The Red Flag Group®
Connecting compliance risks

How to manage compliance risks created by intermediaries

How to manage compliance risks created by intermediaries

Multinational companies frequently turn to intermediaries to conduct business on their behalf in countries where they have no established operations. But dealing with intermediaries contains risk, and that risk increases if the intermediaries have no interest, capacity, or resources to formulate their own effective compliance programmes.

Any business that engages intermediaries or agents in its product supply chain is exposed to risks and needs to extensively scrutinise these intermediaries. Such scrutiny may include, but is not limited to:

  • In-depth due diligence
  • Routine supplier integrity training
  • Discreet on-site reputational and integrity checks
  • Periodic third-party agreement review and certification
  • Extensive supplier background and integrity checks
  • Third-party adherence to supply-chain compliance

If you do not undertake these basic requirements, you may end up being fined for offences committed by your intermediaries in countries where they provide services on your behalf. Even after fines have been paid, the reputational stigma can be a perpetual problem.

The case study: Lessons learned from Rolls-Royce’s compliance programme

Rolls-Royce, the aircraft engine manufacturer, recently agreed to pay £671 million (US$830 million) to the United Kingdom, the United States, and Brazil, largely for the actions of intermediaries in locations where the British firm had no local resources. As part of a court-approved agreement, Rolls-Royce was spared prosecution in what authorities say is the largest fine ever paid to Britain's Serious Fraud Office. For a while now, critics have labelled the Serious Fraud Office as a toothless agency for failing to prevent corruption and imposing lenient penalties.

Rolls-Royce’s case is significant and relevant to compliance practitioners because it happened to a company that has one of the most highly regarded compliance programmes. The illicit acts also occurred in high-risk countries such as Indonesia, Thailand, India, Russia, Nigeria, China, and Malaysia. These are countries where the concept of supply-chain compliance is relatively new or unheard of—markets where a risk-based approach should have been in sharp focus by the company. This has left some in the compliance industry wondering why Rolls-Royce did not detect these activities among its intermediaries.  

Now that a deferred prosecution agreement has been approved and Rolls-Royce has agreed to the payout, without specifically holding those involved accountable, what can other companies do so that they are not next? Companies should:

  • Continuously evaluate the efficacy of compliance programmes no matter how comprehensive they are.
  • Promote the culture of know-your-supplier in the compliance framework.
  • Conduct periodic internal audits to ensure policies are compliant with market requirements.
  • Undertake intense risks assessments in low- and high-risk locations where the company wishes to engage intermediaries.
  • Routinely carry out due diligence on intermediaries.
  • Take remedial measures and ensure that erring individuals are personally held accountable.