Review third-party relationships: Dow Jones

Julia Salmond, Client Delivery & Operations, Risk & Compliance at Dow Jones, says one of the biggest risks for companies in Asia is the use of agents to source sales and new business.

Salmond is part of the Dow Jones Risk & Compliance business, formed through the acquisition of online risk business Cerico last year. She says many overseas companies rely on agents to scout out new markets in the Asia-Pacific region.

Salmond says companies should remember agents are an “extension of their company”. “In many cases, there have been bribery issues with agents. Risk managers need to ensure they know who they are getting into bed with. Due diligence is required to ensure agents are fully compliant.

“Due diligence should be twofold,” Salmond adds. “Companies need to make sure agents are trained, and they understand your policies and procedures. Diligence also needs to review who else they’re dealing with, and how they interact with government officials. As far as a customer is concerned, an agent is a part of your business.”

The comments come after two Australian note printing companies, Note Printing Australia and Securrency, pleaded guilty to bribery and corruption charges last year, relating to business activity in southeast Asia. Agents were at the centre of the scandal.

Meanwhile, a host of global cases have seen companies fall foul of compliance and regulatory requirements. Over the past two years, global oil company Unaoil has been under investigation for paying bribes to win global clients in the Middle East, Asia, and Africa. The UK’s Serious Fraud Office has charged the company.

Salmond says companies should be mindful of the brand impact from compliance failures. “Aside from enforcement action, compliance can have a brand cost. It’s not just the $20 million fine, it’s the brand risk. These risks are starting to be understood by general counsels, as they have long-lasting brand implications.”

Dow Jones’s Risk & Compliance product provides data on compliance trends, fines and regulatory actions, and media coverage on compliance, bribery, and corruption cases. The tool allows companies to track trends across their supply and distribution network, alongside political trends.

Salmond says there is increased scrutiny on compliance. “Companies are beginning to realise that you have to understand your third-party relationships, and how they are managed. If you are trading in Asia, you need a full understanding of the challenges.”

“You need to know who is representing you in different regions. You also need to understand who else your agent is representing. If an agent breaches compliance working for another business, this can have an impact on your business,” Salmond adds.

Salmond believes there are other compliance trends for risk managers to look out for. She says risk management teams need to be mindful of global regulators using Deferred Prosecution agreements to bring companies to justice. DPAs allow corporates to self-report regulatory breaches and agree out-of-court settlements with regulators. Australia is among countries taking steps to introduce DPAs.

Salmond adds: “Australia sees DPAs as a tool to help their investigations. The concept of self-reporting and DPAs has given General Counsels a little bit of concern. Corporates who invite enforcement agencies into their organisations will find agencies are not just looking at the element they have self-reported.”

She says companies need to carefully document compliance procedures: “Your compliance absolutely has to be locked down. You need evidence-based procedures across your business. Your business has to own the corporate compliance you’re trying to enforce.”

Salmond says corporates should take steps to tackle the full breadth of their global compliance risk. “Doing nothing is not the right approach. Many companies do not know where to start. They are paralysed by the complexity. The key thing I say to clients is ‘this is a journey’.

“You’ll never get to the utopian situation where you know every single external compliance risk and every single internal risk. But if you can demonstrate to auditors, enforcement agencies, and customers that you’re being proactive with third-party risks, you are making significant progress,” she adds.