Importance of Vendor Ethics Management in IT – Interview of Mr. Jayesh Shah, MD & CEO, Prism Cybersoft
Why is vendor ethics so important?
A large organization like a financial institutions, banks and brokerages spends millions of dollars on technology spends each year. It is important for the organization to go through a fair evaluation and buying process and engage with right kind of vendors who will provide solutions that fit the requirements and not otherwise. In this process it is important that the evaluation was not clouded by greed or any other kind of influence. Otherwise, wrong solutions may get procured and the company will face serious economic and legal implications.
What should a company do to ensure such fair evaluation?
First and foremost, the company must declare itself ethical and the senior management must practice ethical practices for its staff to witness and follow. Then, on the vendor front, it is important for companies to have a well documented ‘Vendor Ethics Policy’ in place. Vendors must be asked to read this policy and sign a declaration stating that they have understood the policy and will abide by it. Failure to sign this policy should automatically disqualify the vendor. Vendors must also train their staff who will be interfacing with the clients. This also needs to be propagated down the line in the client’s company to all managers who are involved in any procurement process. Special training must be given to anyone who is in the purchase department.
Generally, a company should formulate policies that are more stringent than mere compliance to local laws and customs. Only then such practices can be checked. Also, there should be zero tolerance for cases where conduct is doubtful.
How does the institution ensure that vendors are following law?
It is tough to ensure that the vendor is following all laws in his office but a lot of checks can be done to ensure that the mutual relationship follows the law. Everything must start by signing a formal contract and the vendor signing a declaration that the vendor ethics policy is well understood. Their PAN No, VAT Registration number and Service Tax registration numbers etc must be captured before any order is given to them. All applicable TDS must be deducted and deposited in time. In addition to this, there are several gray areas which you would want vendors to avoid when they are dealing with professionals of your company. For this again, you must ask for a declaration from the vendors that they are complying to laws relating to taxation, fair employment and other sensitive acts of the government. If you don’t do so, you are running a risk.
If you are a listed company, chances are your vendor will be privy to a lot of price sensitive information. Such information could easily be put to misuse. In this context, you must also ask them to sign a ‘No Insider Trading Policy’. This is of importance because the liability of any misconduct on the vendor side on this account can easily be held against you, resulting in huge liabilities. Hence you must be very careful.
Festivals are around the corner and a lot of gifts are exchanged. What are your views on it?
As a company, we don’t accept any gifts. We have a very strict policy. If a person, client or vendor tries to gift us something face to face, we thank them but return the gift. If it comes through courier, we repack it and send it back to the sender with thanks. Of course every company needs to have its own policies around this but as a general guidance, it is better to be conservative. The vendor policy document should expressly state that no offer, promise, kickback, favor, cash, entertainment or anything of value should be given to obtain favorable treatment from the company. Your company employees should similarly be prohibited from soliciting such favors from vendors. This restriction should extend to any family members of both, the vendor and the purchaser company. Also be aware that gifts come in many other forms. For example, a vacation can easily be masqueraded as a ‘site visit’ or ‘client visit’ where such site or client could be in a lucrative foreign land. A four day trip to this country could be scheduled with a single 2-3 hours of ‘client visit.’ Be vigilant when employees bring in requisitions to travel overseas, especially those that are sponsored by vendors. Government clients and those vendors dealing with government employees must be very careful of what their employees are doing. This is because government employees must be like Caesar’s wife – above reproach.
Could there be any concessions?
While we don’t accept any gifts, companies, depending upon the nature of their businesses could relax this policy. It could be acceptable as long as a gift is not intended to obtain favorable treatment from the company, and does not create the appearance of a bribe, kickback, payoff or irregular type of payment. After all, I think no one will believe that someone awarded a 50 Lakh contract to a vendor because the vendor gave him a T-Shirt.
It is also important that it doesn’t raise any potential conflicts of interest. For example, employees could accept a gift from a vendor as long as the total value of a gift does not exceed say Rs 2000 or so. The general yardstick is that a public disclosure of such gifts should not embarrass the company. Intangible gifts like entertainment, those involving travel etc must be approved by the company’s ethics committee. As a general rule, anything that is in gray area or beyond interpretation or comfort must be avoided.
What about conflict of interest?
This is the easiest trap vendors could lay and could become very difficult for companies to detect. For example if a CTO of a company is responsible for taking final purchase decisions and the vendor has employed his wife or kids at any position, it becomes very hard to decide in such situations because there is an unnatural pressure. Seeking active declaration from employees in such cases helps.
Coming specifically to IT Projects, why is vendor ethics important here?
When you are running a financial services business and you employ a vendor, it is extremely important to ensure that the vendor company practices high degree of ethics for several reasons –
- Your entire data set is available to the vendor if he is visiting or working on site on your database. Imagine if someone runs a single query and takes away all the details of your clients in a single file
- The mechanism in which he uses your data on applications provided by other vendors may put you into serious IP infringement and data security risk. Many a times vendors of a particular application try and connect to database of some other application without buying necessary APIs or without permission of the other vendor. This amounts to piracy and IPR infringement. In such cases, any legal risk is primarily faced by the institution. Even if you don’t face a legal suit, your data security and integrity both is at stake because one vendor may not completely understand the data and database structure of applications belonging to some other vendor
- Sometimes if the contract is not water tight and futuristic, vendors play tricks. For example a client of ours had bought an application with customization rates agreed and included in the contract. But these rates were for a specific development language. Down the line the client needed some customization as an extension of the same application but in a web friendly language. The vendor charged almost twice the rates that was agreed on pretext of a ‘different language/ technology’ and need for ‘more specialized skill sets.
What other unfair business practices can the vendor adopt?
There could be some very minor things but unethical. For example, a ‘lucky dip’ may ‘win’ a senior executive a laptop as a prize making the executive have a positive feeling of gratitude in favor of the organizing company. Some vendors blatantly use their client’s logos on their website and marketing material without taking express written consent. Vendors also adopt other serious unfair practices like fixing prices with other competitors and rigging prices. Sometimes they discuss negotiated or contracted prices with other vendors making it difficult for the client institution to negotiate with them. Some even start lobbying for changes with exchanges, depositories etc taking client’s name and citing client’s needs without taking client’s approval expressly.
What other steps must the company take to take care of ethics and local laws?
Because any form of bribery is a punishable offence in most countries and regulatory agencies around the world, including the ED, U.S. Dept. of Justice, Securities Exchange Commission, and the U.K. Serious
Fraud Office, are aggressively enforcing anti-corruption laws, including matters related to bribery & failure of internal controls, inaccurate books and records, potential corrupt activities of vendors can come back and hurt the company and its officials seriously. To mitigate this, companies must adopt extensive practice of documentation and keep accurate business records. Contractual clauses must include retention of such records by both, the company and the vendor way beyond the period of time of engagement with each other.
Vendors should also be required to report to the client any issue that violates law, anti corruption policies and the company’s general guidelines. Once reported, the company must investigate in each such issue.
To sum up, the culture in the company must be beefed up to maintain the highest level of integrity in all business dealings and create an environment where employees and vendors can raise their concerns without fear of retaliation.