Third Party Risk Management

Fikret Sebilcioğlu
  • Fikret Sebilcioğlu, CFE,CPA,Anti-Bribery Spec. 
  • Managing Partner
  • E-mail to Fikret

Seda Bayraktar

Multinational companies having presence in Turkey are placing an increased emphasis on the need to understand the fraud and corruption risks posed by the third parties with whom they contract (including their distributors, agents, representatives and critical parties in their supply chain), particularly for compliance with cross-border anti-corruption legislation introduced in many western jurisdictions.

Under many legal frameworks, organizations may be held liable for acts of corruption by their third parties. Dedicated third party monitoring clearly reduces legal costs. Organizations that apply adequate resources to monitoring third parties through FTEs and outsourced third party due diligence providers are less likely to have faced legal action. 

In the field of anti-corruption in particular, due diligence obligations on third parties have recently expanded in the wake of various laws and conventions such as the US Foreign Corrupt Practices Act (FCPA)the UK Bribery Act, the United Nations Convention against Corruption and the OECD Anti-Bribery Convention. Under most of these laws, corporate criminal liability can be triggered when the bribe is paid by or through third parties including agents, consultants, suppliers, distributors, joint-venture partners, or any individual or entity that has some form of business relationship with the company. Therefore, companies look into the details of transactions and their related third parties to identify and avoid the risk that third parties could bribe on their behalf. 

Governments from all regions are introducing stricter laws to combat bribery in business transactions. Enforcement is on the rise, with criminal penalties for wrongdoing reaching record levels. The extraterritorial reach of anti-corruption laws also means that organizations doing business and raising capital in multiple jurisdictions can be prosecuted for acts of bribery committed anywhere in the world.

In light of this uptick in regulatory and enforcement activity, organizations are devoting more and more resources to establishing policies, infrastructure and processes aimed at fighting corruption within their own businesses and throughout their supply chains.

An area of special attention has been the prevention of indirect corruption (i.e. through third parties), which is explicitly prohibited by the United Nations Convention against Corruption, the OECD Anti-Bribery Convention and the national legislations of their signatory countries. In fact, conducting risk-based due diligence on third parties has become a legal expectation in many countries that have ratified the OECD Anti-Bribery Convention and/or the United Nations Convention against Corruption, and conducting adequate due diligence may help organizations decrease, and under some laws even avoid, the risk of criminal culpability for corrupt third-party conduct. 

How Cerebra can help 

Cerebra provides third-party due diligence on behalf of clients operating in Turkey. We work with clients to develop due diligence approaches that are appropriate for third parties presenting varying levels of risk, while providing the additional benefit of an objective and independent perspective. Our methodologies are informed by and responsive to a wide range of risks as well as various laws including the U.S. Foreign Corrupt Practices Act (FCPA), UK Bribery Act. 

Cerebra performs third party due diligence projects considering that the level of scrutiny necessary for an organization to reach reasonable confidence that it is engaged in a normal, legitimate business transaction varies with corruption risk. The level of corruption risk determines how much scrutiny is required to be able to defend before a judge or a prosecutor that the organization is confident it is dealing with a bona fide third party. The higher the risk, the broader and deeper the third-party due diligence should be.

Cerebra provides a comprehensive and dedicated third party risk management in the following areas:

  • Third party risk assessment: Using a risk assessment process for addressing third party risks and ensure the level of resources provided is commensurate with the level of risk.
  • Third-party screening: Using advanced analytics to collect and examine data from the internet and proprietary databases to identify risk indicators.
  • Third-party questionnaires: Managing due diligence questionnaire process for third parties which are determined by the Company management based on risks.
  • Due diligence support: Analyzing questionnaire results, preparing due diligence reports and escalating cases with serious findings to your compliance team for decision-making.
  • Background checks: Conducting comprehensive checks, including detailed research into companies, key individuals, and ultimate beneficial owners.
  • Third party audit (on-site inspections): Conducting on-site, detailed assessments of the third-party’s control environment.
  • Ongoing monitoring: Performing ongoing analysis (using data analytics) of various data sources to identify any emerging or new issues regarding third parties you onboard. The scope of the monitoring will depend on your requirements and risk appetite.