Forensic & Integrity services

Managing the risks of corruption arising from third parties is one of the most difficult challenges facing global organizations. Enforcement of the US Foreign Corrupt Practices Act (FCPA) has increased significantly in recent years, with companies paying a record US$2.9 billion to resolve cases in 2019, according to the FCPA Blog. The FCPA Clearinghouse shows third-party intermediaries have been involved in 89% of enforcement actions. Worldwide, anti-corruption efforts have intensified, with increased cooperation among different jurisdictions.

Teva Pharmaceutical Industries, headquartered in Israel, is a global leader in generic and specialty medicine. In 2016, it agreed to a settlement with US authorities over FCPA violations. Teva agreed to enhance its compliance program and improve due diligence for third parties while reporting to an independent compliance monitor for three years. And if that wasn’t a big enough challenge, the pharmaceutical giant underwent a corporate restructuring program designed to cut US$3 billion in costs.

Lori Queisser, who became Teva’s Global Chief Compliance Officer in 2015, knew meeting legal requirements would just be a starting point. The company’s lengthy compliance processes were hurting productivity, without necessarily reducing third-party risk. Teva’s official goal became to “build the best and most respected global compliance program in the industry — a program that works in partnership with the business to prevent issues.”

Queisser discovered that a spate of corporate acquisitions had saddled Teva with a dozen legacy systems, each with its own finance and procurement processes, some of them manual. Getting approval to engage a third-party representative could take weeks or even months. Teva, which has roughly half a million vendors and customers, was processing up to 2,000 requests to use third parties every year.

“We were spending millions and millions of dollars on third-party due diligence, as does every US-listed public company, but we weren’t reducing our risk,” Queisser says. 

Queisser was looking for a “game-changer, to make a disruptive move in this space.” Teva therefore engaged EY Forensic & Integrity Services to develop a due diligence system designed to be proactive rather than reactive, using advanced analytics and technology. EY professionals built a database using both proprietary data and public records such as regulatory filings, court rulings, sanction lists and news reports. Assembling the right data was critical to gaining the insights needed to vet third parties. It also laid the groundwork to apply advanced analytics and artificial intelligence (AI) to evaluate risks even more effectively.

Teva and EY professionals developed business rules that helped enable algorithms to calculate a risk score for each potential business relationship.  The pre-screening tool allows vendors with a low-risk ranking to be engaged immediately (subject to an executed contract), while higher-risk parties face more probing, such as a questionnaire, investigation or deliberation by a due-diligence committee. In a 30-day pilot, the system evaluated risk for twice as many third parties as Teva had previously assessed over an eight-month period.

At the same time when Teva began integrating the pre-screening tool into its business processes, the company was using dozens of purchase-to-payment (P2P) processes, often implemented differently across 60 countries. Teva needed to make sure its procurement policies were followed consistently as related to the engagement of third parties. The EY teams collaborated with Teva to design an innovative, transparent workflow that walks business users through the control process, routes relevant information to the right people, and creates an audit trail. The system automates the process based on business rules applied to key decision points, with disparate P2P systems feeding data into the pre-screening tool.

The time needed to gain approval for engaging third parties has dropped from weeks or months to as little as just a few hours. This allows the compliance team to focus on examining higher risks. In 2020, about 75% of Teva’s third-party representatives will be pre-screened through the new tool.

Previously, business stakeholders received no information on a request to engage a third party until it was approved or denied. Now, they can go into the system and see the status of every request. The system automatically reminds third parties and business sponsors to complete questionnaires and denies requests if a timely response isn’t made.