The effect of third-party corruption on an organisation

South Africa

It goes without saying that working with external third parties is inevitable when conducting business. In this respect, most organisations work with one or more suppliers, service providers, agents and/or consultants. This ultimately exposes organisations to the risk of being victim to third-party corruption or in some instances exposing such organisations to liability for corrupt activities that may be perpetrated by such third parties should such third-parties engage in corrupt activity relating to the services provided for or on behalf of such organisations.

South Africa has a suite of legislation aimed at combating corruption and corrupt activities. The primary statute dealing with anti-corruption in South Africa is the Prevention and Combating of Corrupt Activities Act No 12 of 2004 (“PACCA”). PACCA creates the general offence of corruption and also contains provisions addressing specific corrupt offences as well as auxiliary offences, such as being an accessory to corruption and/or attempting to commit an offence under PACCA. PACCA is complemented by, amongst others, the Financial Intelligence Centre Act No 38 of 2001 (South Africa’s key piece of anti-money laundering legislation), the Prevention of Organised Crime Act No 121 of 1998 (which contains measures to combat organised crime, money laundering and criminal gang activities) as well as Regulation 43 of the Companies Act No 71 of 2008 Regulations which contains further provisions relating to anti-corruption compliance by certain companies. Multinational organisations operating under the jurisdiction of the US and/or the UK also need to be cognisant of the provisions of the United States Foreign Corrupt Practices Act, 1977 (“FCPA”) as well as the United Kingdom’s Bribery Act, 2010 (“UKBA”). The enforcement of both the FCPA and UKBA is incredibly robust and both pieces of legislation place substantial responsibility on organisations subject to the FCPA and UKBA to ensure that they have meaningful measures to ensure anti-corruption compliance.

Against this backdrop, it is increasingly important for organisations to ensure that there is strict compliance with the relevant legislation throughout the entire supply chain of an organisation. Given the severe financial and reputational consequences that may arise as a result of corrupt activity, organisations should also give significant thought to ensuring that the anti-corruption measures that they implement are practical and meaningful to effectively address the risk of corrupt activity.

One of the measures that an organisation should implement is conducting effective third‑party due diligence. An effective third party due diligence process should include, amongst others, clearly confirming whether the organisation should in fact enter into a business relationship with the third party from the outset. In doing so, the due diligence process should gather adequate information for the organisation to be able to assess any potential risk posed by the third party.

South African legislation explicitly prohibits any form of corruption made by an organisation. Certain international legislation such as the FCPA and UKBA extends liability to an organisation even in circumstances where the organisation may not have direct knowledge of the corrupt activity of the third party. It is thus important for an organisation to be cognisant of the points at which it is most exposed to the risks of corruption occasioned by a third-party, and a due diligence process must focus on assessing the third party as well as preventing and mitigating key risks that may involve its third parties.

In managing and minimising the risk of corruption, organisations should, amongst others, focus on conducting thorough due diligence on third parties as well as ensuring that robust anti-corruption policies and procedures are in place and adhered to by both the organisation as well as third parties that the organisation does business with. Conducting meaningful third-party due diligence showcases an organisation’s ability to appropriately mitigate the risk of corruption posed by its third parties.

Following a thorough due diligence exercise, an organisation should be able to:

  • assess whether any potential risk of corruption by the third-party can be mitigated should it so occur;
  • determine whether further in‑depth and enhanced due diligence procedures are required based on the information originally obtained; and
  • continually monitor the third party against the organisation’s anti-corruption policies and procedures.

An organisation should continuously perform the appropriate checks and balances throughout the tenure of the business relationship with its third parties with regular re-assessments of the third party and its actions. Such process needs to cater to the evolving nature of business and be flexible to be able to properly deal with any future risks that may be identified through regular ongoing risk assessment by the organisation.