3rd Party Management: A risk-based approach - Part 5: Alexander Cotoia on Use Cases

Mar 24, 2023

Alexander Cotoia, a regulatory and compliance lawyer focused on third-party due diligence, sanctions, and export controls. He reviews FCPA enforcement trends and shows how conduit schemes, reseller discounts, and sham contracts drove recent cases. He stresses reprioritizing third-party risk management, the value of voluntary disclosure, and attention to sanctions and export controls.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Third-Party Risk Is The Central FCPA Driver

Third-party intermediaries were involved in over 90% of 2022 FCPA enforcement actions, making third-party risk a core compliance concern.
Alexander Cotoia links this trend to agencies expanding focus to sanctions and export controls, raising enforcement risk beyond bribery.

ANECDOTE

ABB Used Subcontractors As Payment Conduits

ABB used unqualified subcontractors tied to a government official to funnel payments and win engineering contracts for a South African power plant.
The scheme produced access to confidential bids and inflated invoices, leading to a $315 million criminal penalty plus SEC civil liability.

ANECDOTE

Oracle Hid Benefits Through Distributor Discounts

Oracle employees authorized excess discounts to value-added resellers, which were pooled and used as a slush fund for travel, entertainment, and payments to foreign officials.
Oracle settled with the SEC for $23 million despite prior similar enforcement in 2012.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series we will consider a risk-based approach to third-party risk management. Over this series I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Associate at the Volkov Law Group. In this Part 5, I visit with Alexander Cotoia, a Regulatory and Compliance Manager at the Volkov Law Group, to consider how recent FCPA enforcement actions point toward the use cases for a robust third-party risk management system.

In 2022, most FCPA-related enforcement actions involved third parties and required organizations to reprioritize third-party risk management. In this episode, we consider case studies involving ABB Limited, GOL Airlines, and Oracle, demonstrating the importance of understanding bribery and corruption schemes, making voluntary disclosures, and reassessing third-party risk management.

Key Highlights

· How can organizations reprioritize third-party risk management as a core compliance function?

· What strategies can organizations use to avoid FCPA violations and maximize cooperation credit?

· How can organizations effectively assess the risks posed by potential business partners?

Notable Quotes

1. "Don't put yourself in a position of being uncooperative with either the SEC or DOJ. Reassess your framework for third-party risk management holistically and hone in on the nature and quality of the collected information to objectively evaluate the totality of risks posed by a potential business partner to the organization."

2. "You really can't afford to be complacent, especially as we have a new emerging consideration suspecting sanctions and export controls that have become core enforcement priorities of the federal government."

3. "The critical question asked from a functional perspective is, is it adequate to objectively evaluate the totality of risks posed by a potential business partner to the organization?"

4. "You must understand that third-party risk, especially regarding anti-bribery and corruption concerns, is a universal constant."

Resources

Alexander Cotoia on LinkedIn

Check out Diligent’s 3rd party products and services here.