Companies with operations around the world face the reality of having to deal with an often complicated web of interconnected third-party entities and organizations and will usually create third-party risk models to produce an objective risk score for each one. These models consider many factors, such as the third party’s location, the nature and closeness of the relationship with the third party, the level of control over the third party, how much business it generates and the extent of the third party’s interactions with government officials. However, not all third parties are the same, and after creating a risk-rating model, companies typically face three due diligence options:
For low-risk parties, companies can simply execute an internal review and check publicly available databases such as government watch lists, sanctions and embargo lists.
For moderate-risk parties, companies can perform open-source investigations (OSI), collecting and analyzing all publicly available online information for a third party and its principals after searching in English and native languages.
The due diligence scope required for the riskiest parties exceeds what is typically covered in an OSI alone, especially in developing nations where online information may be limited or where bad actors can easily manipulate local media. In these situations, companies should resort to Enhanced Due Diligence investigations (EDD).
What is EDD?
An EDD investigation includes the elements found in an open-source investigation, as well as a site visit, review of public records, identification and analysis of business partners and local interviews. Depending on the jurisdiction and applicable laws, regulations and availability of data, an EDD investigation can also involve collation of business licenses, articles of association, ownership information and an analysis of the third party’s operation and ability to deliver the agreed-upon goods and/or services.
Justification to Conduct EDD Investigations
Why should companies conduct an EDD investigation when the Internet provides them with access to an unimaginable volume of data at their fingertips? In an era that places considerable reliance on online data, an EDD investigation marries the availability of online information with local knowledge, resources and honed investigative skills by expert researchers to provide company executives with critical intelligence that goes beyond publicly available data in terms of accuracy, reliability and validity. Being able to access this level of dependable information, in turn, allows companies to make fully informed, risk-based decisions regarding their engagement with third parties presenting the highest inherent compliance risk.
Based on real-world examples from past investigations, the following are three scenarios where EDD helped avoid costly mistakes with high-risk third parties.
Scenario #1: A Mound of Dirt Instead of an Office
An EDD investigation conducted for a Fortune 500 oil services company led to the discovery of a vacant, undeveloped lot instead of the complex headquarters of an African-based intermediary shown on the third party’s website. The images, which were taken from another company’s website, initially convinced the client of the third party’s legitimacy. However, a local investigator recognized the company’s address as a street in an undeveloped section of the city and confirmed his suspicions when he visited the site and discovered a vacant lot used to store dirt excavated from nearby land.
The third party’s principals created the website and falsified company-related documents in a scheme to convince prospective partners of its legitimacy. In reality, the company was part of an elaborate plot that mid-ranking government officials devised to solicit, receive and mask kickbacks related to the approval of permits.
Scenario #2: Confusing Corporate Structure Hides Government Officials
An EDD investigation of a Chinese-based sales agent uncovered a network of shell companies in which government officials held hidden ownership interest in numerous third parties.
The creation of the shell companies corresponded with the announcement by a large global client of its intention to establish operations in the Asia-Pacific region, including Japan, the Philippines and China.
Within days of creating the shell companies to disguise beneficial ownership by government officials, the third party contacted the client’s representative and offered to help the company begin operating in China. The third party boasted of their ability to provide introductions to government officials responsible for granting licenses and permits to foreign companies. These happened to be the same officials with the disguised ownership interest in the third party in question. The client did not engage any of the third parties connected to the scheme.
Scenario #3: Third-Party Bankruptcy and Fraud Claims Unfounded
Prior to signing an agreement with a plastic pellet supplier based in Brazil, a client received an anonymous, handwritten note alleging that the supplier had previously filed for bankruptcy protection, and subsequently, reorganized under a new name. The note also alleged that several of the company’s principals had used an over-billing scheme to commit fraud against another multinational.
In light of the allegations, several of the company’s Brazil executives refused to engage the third party, and the multinational’s compliance department requested an EDD investigation of the supplier.
The EDD determined that the bankruptcy and fraud allegations were unfounded. In fact, the third party suspected that a former executive who had just left the company to join a competitor had fabricated the allegations in an effort to win the business for his new employer.
Leave EDD Investigations to the Professionals
When conducting an EDD investigation, it is important to abide by local data privacy laws and realize that an inexperienced, unqualified or overly zealous investigator could inappropriately handle information and create new risks for the firm. Given the sensitive nature of the data involved, EDD investigations are best left to professionals with high ethical standards.
Key Takeaways – When Enhanced Due Diligence is the Right Choice
Conducting third-party due diligence plays a critical role in ensuring that companies comply with global anti-bribery and anti-corruption regulations. The risk model should designate the type of due diligence performed on a third party, which is a function of the nature and guidance of a robust third-party compliance program.
While each type of due diligence serves a purpose, an EDD with field-based investigation is the only suitable option for third parties that present the highest risk. When a company is under regulatory investigation for ABAC violations, regulators pay close attention to the steps that multinationals follow when administering their third-party compliance program and may decline to pursue charges if a company demonstrates its commitment to compliance. Failing to conduct an investigation commensurate to the level of risk a third party presents may preserve a portion of the compliance budget for future expense. However, it also exposes multinationals to unspecified and potentially catastrophic future compliance risks.
A version of this article originally appeared on STEELE CIS’ website.
Dennis Haist is General Counsel and Compliance Advisor for STEELE CIS and its affiliated companies. Previously, Haist served as Vice President and General Counsel of Dillingham, an international engineering and construction company. He has developed corporate compliance programs and conducted internal investigations in the areas of antitrust, FCPA and false claims.
