A growing area of concern for corporates is the proportion of fraud committed by “frenemies”, an encompassing term for the third parties a company works with on a day-to-day basis. This includes suppliers, agents and consumers: entities with which a company is meant to be in mutually beneficial relationships.
To those of us well versed in investigations, this comes as no surprise. Those most familiar with a company’s operating systems, policies and processes are best placed to take advantage of gaps or shortfalls in internal controls. Today’s environment of increasing awareness and technological investment makes fraud increasingly difficult to commit but does not reduce the risk to zero. “Frenemies” have a unique insight into a company’s day-to-day operations and an unscrupulous partner can cause long-term damage to a company’s bottom line.
How to Manage Frenemy Risk
Proactive action can go a long way to manage the risk posed by frenemies, including the implementation of effective measures to identify and weed out frenemies before they even commence a relationship with the company. Common proactive steps include:
A vetting process prior to onboarding suppliers / vendors / third parties. This process may include research to determine the entity’s reputation in the market (e.g. have they been associated with unethical behaviour in the past) and evaluation of the processes they have in place to mitigate fraud risks (e.g. a code of conduct).
The extent of the due diligence can vary, but will generally include a number of common risk factors such as:
- Size of the company: Is the proposed vendor a large enterprise or a small / single employee outfit? Knowing the answer to this question is also essential for managing the potential risk exposure when partnering with a vendor that may not have a proven history of supply or the capital required to effectively fulfil its obligations to the company.
- History of the company: Has the company been in business long? Was it incorporated shortly (perhaps a few days or weeks) before submitting a bid or being awarded a contract? In addition to the risks of dealing with a company that does not have a proven track record, a recently incorporated company should raise red flags and be reviewed for undisclosed conflicts of interest or “phoenix” suppliers (e.g. companies incorporated by suppliers which may have been blacklisted in the past but are resurrected by the same beneficial owners under a new name with proxy shareholders or directors).
- Corporate structure: Does the company have a straight forward and transparent corporate structure? If not, is there a clear reason why a complex corporate structure is required? Lack of a clear corporate structure is usually a sign that a partner may be failing to disclose one or more beneficial owners. Alternatively, it may have opted for a specific corporate structure in an attempt to meet (or circumvent) local laws and regulations.
- Common identifiers: The company’s registration documents should identify key stakeholders, such as directors, shareholders and senior managers. Running these names through your company’s employee database will help identify any potential undisclosed conflicts of interest.
Many companies include supplier audit clauses in contracts but never actually invoke these clauses or face strong pushback from suppliers when they do attempt to invoke these clauses. Some companies have such clauses in place, but the scope of the clauses is so restrictive that invoking the clause would be of limited use. Where possible, we recommend companies have supplier audit clauses in place and to invoke these clauses on a regular basis.
The following steps can help companies minimise the damage an unscrupulous supplier could cause:
- Appropriately scope supplier audit clauses: The scope of supplier audit clauses can vary and there is no “one size fits all” approach. Understanding what risks a supplier might pose to operations is a key component to setting the scope of your supplier audit clause. For example, in China it is quite common for factories to supply more than one (potentially competing) client and to restrict a client’s audit scope to only the portion of the factory “relevant” to the client’s manufacturing needs. However, this often limits the effectiveness of the audit clause as an overly narrow definition of “relevant” can result in the auditors not being able to access sufficient information to adequately determine whether the manufacturer is in breach of contract.
- Regular supplier audits: Establishing a baseline for regular supplier audits can help establish an open channel of communication between parties and minimize disruption to the normal working relationship when a specific issue of concern arises. Supplier audits do not have to be conducted in an adversarial manner. Done regularly, such audits can provide genuine insight into how a supplier operates and can lead to process efficiencies and improvements which benefit both parties.
Specifically, policies governing the types of gifts and entertainment employees can receive from suppliers. This could include a moratorium on receiving any gifts or entertainment, the imposition of clear thresholds when receiving such gifts and / or the maintenance of a register requiring employees to declare any gifts or entertainment received from a third party. Setting clear thresholds and sending a clear message about the type of relationship employees must maintain with suppliers and strictly enforcing these policies, without exception, will have two key effects:
- First, employees are given a clear benchmark when interacting with suppliers and can cite strong company policy as a means of managing supplier offers of gifts and entertainment without offending suppliers or otherwise jeopardising the supplier relationship. This is particularly useful in certain geographies across Asia, where a culture of gift-giving and lavish entertainment has become an expected part of relationship building.
- Second, a clear “line in the sand” is drawn by the company. Having clear demarcations is useful in the event a breach is identified as it provides a firm basis from which the company can respond to any infringement, such as providing a written warning to the employee and / or terminating the relationship with either, or both, the employee and the supplier.
Operating in South East Asia exposes firms to both potential pitfalls as well as significant upside. Our experience in the market has shown, time and again, that the key to operating effectively in South East Asian jurisdictions is to know your partners. While some operators might find it challenging to press for full disclosure from potential partners, getting the full picture at the start of any working relationship, and ensuring there are key parameters in place to govern ongoing relationships, can have a significant impact in ensuring such partners do not become “frenemies”.
By Daphne Wong.