  Tracking metrics around third-party management is critical to seeing trends in your company, and being able to respond to movements in the business quickly.

In this blog, we’re going to explore metrics relating to third-party management.  This is Part 5 of our series.  If you haven’t read Part 1, I recommend you go back and start there, as it sets the stage regarding why certain metrics should be chosen.  We’ve already explored metrics that can be used with policies and procedures, which can be found HERE, monitoring and auditing, which can be found HERE, and training, which can be found HERE.

Too Much Information (for a change!)

Perhaps more than any other area of the seven elements of an effective compliance program, third-party metrics are usually the easiest to collect.  Most large companies have some sort of online or technology-based system that can gather data.  Even small companies managing third-parties on an Excel sheet can sort by column to find out how many third-parties they have in a certain country. 

Because of this wealth of data, choosing the right metrics relating to third-parties is critical.  Having numbers for numbers’ sake is not useful.  You must carefully answer the most fundamental question when choosing third-party-related metrics…

When was the last time you thought through your third-party management and due diligence process?  Perhaps you inherited a system that was in place when you arrived, and you’ve never changed it.  Perhaps you’re trying to manage it on an Excel sheet.  Perhaps you know it’s a problem, but you’ve never actually done anything about it…

Considering that 90% of reported FCPA cases involve a third-party intermediary, and one-in-two global enforcement actions involved a third-party, your third-party risk management program is a crucial part of your compliance program.

Is your current third-party risk management and due diligence system up-to-scratch?  Here are five questions you should be asking yourself to find out.

Question 1: Is my system truly risk-based?

The most frequent problem we see in due diligence program reviews is non-risk-based systems.  This usually happens because a conservative lawyer or compliance person worried that a risk-based system might let a problematic party through the system, endangering the company.  What tends to result from this blunt-instrument approach is over-spending and too much attention spent on lower-risk third-parties.

The DOJ endorses a risk-based approach.  The DOJ’s Resource Guide to the Foreign Corrupt Practices Act states that “performing identical due diligence on all third-party agents, irrespective of risk factors, is often counterproductive, diverting attention and resources away from those third-parties that pose the most significant risks.  DOJ and SEC will give meaningful credit to a company that implements in good faith a comprehensive, risk-based compliance program, even if that program does not prevent an infraction in a low-risk area because greater attention and resources had been devoted to a higher risk area.”

Ask yourself whether lower-risk parties get a lower level of due diligence and whether the hoops those parties jump through are smaller than those required for higher-risk third-parties.  If the answer is no, re-think your approach.

Question 2: Is my system consistently applied? …

Note: This is a guest post by attorney and compliance expert Ramsey Kazem.  It is the third in a five-part series that we will be sharing