HBO’s series True Detective is an analogy for the challenges of third party management.
I spent seven hours yesterday in a marathon session watching HBO’s new series, True Detective, in anticipation of the final installment. And, I must confess, this was the third time I viewed the episodes, trying to piece together more information that might let me see the true identity of the leader of a cult of masked men responsible for a raft of ritualistic killings.
And yet, I have to admit that I felt no closer to discovering the true identity of the “Yellow King”, the suspected leader of this evil group, than I suspect most of you are to identifying the true beneficial owners of many of the third parties with whom you do business around the world and who are similarly masking their identities as they engage in corrupt activity.
I know it seems like this analogy is a crazy stretch, but just as Detective Rustin Cohle has to lay out the details of his analysis to his partner to convince him that there is a criminal conspiracy behind the serial murders they are investigating, let me continue just for a bit, and then see what you think.
The challenge in True Detective was three-fold; a complex and constantly changing web of information from many and often unreliable sources; deliberate deception and disguise; and an investigation hampered by manual processes that caused delay and encumbered effective analysis. The same roadblocks arise in the quest to avoid or control relationships with third parties that may present risk of corruption; in particular during the difficult and continual task of knowing with whom you really are doing business.
“Vice knows she’s ugly, so puts on her mask,” is the quote preceding Part 3 of the World Bank’s 2011 report The Puppet Masters: How the Corrupt Use Legal Structures to Hide Stolen Assets and What to Do About It. The section begins with the finding that:
“…in the vast majority of grand corruption cases we analyzed, corporate vehicles—including companies, trusts, foundations, and fictitious entities—are misused to conceal the identities of the people involved in the corruption.”
Indeed, the multi-layered and hidden ownership of third parties has become one of the greatest challenges in effective management of corruption risk, leading the U.S. and other countries at the G8 Summit in June of 2013 to commit to creating registries of the ultimate owners of companies and enacting legislation to increase transparency.
That’s a start, but unless corporate systems for tracking and analyzing multiple reliable sources of data on ownership on a continual basis are strengthened, it won’t matter much. In too many companies, third party due diligence stops at the point each party is on-boarded. Or, if information that might indicate changes in beneficial ownership of a third party is captured, it too often is not managed throughout the enterprise in a way that allows for meaningful analysis of changes in corruption risk.
Just like Detectives Cohle and Hart, who glean evidence by manually searching through box upon box of files from old cases then tack up drawings and photos on the wall and spread out handwritten notes across the floor, we might have bits and pieces of information and know that there is more to yet be uncovered, but we can’t keep track of it all or see how it fits together. Just as the old case files the detectives need to review are nearly impossible to find and connections between cases go unseen because they aren’t kept in the computer databases of the police force, companies can’t possibly track continual changes in the use of shell companies and other forms of subterfuge that enable corrupt activity when they lack modern methods and technology to consolidate, compare and analyze what it all means.
The complexity of third party beneficial ownership isn’t an accident; it is as much a deliberate and designed attempt at disguise as is the web of secrecy and power that protects the identity of the Yellow King and members of the murderous network. To break through it, and remove the mask that hides corruption, we must be equally deliberate and design a set of processes and controls, supported by modern technology, which enables a complete and continuous view of change and allows us to see the true faces of those we are dealing with.
Postscript: View the details of managing third party corruption risk in the OCEG Third Party Management Illustrated Series in the April issue of Compliance Week. Or download the first of four Third Party Management Illustrations here: 3rd Party Series #1 – Integrated 3rd Party Management.