The Objective of Due Diligence
There is immense benefit to thoroughly vetting third parties, and it goes far beyond avoiding enforcement actions from the likes of the SEC, DOJ and other regulatory agencies. When you do business with risky suppliers and vendors domestically or abroad, you put your organization’s reputation at risk – and that’s a costly gamble to make.
There has been so much attention paid to due diligence. We have reams and reams of articles highlighting the importance of due diligence. In addition, numerous vendors of due diligence services and technologies fill the marketplace with whitepapers, articles and information underscoring the importance of due diligence and advising on how to conduct effective due diligence.
There is nothing wrong with the attention paid to this important issue. Frankly, over the last 10 years, we have seen an explosion in due diligence issues. Given the Justice Department and the SEC’s focus on third-party risks in the FCPA context, such attention is justified. Years ago, companies conducted minimal (if any) due diligence of third parties, and procurement functions related to vendors and suppliers were focused on financial capabilities and quality issues.
The growth in due diligence systems has been marked over the last 10 years. More companies are implementing robust due diligence systems for third parties, vendors and suppliers, and many are purchasing automated due diligence systems.
There is no question that the motivation for improving due diligence systems has been a direct response to the government’s aggressive enforcement program. As everyone knows, a high percentage of FCPA enforcement actions involved third parties who engaged in or facilitated bribery schemes.
A robust due diligence program identifies potential risks in engaging a specific third-party. Based on due diligence, a company may decline to engage the third-party or design and implement a number of risk-mitigation strategies. In the end, the company’s due diligence system is focused on legal risks from engaging the third party. A risky third party in this context may be likely to engage in bribery to further the company’s business operations.
In the event that the company faces an FCPA investigation, the company will often rely on robust due diligence and mitigation strategies to counter any claim that it “knowingly” engaged the third party with the intent to promote a bribery scheme. Company lawyers will cite the due diligence, monitoring and auditing activities to show that its actions were contrary to an inference of a “knowing” violation.
While this scenario is an important reason for implementing a robust due diligence program, there is more to this issue. Legal risks are one type of serious risk. Another category of risks relates to reputational risks. A company does not want to “do business with” or “associate” with another person, entity or company that itself has a poor reputation or engages in other types of misconduct.
A company creates significant risks when it retains another company that relies on child labor, engages in slavery, violates environmental laws or engages in illegal anti-competitive practices. In other words, a company has to avoid engaging other companies that raise reputational risks.
A company’s reputation for ethical business practices can suffer real and substantial harm when it engages with companies that flagrantly skirt the law or social norms. Such business operations threaten a company’s most significant asset – its intangible goodwill.
A company’s reputation should be promoted as an important aspect of a company’s culture. Employees want to believe in the mission of the company, and adherence to ethical business practices is essential to protecting the company’s integrity.
An important means to protect the company’s reputation is to ensure that the entities with which the company interacts have comparable commitments to ethics and integrity. This is where due diligence comes in and provides an important check on company operations. Due diligence has a broader purpose than just managing legal risks – companies conduct due diligence to protect and promote their culture.
This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.
