The most common method for handling third party ethics and compliance issues is to adopt and stick to a code of practice or policies that governs the manner in which a company’s own employees deal with third parties, according to a report by The Conference Board.
Ninety-five percent of the 169 companies surveyed by The Conference Board and the Ethics and Compliance Officer Association (ECOA) said that while it is vitally important to address third party ethics and compliance issues through codes of conduct for their own employees, they are less inclined to involve third parties directly in these programs.
“With the exception of helplines or whistle-blowing systems, the direct inclusion of third parties in companies’ ethics and compliance programs is the exception, not the rule,” says Ronald E. Berenbeim, principal researcher at The Conference Board and author of the report with Rebecca Walker, an attorney specializing in corporate compliance and business ethics. “Nevertheless, companies are growing more dependent on third party relationships for the achievement of business objectives—either via joint venture, which may be mandated for entering into a new country, or working with suppliers or contractors.”
In addition, written policies applicable to specific third parties are not common. In more than two-thirds of the responding companies (69 percent), the standards for third parties apply in the same manner to all third parties. Among the companies that had policies for specific third parties, contractors and agents are most likely to be mentioned.
“Companies struggle with the competing tensions that arise from developing business relationships with local partners that aren’t always mindful or responsive to a broad range of stakeholder concerns such as environmental compliance, health and safety, and human rights,” according to Walker. “Global organization and non-governmental organization pressures with respect to these issues also increase the need for companies to address third party ethics and compliance.”
Third Party Compliance and Ethics Practices
Background or due diligence checks are also preferred to insisting that the third party adopt the company’s ethics and compliance programs or maintain its own system. Seventy-seven percent of respondents perform checks on certain third parties prior to entering into a business relationship; 74 percent scrutinize agents; and about half subject all categories of third parties to due diligence. Disabling financial or legal conditions are more likely than reputational impairments to be the subject matter of due diligence searches.
The most common component that companies extend to third parties is offering employees of third parties an opportunity to report ethics- or compliance-related concerns. Virtually all of these systems (98 percent) rely on the same means used for a company’s own employees to report suspected misconduct, rather than a separate system for third parties. The most popular mechanisms are e-mail addresses (65 percent) and helplines.
Approximately 60 percent of survey participants address third party risks in their company’s risk assessment. Agents, suppliers of services, and contractors are the most frequent subjects of these exercises; suppliers of goods are somewhat less often subject to scrutiny. Companies are evenly divided as to whether the risk assessment is part of a broader enterprise risk process or limited to ethics and compliance risks.
Ethics and compliance training programs are the third most frequent step that survey participants take in extending their own program to third parties. Slightly more than one-third (38 percent) of survey participants offer but don’t insist on some kind of training program for third parties. Most of these programs devote some discussion to the company’s own code. In almost every case, those parties that are asked to adopt or certify to the company’s internal code of conduct are offered some form of training.
Company audits of third party compliance with ethics policies and practices are infrequent, and a majority of the companies that audit don’t do so routinely. Slightly more than 35 percent of the survey participants perform audits or otherwise verify that third parties conduct themselves as required by the company’s own compliance and ethics policies. Of this group, slightly less than half conduct audits on a routine basis, while the remainder focuses their audits on specific concerns.
The surveyed companies showed little interest in the third party’s own ethics programs. Slightly more than one quarter of the survey respondents ask third parties whether or not they have them, but only 14 percent of respondents ask for documentation. Companies are especially likely to seek information on the third party’s compliance program when considering an acquisition or a joint venture.
Room for Improvement
“The survey suggests that companies are satisfied with current methods of seeking to extend ethics and compliance standards or requirements to third parties but are willing to search for new approaches,” says Berenbeim.
“Companies rated all ethics and compliance efforts within a narrow and not especially positive range—they deemed them somewhat effective.”
The implementation of a means for third parties to report concerns or misconduct was ranked as the easiest means of ensuring appropriate third party compliance; monitoring third party behavior for compliance (arguably one of the key objectives for establishing such as system) was rated by far the most difficult.
Source: Finding the Right Balance: The Essentials of Third Party Ethics Programs, Research Report #1416-08-RR, The Conference Board
Distributed by Newswise
Was this article valuable?
Here are more articles you may enjoy.