The increasing exposure to ethical and compliance risks in the extended enterprise
05 October 2018
We have all seen how advances in technology and e-commerce over recent years have made it increasingly easy for companies to reach and penetrate new markets. However, we have witnessed from working with our clients a growing counter-trend: the ability to identify, assess and connect with new potential customers does not entirely remove the need for some local market presence to build customer relationships in local language, obtain licenses to trade, agree local contracts and move products into markets and to customer locations.
Setting up a local market affiliate or subsidiary is a high cost and high risk undertaking and doesn’t guarantee the company will be able to generate the local networks necessary for success. So it’s understandable that when planning to open up a new market, or to establish an ability to continuously serve a smaller market, the preferred approach is increasingly to engage local third parties to represent the company’s interests.
In our experience, almost all large companies rely on some form of an extended enterprise. This is rapidly expanding to include more than just suppliers and vendors but also distributors, contract sales organisations, customs brokers, regulatory or government liaison agencies, specialist service providers and other commercial alliances to help deliver the business model and generate value.
With opportunity comes risk
An extended enterprise can bring about many benefits to a company; cost efficiencies, subject matter expertise, access to geographies, resource, customers and, ultimately, revenue growth. For each member of the extended enterprise, there is a benefit whether it be: new business for suppliers and vendors, access to markets for agents, or increased market share for joint venture partnerships. While the benefits may be mutual, the risks associated with third party operations are disproportionately loaded on to the primary ‘parent’ company in the relationship chain. In the eyes of several cross-jurisdictional laws, and public opinion, this ‘parent’ entity is expected to carry accountability for the actions and conduct of not only themselves but also their business partners.
Historically, only commercial and operational risks were typically associated with third parties. However the introduction and strengthening of wide ranging and industry agnostic regulations and laws, such as Anti Bribery, Anti-Trust, Data Protection and the Modern Slavery, have given rise to the legal, regulatory, reputational and ethical risks across the whole extended enterprise. Often those risks are driven by factors outside the organisation’s control boundaries through the actions of third parties and business partners. Recent scandals in China, Africa, the Middle East and South American have directly impacted global companies through their third party relationships. The OECD’s own figures show that 75% of bribes are paid by ‘intermediaries’. And it is not a phenomenon restricted to emerging or high growth markets; almost half of the bribery cases reported on by the OECD occurred in mature markets.
The current state – managing the extended enterprise
Managing third parties is a discipline which always existed in many organisations, however the manner and approach to managing such a strategic risk have not necessarily evolved to address the changing nature and prominence of reputational risk in the extended enterprise. Many organisations continue to only view third parties from a commercial, contractual or operational lens which, while critically important to build a successful relationship, does not address the ethical and legal risks generated by such relationships in a proactive manner.
This results in a siloed approach with different stakeholders across the business as they focus on the risks relevant to their individual divisional objectives. For example; KPIs from service providers or SLAs and commercial performance from contract sales organisations and distributors. Instead, companies should be introducing a single consistent third party management framework, adjustable by contract category, which drives, monitors and assures contractual and operational performance alongside ethical and legal behaviour.
In summary, with the increased reliance on the extended enterprise, the ethical and compliance risks generated by third parties are a real and present danger. A number of challenges have been identified in PwC’s 2018 State of Compliance Study when it comes to managing these risks with 27% identifying a lack of talent to leverage new technology, 25% with an insufficient budget to meet their organizational needs and 24% that do not have a supportive organisational culture. Only 37% of respondents are planning to implement technology to monitor third party compliance with policies and procedures within the next 2 years. Despite this, there is also a clear recognition by business leaders, regulators and shareholders that an integrated approach to managing and embedding legal compliance and ethical behavior in the extended enterprise is needed to manage and monitor the risk consistently and effectively.
Embedding regulatory and ethical compliance in the extended enterprise
As the regulatory and ethical compliance risk in the extended enterprise increases, organisations will need to deploy a proactive approach to not only ‘checking compliance’ but embedding it in a consistent, efficient manner. PwC found that 42% of organisations provide targeted training and communications to address third party compliance risks, 39% of organisations include it as part of their Code of Conduct training, while 19% do not have a plan to address this risk within the next two years. A risk based approach should span all third parties and cover the life cycle of a third party, from selection through to monitoring and assurance.
Not only are we witnessing waves of new legislation and regulations globally which are affecting all companies’ international operations, and increasing public scrutiny of how companies are behaving, but national enforcement agencies are also starting to collaborate in the examinations of corporate behaviour. We can therefore expect the risks originating in the extended enterprise to continue to grow.
Find out more
To learn more about the best approach to managing and enhancing your risk and compliance strategy, then please visit our website or get in touch with us directly.