Outsourcing Work Does not Save a Company from Liability

Typical outsourced workers/vendors are: contract employees, agents, lobbyists, distributors, re-sellers, consultants, companies that service products, freight forwarders, suppliers and joint venture partners - to name a few. Outsourcing can be national or, as is often the case nowadays, international.

When it comes to ethics and compliance failures many companies, (including some of my clients), do not realize that they are potentially liable for the acts of their outsourced workers or vendors who are doing work on behalf of the company. However; as I suggest to my clients, companies should really consider that they are responsible for the actions of the outsourced workers/vendors in a similar way that they are responsible for permanent employees. Therefore, it is important for a company to focus on outsourced workers/vendors and pay special attention to whether or not they have effective processes in place to control the activities of those workers/vendors who are performing tasks on behalf of the company.

Yes, any person or vendor who is hired and is not a permanent employee is an outsourced worker/vendor to the company. The main reason is that the company is paying them to do something (i.e.; perform tasks) on the company's behalf. Therefore; the company is expected to: 1) know who they are, 2) vet them, and 3) be in control of the activities for which they were hired. 

The risk to a company who fails to control outsourced workers/vendors is potentially: harm to its reputation and/or civil damages and regulatory/criminal liability.

1) Have a list or database of all your outsourced workers/vendors and their information.

This should include information such as: name and location of the outsourced worker/vendor; type of service being provided; location of contact and file; name and position of hiring person; due diligence process followed; audit schedule; and location of work/service performed.

2) Conduct a risk assessment of outsourced workers/vendors and prioritize them by level of risk.

This process would only be needed if the outsourced worker/vendor requires a higher level of scrutiny based on the duties they are performing on behalf of the company, such as: agent who is able to obligate the company financially; worker/vendor who provide services for a critical business unit/process or worker/ vendor who is a key supplier affecting the quality of products. Additionally, a higher level of scrutiny might be required if the outsourced worker/vendor is located in a risky/corrupt geographic area of the world.

3) Have a due diligence (reasonable steps taken) process for the selection of outsourced workers/vendors based on your risk assessment in #2.

Classify all outsourced worker/vendors by category of risk (i.e.; low, medium, high). Some things to consider when deciding on category classification might be: services, revenue, contract requirements, location and government contacts.

4) Create a written due diligence (reasonable steps taken) process.

This process can be communicated in the form of a written policy or policies. The policy can include: who is responsible for implementation; red flags to be aware of; the process for dealing with the red flags; how to handle outsourced workers/vendors; how to use desktop/cloud based due diligence tools; when and how often to visit high risk workers/vendors; how to obtain and maintain references; how to check for conflicts of interests; and outline the process of documenting all due diligence, the results and the decisions made.

5) Have contracts that state all of the expectations of the outsourced worker/vendor.

All outsourced worker/vendor contracts should be written and include language such as: services to be provided; terms of compensation; requirement that the worker/vendor observe the company's policies, procedures and values that relate to the services the worker/vendor is providing; that the company has the right to audit all elements of the contract and terminate if any elements are not met; provide how and where payments for services will be made; and require the worker/vendor to keep proper records for audit/review.

6 Have a designated employee manage each of your outsourced workers/vendors and tasks.

The designated manager should: maintain and update documentation on the outsourced worker/vendor; oversee the worker/vendor according to documented risks; create and implement an audit schedule; conduct evaluations of adherence to the contract; and be responsible for updating all information regarding the worker/vendor in a centralized database.

7) Watch out for "red flags"!

Red flags are situations that should give rise to further concern and investigation such as: lack of experience or appropriate staff for the work; history of corruption in a region, country or industry; refusal to certify a compliance program; lack of detail on work performed; unusual payments or financial arrangements; lack of transparency in expenses and accounting records; unexplained additional workers/vendors are brought into the transaction; refusal to be audited; providing faulty information or lies on questionnaires; prior criminal or civil actions for questionable business practices; requesting payment before the work is completed and requests for cash payments that are off the books.

Although outsourcing tasks is a necessity for many companies, as I suggest to my clients, it should not be primarily based on it being the cheaper alternative. In fact the same or similar rigor in selecting, training and managing those outsourced workers/vendors should be handled in the same way as selecting, training and managing regular company employees. If outsourced workers/vendors are not managed in this way, the reputation, liability and success of the company could be negatively compromised.

Reference - The Society of Corporate Compliance and Ethics: "Third-Party Essentials: A Reputation/Liability Checkup When Using Third Parties" (Marjorie W. Doyle, JD, CCEP-F and Diana Lutz)