No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Due Diligence and Corporate Oversight (Some Adult Supervision Required)

The Anti-Corruption Survivor’s Guide to Third-Party Intermediary Life Cycle Management, Part 3

by Jim Nortz
October 23, 2020
in Compliance, Featured
needle in a haystack outside

Conducting thorough due diligence can be tedious work, but (as with most endeavors) putting in the effort yields the best results. Jim Nortz outlines a three-step process for effectively assessing intermediaries.

Read Part 2 here.

I am a terrible scientist.

At least that’s the conclusion I reached when I worked as a college co-op student at the Xerox Laboratories in Webster, New York many years ago. As a mechanical engineering student at the Rochester Institute of Technology, I was required to complete five co-op blocks in addition to four years of classes. The second co-op job I got was with Dr. Fred Schmidland, a brilliant theoretical physicist. One of the things Dr. Schmidland asked me to do was to test the electrical properties of several films that were deposited on a plastic plate. This experiment required me to sit in a laboratory by myself and perform repetitive measurements for hours on end. Each time I took a measurement, I noted the result on a graph. I hated this work. It was tedious. It was boring. As a consequence, I worked hard to finish this chore so I could move on to more interesting work.

At the end of the second day of making hundreds of measurements, I had produced a graph with a beautiful curve sloping gently upward. When I showed the results of my work to Dr. Schmidland, he rubbed his chin and told me that this was a very unexpected result. He asked that I perform the experiment again. When I did so with extra care, I produced a graph that went in the opposite direction from the first. This was more in line with the anticipated properties of the material I was testing. I had fallen victim to a tendency that is common to all of us: bias. I was so interested in bringing the experiment to a conclusion that when I saw a trend in the data, I unwittingly recorded erroneous results. Fortunately for Xerox, Dr. Schmidland was there to provide expert, independent oversight of the experiment and ensured an accurate result.

When deciding whether to onboard a new intermediary, your business colleagues likely don’t intend to put the company in jeopardy by contracting with an intermediary with a checkered past. But, like me in the laboratory, they may have a strong bias toward consummating such a deal and be blind to the potential risks associated with doing so. Consequently, you should supplement your first-party intermediary due diligence program with third-party due diligence and corporate oversight by qualified, disinterested parties to make sure your company gets this right every time.

The following is a high-level description of the three steps you should take to get this done.

Step 1: Identify the Company’s Intermediaries

This first step may seem obvious, but in my experience, companies that do not have an effective intermediary anti-corruption program lack an accurate and up-to-date database of their intermediaries across the globe. If this is the case at your firm, you’ve got to get this done before you can make any meaningful progress in implementing such a program. You need to have line of sight to all company intermediaries in order to effectively manage intermediary corruption risk associated with both existing and new intermediaries.

In large multinational organizations, gathering intermediary data is not a trivial exercise. To complete this task, you will likely have to work across countries and business units to obtain data associated with hundreds – or, perhaps, thousands – of business entities. In addition to obtaining the name, address and contact information of active intermediaries, you should also gather the following data:

  • The names of the intermediary’s senior leaders;
  • The status of written contracts with the intermediary;
  • The intermediary type (e.g., import/export broker, contractor, distributor, sales agent, consultant); and
  • For distributors and sales agents, annual sales.

While you are working with your businesses to perform this work, I recommend you also get started on Step 2, detailed below.

Step 2: Contract with a Third-Party Due Diligence Provider

Third-party due diligence providers are firms with a global reach that can perform various levels of Intermediary due diligence on the company’s behalf. Three big players in this space I have worked with are Trace International, NAVEX’s Risk Rate and Securimate/Steel International. Each has its strengths and weaknesses, and there are also others providing similar services that you might consider.

When shopping for such a provider, I recommend you form a multidisciplinary team comprised of IT professionals, the legal department, the compliance department and business leaders to help you learn as much as you can about the provider’s strengths and limitations and to ensure you select one that best suits your business needs. Given the significant administrative transaction costs associated with switching from one vendor to another, it is very important to kick the tires hard before making your purchase.

Regardless of which third-party due diligence provider you select, you should seek one that, at a minimum, has the following attributes:

  • Global reach and the ability to function in multiple languages;
  • A system that permits an unlimited number of company users;
  • The capacity to search all relevant government databases and media sources necessary to serve your business needs;
  • An electronic case management system to house all intermediary due diligence data that can be populated via electronic transfer from an Excel spreadsheet or company database;
  • Capability of uploading first-party due diligence reports, audits and other documents into the system;
  • Capability of permitting you to customize due diligence questionnaires;
  • Capability of distributing due diligence questionnaires to intermediaries electronically in multiple languages;
  • Capability to alert company personnel when due diligence questionnaires are completed;
  • Capability of allowing users to order varying levels of due diligence online via a case management system;
  • Quick turnaround of due diligence reports;
  • Due diligence reporting formats that are user-friendly and informative;
  • Capability to alert company personnel when due diligence reports are completed;
  • Due diligence reporting that clearly identifies red flags;
  • Capability of recording red flag resolutions;
  • Clear and meaningful dashboards;
  • Internal search capability;
  • Capability of continuous monitoring of government databases for intermediary red flags with the capacity to filter out false positives;
  • Auditability with a clear record of data entries and changes made in the system and the identity of the individuals making the change;
  • Permits your company to maintain ownership of all intermediary data with the capability of porting it to your firm for backup, reporting purposes or in the event you terminate the services or switch to a new third-party due diligence provider.
  • Capability of interfacing with the company’s ERP to permit a single data entry point for new intermediaries via the company ERP; and
  • Capability of tracking intermediary contract status and notifying company personnel when contracts are nearing expiration dates.

Once you have selected a third-party due diligence provider, work with your interdisciplinary team to configure the system and develop data entry protocols that will meet your business needs. Perhaps it goes without saying, but you’ll save a significant amount of time if you seek the assistance of an independent consulting firm that has performed this work in the past.

Step 3: Develop and Implement Third-Party Due Diligence Policies and Procedures

Regardless of which third-party due diligence provider you select, you will soon find out these systems are not “plug and play.” In addition to taking the necessary steps to configure the system and load your intermediary data, you will need to work with your colleagues to develop and implement policies and procedures to communicate to company personnel when and how intermediary due diligence is to be performed. Such policies and procedures should clearly detail the roles and responsibilities of all individuals and departments that will be called upon to participate in the due diligence process. They should also provide for corporate oversight by a team comprised of legal, compliance and finance and accounting professionals who are charged with regulating all aspects of the intermediary anti-corruption program to ensure the businesses are abiding by the policy and following all procedures. To be effective, this corporate oversight team must have the ability to prevent any commercial transactions with new intermediaries prior to full completion of the due diligence process and contract execution.

Once you finalize and publish these policies and procedures, you will have to also develop and implement a training program for your colleagues to help them understand what is expected of them and how to interact with the third-party due diligence management system. In large, multinational organizations, this is a significant amount of work and will likely take you months just to get off the launching pad.

A sustained training program will be required to fully integrate intermediary due diligence into routine business processes. And, as with any change to business processes, you can expect at least some measure of resistance from your colleagues. This is one reason why getting buy-in from your management team at the outset is so important. Your intermediary anti-corruption program will not survive its infancy without strong and sustained support from top management.

Part 4 will detail best practices in contracting with intermediaries – practices that will serve your business needs and mitigate your intermediary corruption risk.


Tags: Anti-CorruptionDue DiligenceThird Party Risk Management
Previous Post

NAVEX Global Launches Back-to-Work Solution to Manage Risk & Compliance Challenges

Next Post

Keeping Up with Evolving Risk Factors in the New Normal

Jim Nortz

Jim Nortz

Jim NortzJim Nortz is Founder & President of Axiom Compliance & Ethics Solutions LLC, a firm dedicated to driving ethical excellence by helping organizations implement effective compliance and ethics programs. Jim is a nationally recognized expert and thought leader in the field of business ethics and compliance with over a decade of experience serving multinational petrochemical, staffing, business process outsourcing, pharmaceutical and medical device corporations. Jim spent the first 17 years of his career as a criminal and civil litigator and Senior Corporate Counsel before becoming Crompton Corporation’s first Vice President, Business Ethics and Compliance in 2003. Since then, Jim has served as a compliance officer at Crompton and for five other multinational corporations, the most recent of which was as Chief Compliance Officer at Carestream Health. Jim has extensive experience in implementing world-class compliance and ethics programs sufficiently robust to withstand U.S. Department of Justice scrutiny. Jim is a frequent guest lecturer at the University of Rochester’s Simon School of Business, RIT’s Saunders School of Business, St. John Fisher College, Nazareth College and other law schools, universities and organizations around the country. Jim writes the monthly business ethics columns for the Association of Corporate Counsel Docket magazine and the Rochester Business Journal. Jim is a National Association of Corporate Directors Fellow, a member of the International Association of Independent Corporate Monitors and serves on the Board of Directors of the Rochester Chapter of Conscious Capitalism as the Board’s Secretary and Chair of the Governance and Nomination Committee. Previously, Jim served on the Board of Directors for the Ethics and Compliance Officers Association and the Board of the Rochester Area Business Ethics Foundation.

Related Posts

drug cartel soldier camo

Leveraging Human Rights Frameworks to Combat Emerging Cartel Risks

by Nate Lankford, Matteson Ellis and Nisha Sawhney-Murkett
May 19, 2025

As enforcement priorities shift to cartels and foreign terrorist organizations, established human rights processes can identify and mitigate emerging legal...

GAN Integrity TPRM & AI

Where TPRM Meets AI: Balancing Risk & Reward

by Corporate Compliance Insights
May 13, 2025

Is your organization prepared for the dual challenges of AI in third-party risk management? Whitepaper Where TPRM Meets AI: Balancing...

robot reviewing contract

9 Emerging Use Cases for AI in TPRM

by Miriam Konradsen Ayed and Craig Moss
May 6, 2025

(Sponsored) As third-party ecosystems grow more complex, compliance teams face mounting pressure to assess and monitor external relationships effectively. Miriam...

serious fraud office website

The Carrot and the Stick: UK’s SFO Clarifies Self-Reporting Benefits for Corporate Offenders

by Jonathan Armstrong and Vivien Yanni Gan
May 5, 2025

New director promises faster investigations and clearer outcomes for organizations that proactively disclose bribery offenses

Next Post
glowing gauge showing high risk on black risk management concept

Keeping Up with Evolving Risk Factors in the New Normal

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights