STERN TMETHICALSOURCING

Third-Party Supplier Due Diligence

Corporate Anti-Corruption Initiative

TMSTERN ETHICALSOURCING

Third-Party Supplier Due Diligence

Corporate Anti-Corruption Initiative

Stern Advisory India Private Limited-An Introduction

TMStern EthicalSourcing

TMOther EthicalSourcing Helps Clients With

Third Party Supplier Due Diligence & Screening

Major Federal Acts Practiced Around The World

Effects Of The Alleged Violation Of Anti-corruption Laws On The Business & Employees

The United Nations Convention Against Corruption Guidelines

Scope Of The Third Party Suppliers/vendors

Enhanced Due Diligence

Data Collection

Verification And Validation Of Data

Evaluation Of Results

TABLE OF CONTENTS

Stern Advisory India Private Limited

An introduction

a part of Stern Advisory Group, was founded in August, 2012, and began its operations in

September of that year. The primary reason behind founding the company was to aid Stern

Advisory Group's clients with all of their Indian assignments. By opening a dedicated, fully-

operational workplace in Gurgaon in the Delhi-NCR region, we have been able to facilitate

our global clients in terms of logistics, timeliness, and minimisation of expenses.

Before our first anniversary in the country, we had already been involved in various

assignments pertaining to Merger & Acquisition, investigative due diligence, employee

background screening, market research and forensics services.

Before the completion of the second year since our establishment, we have made major

breakthroughs in the domain of employee background screening, vendor due diligence,

investigative due diligence

The globalised business environment

of today necessitates a strong

network of global vendors that play a

critical role in the business and can

help bring considerable

opportunities.

However, this can also bring newer

risks to an organisation, which

exceed those of merely reputational

concerns. Organisations are now

being held directly accountable for

managing such risks. Hence they

must inspect and scrutinise the

efficacy of their commercial

relationships in order to remove the

risks that emanate from such

relationships. These risks range from

those of bribery, money laundering,

to more recent product recall fraud.

Stern Advisory's Ethical Sourcing will

help the client by simplifying global

anti-corruption manuals and

guidelines through a definitive

approach to gathering partner data,

verifying information, evaluating and

grading key risks, and performing

due diligence wherever appropriate -

all within a sophisticated

technological plank that can support

real-time information review,

archiving and audit thereof.

TMStern EthicalSourcing

TMOther EthicalSourcingHelps Clients With:

01 Profiling of the third-party relationship using 10 risk-based attributes that includes, among others, country of operation; type of industry; annual revenue generation and level of oversight.

Classifying the business association in terms of the level of risk it projects (low, medium & high).

02

03 Providing actionable plans and practical recommendations for performing other due diligence operations customised to client needs based on the assessment results.

An introduction

THIRD PARTY Suppliers Due Diligence And Screening

The struggle against corruption has occupied a significant place over the recent years.

Governments, regardless of their polities, are taking more stringent approach, introducing

stricter laws to tackle the issue of bribery within a commercial setting. This is evident from

the rise in the number of criminal penalties being issued against the perpetrators. The

transnational nature of anti-corruption laws means that multinational organisations having

operations and raising capital in multiple geographies can be held liable for the acts of

bribery or similar wrongdoings in any part of the world. Within the purview of the rising

regulatory and law enforcement activities, companies are dedicating more resources to

establish policies, infrastructure and processes directed at combating corrupt practices

within their own businesses and through the whole of their supply chains. The focus also

remains on the indirect corruption that occurs especially through a third party, but which is

explicitly forbidden by the United Nations Convention against Corruption, the OECD Anti-

Bribery Convention and the countries which are signatory to these conventions.

Within many legal frameworks, organisations may be held accountable for the indirect acts

of corruption caused by their third parties, for e.g. their agents, vendors, suppliers,

distributors, consultants, or any individual or business entity associated with that

organisation. Thus, prior to entering the third party agreement, organisations are taking

rigorous steps to ensure that immanent corruption risks that stem from the establishment of

the relationship are carefully monitored, periodically evaluated and accordingly managed. In

actuality, conducting of risk-based due diligence on third parties has become a part of the

legal expectation in many nations that have explicitly ratified the aforementioned

conventions. Therefore conducting adequate due diligence will not only help the

organisations to decrease the level of corruption, but also, under some laws, avoid the risk of

criminal culpability arising from the legally questionable third-party conduct.

MAJOR FEDERALActs Practiced Around The World

UK Anti-Bribery Act

Indian Laws

Foreign Corrupt Practices Act (FCPA)(United States Of America)

Foreign Corrupt Practices Act (FCPA)(United States Of America)

Within the FCPA regulations, a

business entity or an individual

may be held wholly responsible

for making any kind of payment

to a third party, whilst being

cognisant that a part of, or the

whole of, the payment will be

received by a foreign official,

whether directly or indirectly.

With regard to the FCPA, the US

Department of Justice states that

the term "knowing" includes

conscious neglect, deliberate

ignorance and intentional

blindness. In order for an

organisation to avoid being held

liable for illicit third-party

payments, the Department of

Justice recommends companies

to 'exercise due diligence and to

take all the preliminary

precautions to assure that their

business relations are formed with

partners and representatives of

repute'.

The UK Bribery Act is mediated by

the Adequate Procedures Guidance

of the United Kingdom. The UK

Ministry of Justice states that 'a

commercial organisation will be held

liable to legal actions if a person

associated with that organisation

bribes another person prospecting to

obtain or retain business or gain an

unfair advantage in the managing of

the business for that organisation'. In

this context, an "associated person"

is defined as an individual or an

entity who "conducts or performs

services for or on the behalf" of a

commercial organisation. The Act

further reads that in an event of

failure to forestall the bribery by an

associated person, the organisation

must prove that it had taken 'all the

necessary precautions and had in

place adequate procedures that were

designed to prevent the associated

person from undertaking such

conduct'

UK Anti-Bribery Act

Indian Laws

It must also be noted that the Parliament of India has more recently introduced a note on "The

Prevention of Bribery of Foreign Public Officials and Officials of Public International Organizations

Bill, 2011" to honour the country's promise as a signatory to the United Nations Convention

against Corruption. The note is being vigorously debated in the parliament.

Prevention of Corruption Act, 1988 states:

Prohibits 1 acceptance, facilitating and giving any illegal gratification in respect of official act of a public servant;

Gratification can 2 be in cash or in kind;

Certain casual and 3 social hospitality is permissible;

Public Servants 4 include Government officers, employees of govt, owned companies, govt, aided societies / NGOs, Judges, arbitrators, court appointed officers etc.

EFFECTS OF THEAlleged Violation Of Anti-corruptionLaws On The Business And Employees® It single-handedly affects a company's reputation and brand image;

® It may incur heavy losses in form of penalties, legal fees and fines;

® It erodes customer's, employee's and investor's confidence;

® It can easily create bad public relations;

® It severely affects the organisation's business continuity plans, can lead to termination of

contracts, and, in some severe cases, blacklisting of the business;

® It may lead to the Government intervening in the conduct of the business;

® It also increases the personal liability of the directors and officers, whether directly or

vicariously;

® It can lead to a rise in the insurance premiums;

® It may result in loss of jobs and

® It may also lead to incarceration of individuals.

EFFECTS OF THEAlleged Violation Of Anti-corruptionLaws On The Business And EmployeesTherefore, in light of the aforementioned, we recommend the following steps:

® Sufficient representations, warranties and restitutions from the suppliers and the associated

persons.

® Inclusion of anti-bribery clauses and appropriate disclaimers in both vendor and customer

contracts. The inclusion of these clauses will help a commercial organization to

® Compel vendors and associated persons to not engage in bribery in any form.

® Obtain repudiation from vendors and associated persons that they have not engaged in an

act of bribery with the organisation.

® Designing an appropriate anti-bribery policy and compliance program for the commercial

organisation. These policies will be aligned with those of the jurisdictions of the United States

and the United Kingdom as well as the Indian anti-corruption laws

® To train employees, concerned officers, key vendors and associates on anti-bribery policies.

® Meticulous mapping and planning of the roles and responsibilities of all the senior officials in

the light of the legal repercussions of vicarious (secondary) liability in order that it does not

affect their personal liability on account of bribery allegations against the employees or the

organisation;

® To conduct regular anti-bribery compliance audits;

® To assist extensively in the investigation and evidence collection in the event of any potential

breach of the policies;

® Undertaking of apt and sufficient insurances, if any, for directors and officers from both the

past and present of the organisation to ensure that expenses and fines during the prosecution

process are covered sufficiently;

® Investors from the United Kingdom, United States and the rest of the world, who have

businesses in the United States and the United Kingdom, need to undertake thorough due

diligence before taking the investment decisions. This is to ensure that their investments are

protected and both their board representatives and shareholders are unaffected by civil and

criminal prosecutions.

Article 21Bribery in the private sector

"Each State Party shall consider adopting such legislative and other measures as may be

necessary to establish as criminal offences, when committed intentionally in the course of

economic, financial or commercial activities:

THE UNITED NATIONS ConventionsAgainst Corruption Guidelines

The promise, offering or giving, directly 1 or indirectly, of an undue advantage to

any person who directs or works, in any

capacity, for a private-sector entity, for the

person himself or herself or for another

person, in order that he or she, in breach of

his or her duties, act or refrain from acting.

The solicitation or acceptance, directly 2 or indirectly, of an undue advantage by

any person who directs or works, in any

capacity, for a private-sector entity, for the

person himself or herself or for another

person, in order that he or she, in breach of

his or her duties, act or refrain from acting."

01 It is critical that the third-party due diligence includes the third parties contracted in

both sales and supply chain channels. Whereas anecdotes may suggest that third

parties - e.g. agents and distributors - engaged in the sales activities of an

organisation may be more susceptible to bribery coercions, it does not discount the

vulnerability of the suppliers. Here we will define what persons should be included

under the scope of third-party due diligence. Please note that this list is not

exhaustive and some information may overlap with each other. Each organisation is

advised to develop its own list of the third parties with whom it is engaged. annual

revenue generation and level of oversight.

An individual or an organisation that has entered into an agreement with another

individual or an organisation (with a possible involvement of other parties) to create

a new business entity and manage its resources.

02

03 An individual or a cooperative pooling its resources along with another organisation

(and possibly with the involvement of multiple parties) for achieving a common

goal. A consortium is distinct in that each party maintains its separate legal status.

SCOPE OF THE Third-party Suppliers/vendorsThe first step for an effective third-party due diligence process is in the clear understanding of an

organisation's linkages with third parties and determination of who among the third parties

should be considered under the "scope" and thus subject to risk-based due diligence.

Defining third parties

Joint venture partner

Consortium partner

04 An individual or an entity authorised to act for, or in the lieu of, or to otherwise

represent, another organisation to further the latter's business interests. Agents may

be further subcategorised into the following:

® Sales agents (those needed to win a contract)

® Process agents (for e.g. visa permits agents)

Agent

05 An individual or an organisation availing service or expert advice by representing an

organisation towards another person, business and/or government official. These

include legal, tax, financial advisor or consultants and lobbyists.

A contractor is a non-controlled individual or an organisation that avails goods or

services to an organisation under a contract. A subcontractor is the hired hand of

the contractor who performs specific tasks and is guided by his employer.

06

07 An individual or business entity that supplies raw materials or services to another organisation

SCOPE OF THE Third-party Suppliers/vendors

Advisor & other intermediaries

Contractor and subcontractor

Supplier/vendor

08 An individual or an organisation providing another organisation with major functional support. For e.g. communications, supply and logistics, storage, processing, etc.

Service provider

09 An individual or an organisation that purchases products from another organisation in bulk, stores them in their own warehouse and then resells the products to the retailers or to the end-users directly.

Distributor

10 The receiver of the end-product, service or idea which they purchase from an organisation. They can be categorised into the following:

® A customer could be an intermediate dealer who purchases goods for® reselling purpose® The end customer who receives the final product or service and consumes® them directly

Customer

ENHANCED Due DiligenceOnce the company has determined which third

parties are "in scope" for due diligence -

primarily by the level of risk the third-party

business relationship poses - Stern India

begins the main process of the due diligence.

For the third parties classified as "low risk", this

process is likely to take place within the

confines of business unit looking to sustain the

third party and will consist of basic internet

searches and standard database checks.

Third parties classified as medium-to-high risk

will be subject to thorough data collection and

extensive investigation. This will likely require

extensive input or overseeing from an

independent department (e.g. the legal or

compliance department).

Stern India employs three critical elements to

conduct a rigorous third-party due diligence:

® Data collection

® Verification and corroboration of data

® Evaluation of results, including

identification of the red flags

Data CollectionThe main aim of the data collection process is to collect and preserve the relevant information about the structure, ownership and the business activity of the third party; the third-party's market reputation with its regard and commitment to integrity and finally its suitableness for the type of business relationship under consideration.

Data collection that can affirm the third-party due diligence consists of the following tools:

Internet, database and internet media searches. This includes access to proprietary databases. Shop Act, Ministry of Corporate Affairs, among others, to gather information about the third party's integrity and to identify egregious issues visible in the public domain.

An internal questionnaire, to be filled by the client willing to hire the third party.

An external questionnaire, to be filled by the representative of the third party.

After the data has been

gathered, it will need to be

corroborated and validated. The

involvement of independent

business units will be required if

the third-party business entities

have been classified as either

"medium risk" or "high risk".

The responsible parties will look

for gaps and inconsistencies

between the information filled

by the third party in the

external questionnaire with

those provided by the

concerned department in the

internal questionnaire. If the

discrepancies are rather too

glaring, we may employ the

assistance of an expert who will

assist in examining the elusive

points; in other cases phone

interviews and site visits shall

also be conducted to conclude

pending issues.

VerifiCAtion andValidation of Data

Evaluation of resultAfter the information has been

thoroughly examined and validated,

decision-making is left to the client

whether to go ahead with the

suggested third-party business

relationship. The "red flag" checklist

will help the client to arrive at a

conclusion. Red flag refers to scenarios

indicating a suspected risk of

corruption which will be needed to be

identified and extenuated through

sufficient measures. Some examples of

the "red flags" include:

® The third party seems to lack adequate capabilities and staff strength to sup port or consistently meet the client's expectations;

® The third party insists on not working through a contract (or it wants to keep a highly ambiguous contract in place);

® The third party is having second thoughts about making anti-corruption compliance certifications in the agreement;

® The third party appears to be rather forward and upfront whilst asking for the billing procedure.

It is imperative to recognise that the due diligence may be a cyclic process, requiring the responsible department to return back to the data collection process if the problematic issues have been identified in the examination and validation phase or during the evaluation of the red flags.

Address:UK OFFICE: 33 St. James’s Square, London, SW1Y 4JS, U.K.

ASIA OFFICE:Stern Advisory (India) Pvt. Ltd.Level 12, Building No.8, Tower - C, DLF Cybercity, Phase II, Gurgaon 122002, Haryana, India