Third Party: How to negotiate Compliance clauses and requirements

Croatia East Europe Ethics and Compliance 2019

Giovanna Feres Crotti

Brazilian lawyer living in Lisbon, Portugal.

Specialized in Data Protection by Lisbon U; Corporate Law byFGV; Compliance and Corporate Governance by INSPERInstitute; and Compliance Professional with the CCEP-I(Certified Compliance & Ethics Professional International).

I have worked as Latin America Compliance Specialist at 3Mand now I´m a Data Protection and Compliance Consultantat WeEthic.

Agenda

1. Third Party Relations

2. Third Party Due Diligence

3. Third Party Requirements and Clauses

4. Best Practices

Agenda

1. Third Party Relations

2. Third Party Due Diligence

3. Third Party Requirements and Clauses

4. Best Practices

Third Party Relations

Company

Customers

Distributors

Sales Represent

ativesVendors

Key OpinionLeaders(KOL)

Sub contracto

r

Sub distributo

r

OECD Corruption Trends

Source: OECD Foreign Bribery Report 2014

Payment through

intermediares; 75%

Companies own payment; 25%

1. Petrobras (Brazil): $1.78 billion in 2018.

2. Telia Company AB (Sweden): $965 million in 2017.

3. MTS (Russia): $850 million in 2019.

4. Siemens (Germany): $800 million in 2008.

5. VimpelCom (Holland): $795 million in 2016.

6. Alstom (France): $772 million in 2014.

7. Société Générale S.A. (France): $585 million in 2018.

8. KBR / Halliburton (United States): $579 million in 2009.

9. Teva Pharmaceutical (Israel): $519 million in 2016.

10. Keppel Offshore & Marine Ltd. (Singapore): $422 million in 2017.

Top Ten FCPA Cases

70% involved

ThirdParties

Car Wash Operation (Brazil)

Agenda

1. Third Party Relations

2. Third Party Due Diligence

3. Third Party Requirements and Clauses

4. Best Practices

What

It is a process to know your business partners (Third Parties) and the

risks involving your relationship with them.

Why

Know your TPsKnow the risks

involvedMitigate risks

foundBe prepared

Act preventiveProtect your

companyMake sure TPs

act with integrity

Make sure TPs know your company’s

policies

Reduce/ eliminate liability

from TP’s conduct

Reduce / eliminate fines

Your Company may will be liable

FCPA: prohibits any payments made tointermediaries with the knowledge that suchpayment will be channeled to foreign publicofficials for corrupt purposes. Theknowledge requirement includes situationswhere the company should have known therelevant acts.

• Labor• Business• Corruption/Frauds• Money laundering• Terrorism• Environment• PEP

How

List all types of TPs

• Government nexus

• CPI• Known red

flags• Size of

opportunity

RENEW PROCESS

Divide into categories

and prioritize risky ones

Media research for

red flags

Document red flags

and create mitigation

plans

Implement plan and archive

evidences

Case Scenario

• Old Health Care Distributors• Special discounts for public bids

• Due diligence • New Corruption Red Flag Found• Meeting to understand red flag

• Request of explanatory documents

A B

Case Scenario

A B

• Corruption INVESTIGATION• Company A confirmed unethical

actions during public bids• Company A did not have

Compliance Program• Company A did not cooperate with

documents and explanations

• Corruption GUILTY SENTENCE• Company B confirmed situation and

explained with details• Guilty employee was dismissed • Company B adopted a Compliance

Program• Company B shared all documents

related to the case• Company B committed to our Code

Case Scenario

A B

• Corruption INVESTIGATION• Company A confirmed unethical

actions during public bids• Company A did not have

Compliance Program• Company A did not cooperate with

documents and explanations

TERMINATED

• Corruption GUILTY SENTENCE• Company B confirmed situation and

explained with details• Guilty employee was dismissed • Company B adopted a Compliance

Program• Company B shared all documents

related to the case• Company B committed to our Code

BUSINESS RELATION CONTINUED WITH RESTRICTIONS

Agenda

1. Third Party Relations

2. Third Party Due Diligence

3. Third Party Requirements and Clauses

4. Best Practices

Usual Requirements

• Compliance Clauses

• Audits/Investigations

• Adhere TP’s Code of Conduct – Be flexible

– Compare codes

• Share internal documents– Be aware of confidential documents

• Training – Types (online, in person, during business

meetings, etc)

– Signature of certifications

– Training to all employees doing business with your company

Agreement

Terms

✓ Comply to Laws

✓ Audit / Investigation

✓ Due Diligence

✓ Code of Conduct / Policies

✓ Report illegal situation

✓ Trainings

Agenda

1. Third Party Relations

2. Third Party Due Diligence

3. Third Party Requirements and Clauses

4. Best Practices

✓ Include TP due diligence as part of the process to register new TPs;

✓ Make decisions together with the business area;

✓ In acquisitions always consider the acquired company’s

TPs;

✓ Create metrics and a dashboard to follow up;

✓ Nominate champions in each area;

✓ Do the TP due diligence before you start the

relationship;

✓ Include recipients of donations/sponsorships in the due diligence process.

Due diligence cannot be an obstacle to the business! It is easier to say NO, but your job is to help find POSSIBLE ways!

Best Practices

Compliance is a team work!

Make sure your work colleagues feel as

included and responsible as you

are!

• Review your compliance procedures keeping the GDPR in mind;

• Be aware that GDPR may affect the due diligence process whenconsidering personal data from employees or partners;

• Take close look into document/information saving time limit.

GDPR’s Impact

Thank youObrigada

Hvala

Giovanna Carbonezze Feres Crotti

giovanna@weethic.com

+351 910490460

Lisbon, Portugal