Phase 2 in third-party risk management: the questionnaire

The second phase in the third-party risk management process is the questionnaire. The term “questionnaire” is mentioned several times in the 2012 FCPA Guidance. It is generally recognized as one of the tools that a company should complete in its investigation to better understand with whom it is doing business. The questionnaire should be a mandatory step for any third party, and if a third party does not want to fill out the questionnaire or will not fill it out completely, you should not walk, but run away from doing business with such a party. 

In 2011, the U.K. Ministry of Justice’s (MOJ), discussion of the Six Principals of an Adequate Procedures compliance program noted that a questionnaire, “means that both the business person who desires the relationship and the foreign business representative commit certain designated information in writing prior to beginning the due diligence process.”

One of the key requirements of any successful anti-corruption compliance program is that a company must make an initial assessment of a proposed third party. The size of a company does not matter, as small businesses can face quite significant risks and will need more extensive procedures than other businesses facing limited risks. The level of risk that companies face will also vary with the type and nature of the third parties with which they may have business relationships. For example, a company that properly assesses that there is no risk of bribery on the part of one of  its third parties will require nothing in the way of procedures to prevent bribery in the context of those relationships. By the same token, the bribery risks associated with reliance on a third-party agent representing a company in negotiations with foreign public officials may be assessed as significant and, accordingly, require much more in the way of procedures to mitigate those risks.

Key aspects of the questionnaire include: ownership structure, financial qualifications, personnel who will handle the business, physical facilities, references, PEPs and UBOs, compliance training, and awareness.  Once a company has taken the time to ascertain third-party views, it will give the firm the confidence to move forward with the relationship.