This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.
Due diligence of third parties can drive you crazy. You know you are in trouble when you start babbling to yourself and others about red flags, more red flags and even more red flags. You can start thinking that the movie, “The Shining” was a documentary depicting your third-party due diligence process.
When this happens, you need an intervention. Someone has to say, enough is enough.” It is hard to do, because you always fear that under this last rock is going to be something so significant that it would change your overall assessment.
Due diligence is not an inquiry tied to findings beyond a reasonable doubt. It is guided by the principles of “reasonable inquiries.” In other words, it does not mean a complete investigation of every known fact about a company or its owners. Instead, it means reasonable inquiries guided by risks surrounding circumstances and red flags.
Two important points have to be remembered:
First, the importance of a due diligence inquiry is to document a careful review of the potential third-party and to address any specific red flags that may come up. It is impossible to define every red flag that may come up – the common ones all make sense, but others can come up.
Each red flag has to be addressed and resolved one way or another. There are many ways to resolve red flags, and that can be the subject of another posting. In the absence of some effort to address a red flag, the company’s risk increases. Why? Government prosecutors can cite each unaddressed red flag as evidence of willful blindness. If they find enough of them, they will prosecute the company and possibly individuals, claiming that the company possessed the requisite “corrupt intent.”
Second, it is critical to consider the context in which this inquiry is conducted. It is impossible to predict in advance who among your third parties will engage in bribery. No one can read minds and no one can predict future behavior with any degree of certainty. The context for due diligence has to be remembered.
It is possible to become paranoid when conducting due diligence, especially when reviewing a third party in a high-risk country such as China, Russia or India. It becomes difficult when you cannot find any real red flags and you think to yourself there has to be a red flag somewhere, or else I am not doing my job.
You can only do what you can do. So long as you document the process, engage in risk ranking and allocate your time and resources based on the potential risks, you will be fine.
It is important, however, to know when enough is enough. Remote allegations in a local newspaper about potential misconduct do not by themselves require that you launch a full-scale investigation. Many times these allegations are politically motivated or made with little corroboration.
Like I said, the context and the surrounding circumstances in a due diligence inquiry are key. As long as you keep that in mind, everything will be all right.
Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services. He can be reached at 
