Eyes Open: How to Manage Suppliers, Vendors and Agents

Despite the number of serious fraud incidents across Asia, companies are still falling short in mitigating avoidable risks when managing third-party relationships. EY’s latest survey Knowing Your Third Party: Asia-Pacific Fraud Survey 2013, shows that many companies across Asia-Pacific are failing to adopt even the most basic controls.

Twenty six percent of our respondents have yet to put systems or processes in place to manage and monitor third-party relationships (see chart below).
Click on image to enlarge
Types of compliance monitoring processes in use
Base = 681 respondents. Source: Asia-Pacific Fraud Survey 2013, EY
For some companies this figure may not be alarming. But for those operating in Asian markets, it should act as a wake-up call. Many companies operating in Asia are highly reliant on third parties to do business, especially when navigating new markets, where the need for local contacts and procurement expertise is high.
By not managing third parties with the correct processes and systems, companies will find it difficult to detect fraud, bribery or corruption.
Vendors, agents and other risks
So which third-party groups represent the biggest risk to businesses? Our survey finds that two distinct groups pose the biggest risks:
  • vendors and suppliers, those supplying the goods or services to a company
  • agents, those authorized to act on the company’s behalf
Click on image to enlarge
The biggest compliance risk
Base = 681 respondents. Source: Asia-Pacific Fraud Survey 2013, EY

We have seen examples of businesses becoming unstuck. For example, an agent remunerated on a performance-related basis may intentionally or unintentionally offer an inducement to a business associate or government official by way of gift, entertainment or financial reward in return for a business favor or contract.
Culture of gift-giving
This type of activity can lead the company into breaching its anti-bribery and corruption policy as well as into contravening local laws. If the company is a multinational corporation with connections to the UK or the US, it may also infringe the UK Bribery Act and/or the US Foreign Corrupt Practices Act (FCPA). Of the FCPA cases reported in 2013, 90% involved third parties.
In Asia-Pacific, this type of case is often linked to the cultural tradition of gift-giving and entertainment – which is part and parcel of business culture – making it difficult to separate the two. Companies need to be cautious of these practices, which may appear to produce a short-term gain but may lead to fines and reputational risk in the longer term.
Although fines make headlines, they do not tell the whole story. Companies also bear hidden penalties such as investigation costs, diversion of management resources, reputational damage, loss of business opportunities whilst undergoing the investigation, the risk of class action litigation and the cost of remediation. A lot is at stake, which management at some companies do not seem to appreciate.
What to do about it
Companies need to tackle these issues by taking steps to structure and maintain their compliance framework, and paying close attention to vendor and supplier relationships – the higher risk third-party group. 
Executives in charge of managing their company’s risks need to create a strong monitoring system for third-party relations. This is achievable through a number of key activities, including:
  • understanding the need and role of agents
  • conducting third-party due diligence from the outset
  • introducing technology such as data analytics to monitor behavior
  • undertaking frequent compliance audits  
When carrying out due diligence on an industry and its geography, business heads should seek to understand cultural and business norms, prior incidents of fraud, previous litigation and adverse press.
This information can be used to develop comprehensive risk profiles, allowing business leaders to take a step back and make more logical decisions based on the commercial rationale for the engagement of a third party. 
Complete transparency in the way that the third party is remunerated is also vital; not only in its fees or commissions, but also in its expenses.  As such, a company’s travel and entertainment expense policy should be structured to extend to third parties.
In addition, companies should be alert to more subtle indications that a third party carries the risk of exposing the company to fraud, bribery or corruption.
Potential red flags include key personnel or shareholders not being included in business dealings, a lack of information or trading history, or a business address in a non-commercial zone or at serviced office suites.
Irregularities or tampering with the tendering process is another red flag. For example, the acceptance of late bids, bids being accepted despite failings in technical specifications or scoring, or bids at or very close to set budgets.
Despite the risks, companies should not be deterred from relying on third parties. They perform a valuable role in assisting companies venturing into new territories as well as those expanding in home markets. Nevertheless, companies should enter into any third-party dealings with eyes wide open. Taking a proactive stance toward managing third-party risk will lead to fewer challenges down the road.
About the Author
Chris Fordham is Managing Partner, Fraud Investigation & Dispute Services, at EY Asia-Pacific.
This article contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Member firms of the global EY organization cannot accept responsibility for loss to any person relying on this article.
Photo credit: Shutterstock

Suggested Articles

Some of you might have already been aware of the news that Questex—with the aim to focus on event business—will shut down permanently all media brands in Asia…

Some advice for transitioning into an advisory role

Global risks are intensifying but the collective will to tackle them appears to be lacking. Check out this report for areas of concern