Just a few weeks ago I was discussing with the Chief Compliance Officer of a multinational company about the importance of due diligence and how it should be performed to spot proactively corruption issues.
It turned out he had more than 15,000 vendors and suppliers to take care of, how to deal with such overwhelming challenge then?
Due diligence is potentially an endless activity, nonetheless, only in a few cases it is recommended additional work.
The first, initial screening is probably the most important, this, inter alia, what you need to look for:
Certificate of incorporation. Make sure you are dealing with a real business by cross-checking with the issuing authority and the activities actually performed are consistent with what stated. In order to ascertain this, you may need on-site evaluations (if you were thinking that due diligence was a desktop based activity, I am afraid you were wrong…)
Once this first assessment is done, you may start the ‘ground inspection’ to see if your potential business partner is compliant in delivering its daily activities. Many serious offenses start with corruption; if your counterpart is bribing local officials to keep a plant in which the workforce is heavily exploited, you need to know about it, as soon as possible.
Personal background review. On the board members, administrators and shareholders (>25% or otherwise able to influence the decision making process).
It is important underlining that it’s also crucial assessing an entity’s beneficial ownership; someone actually controlling the company without owning any shares. (this could be relevant by the AML viewpoint too).
It’s also worth pointing out that many organizations may not be happy to give you full access to such information, therefore, you may wish to be clear from the very beginning about your expectations (for further references, please read Protect Your Business From Corruption Risks with these Contractual Clauses)
There is also another aspect you should think about; whether your counterpart is ISO37001 certified or not, you are not exempted from due diligence duties ( see also Always perform due diligence, even when third parties are ISO 37001 certified)
How to prioritize due diligence then?
If you have performed the activities above, you might have came across the following scenarios that undoubtedly need further investigations:
- Previous records of wrongdoing,
- third parties located in countries where corruption is widespread and/or the rule of law is not adequately enforced,
- third parties operating in non-regulated sectors,
- third parties that recently started working in new business areas or geographical regions,
- all those (countless) cases in which due diligence needs additional work (contradictory information, new ownership or shareholders, extraordinary operations such as JVs and M&A).
One fits all approaches are likely to fail since any major change in your (potential) business partners’ life must be properly addressed on case by case basis.