Managing Third-Party Payment Risk
It is often hard to convince people that receiving money can be a problem. Everyone likes to receive money, especially when they are being paid for something they did.
In the area of compliance priorities, companies do not normally treat third-party payments as a high-risk activity. However, with increasing focus on illicit proceeds and tightening of AML/Terrorist Financing requirements, companies have to focus on this issue.
In simple terms, financial transactions involving suspected proceeds of illegal activity or facilitation of illegal activity create significant money laundering risks.
Companies that receive payments for invoices have to scrutinize who is paying the company and ensuring that they are the same party. For example, if I send Customer A an invoice for $1000, and I receive a payment for that invoice from an unknown third party from a galaxy far, far away, I may be conducting a financial transaction involving suspected proceeds of illegal activity.
Due diligence of a third-party payment from a different or unknown entity is important to determine:
- Who is the third-party payor?
- What is the relationship between the customer and third-party payor?
- Why am I receiving a payment from this person?
Assuming I find out who owns the third-party payor and I verify the legal existence of the entity and the absence of any red flags related to that entity, I have to ask my customer why they need to use a third-party payor to pay my bills.
If the third-party payments are coming from a traditional third-party payment processor, that requires additional due diligence to avoid money laundering risks. A company that is set up to process payments on behalf of numerous companies has to be subjected to due diligence to ensure that the processor is not funneling illegal proceeds into the mix of payments to the company.
Third party payments can be made from separate but related companies, such as a financing company associated with the company’s customer, or from separate companies that are owned by a common parent. Sometimes customers have to rely on an importing company (e.g. third party payor) as the importer of record for logistics purposes and make payments through that specific entity.
The third-party payment process, like most compliance issues, requires follow up investigation on specific facts and documentation of an internal process to verify information before accepting such payments. Like due diligence of potential third-party agents, receipt of funds from unknown third parties has to be a risk area that companies address. Otherwise, companies could be liable for conducting financial transactions involving illegal proceeds, such as bribery funds or money stolen from legitimate owners.
A third-party payment questionnaire should be prepared and used to collect documentation to support any decision to move forward with a third-party payment arrangement. As part of the due diligence, a background check, credit check and basic due diligence inquiry is the starting point of the due diligence process.
As the potential risks are resolved, the company may require certifications, representations and warranties to move forward with a particular third-party payment arrangement.
The complexity of the financial world creates real and significant risks from accepting third-party payments. It is important to identify the issue, build appropriate controls, document the due diligence review and then implement appropriate risk mitigation measures – it is a familiar refrain but one that applies to third-party payments.
Michael Volkov, CEO and owner of The Volkov Law Group, LLC, has over 30 years of experience in practicing law. A former federal prosecutor and veteran white collar defense attorney, he has expertise in areas of compliance, internal investigations and enforcement matters.
Mr. Volkov maintains a highly popular FCPA blog – Corruption, Crime & Compliance. He is a regular speaker at events around the globe, and is frequently cited in the media for his knowledge on criminal issues, enforcement matters, compliance & corporate governance.