Thursday, February 25, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Star Wars and Levels of Due Diligence

by Thomas Fox
December 18, 2015
in Compliance
Star Wars and Levels of Due Diligence

 

We continue our celebration of all things Star Wars, at least as they pertain to the original trilogy, as today we honor Episode V – The Empire Strikes Back, which is my personal favorite of the original three movies. The film begins with a cool battle on the ice planet of Hoth; has some great HR lessons as Darth Vader executes officers for workplace errors; demonstrates some dangers involving ineffective training for Luke Skywalker on the tropical plant of Dagobah, where he travels to learn under the Jedi master Yoda, who utters the immortal line “Try not! Do, or do not. There is no try;” and ends in Cloud City, a floating gas mining colony in the skies of the planet Bespin run by Han Solo’s old buddy, Lando Calrissian. It also has one of the greatest movie lines of all-time, thundered by Darth Vader to Luke Skywalker, “I AM YOUR FATHER,” toward the end of the film.

Solo and Calrissian go way back, and Solo trusts him. Of course, Solo won his starship, the Millennium Falcon, from him, but they are still good friends.  This friendship is sorely tested when Vader and his Imperial Troops arrive to entice Luke to come to save his friends and battle Vader, which is where the reveal of fatherhood occurs.

I thought about these last two points in the context of knowing who you are doing business with under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof.

One of the areas I still receive questions about are the different levels of due diligence. Based upon the information provided by the Department of Justice (DOJ) over the years, from deferred prosecution agreements (DPAs) to opinion releases and enforcement actions, I break due diligence down into three stages: Level I, Level II and Level III. Candice Tal, Founder and Chief Executive Officer (CEO) of Infortal Worldwide, in an article entitled “Deep Level Due Diligence: What You Need to Know,” laid out some of these concepts.

Level I

First-level due diligence typically consists of checking individual names and company names through several hundred global watch lists comprised of anti money laundering (AML), anti-bribery, sanctions lists and other financial corruption and criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures, demonstrating a broad intent to actively comply with international regulatory requirements.

Level II

Level II due diligence encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries, plus detailed Internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties. I believe that Level II should also include an in-country database search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records, use of in-country sources to provide assessments of the third party, a check for international derogatory electronic and physical media searches and English and foreign-language repositories searches in its country of domicile; if you are in a specific industry using technical specialists, you should also obtain information from sector-specific sources.

Level III

This level is the deep dive. It will require an in-country “boots-on-the-ground” investigation and is designed to supply your company “with a comprehensive analysis of all available public records data, supplemented with detailed field intelligence to identify known and — more importantly — unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in-country investigation.” Further, the “direction of the work and analyzing the resulting data is often critical to a successful outcome … and key to understanding the results both from a technical perspective and understanding what the results mean in plain English. Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”

But more than simply an investigation of the company, critically including a site visit and coupled with on-site interviews, Tal says that some other things you investigate should include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business and public perceptions of impropriety should they be disclosed publicly.”

Further, you may need to engage a foreign law firm to investigate the third party in its home country to determine the third party’s compliance with its home country’s laws, licensing requirements and regulations. Lastly, and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance, as one of the most important inquiries is not legal, but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or if they objected to the scope, coverage or purpose of the FCPA, you can use a Level III to determine if the third party is willing to stand up under the FCPA and if you are willing to partner with them.

The Risk Advisory Group created a handy chart of its Level I, II and III approaches to integrity and due diligence. I have found it useful in explaining the different scopes and focuses of the various levels of due diligence.

tom fox table
May the force be with you. If Han Solo had done a deep dive into his friend Lando Calrrisian, he might have well determined that the Empire had arrived at the Cloud City before he and his team did. Then again, we might not have heard that seminal line, “I AM YOUR FATHER.”

 


Previous Post

The Dangers of Letting Bribery Go Undetected

Next Post

Who Should Regulate GMOs?

Thomas Fox

Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and international transactions. He was most recently the General Counsel at Drilling Controls, Inc., a worldwide oilfield manufacturing and service company. He was previously Division Counsel with Halliburton Energy Services, Inc. where he supported Halliburton’s software division and its downhole division, which included the logging, directional drilling and drill bit business units. Tom attended undergraduate school at the University of Texas, graduate school at Michigan State University and law school at the University of Michigan. Tom writes and speaks nationally and internationally on a wide variety of topics, ranging from FCPA compliance, indemnities and other forms of risk management for a worldwide energy practice, tax issues faced by multi-national US companies, insurance coverage issues and protection of trade secrets. Thomas Fox can be contacted via email at tfox@tfoxlaw.com or through his website www.tfoxlaw.com. Follow this link to see all of his articles.

Related Posts

illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
King & Spalding: GC Decision Tree for Internal Investigations

King & Spalding: GC Decision Tree for Internal Investigations

February 19, 2021
mini businessmen separated by COVID particles

Compliance, Culture and COVID

February 9, 2021
closeup of gear shift with red face

Preparing for the Inevitable Regulatory Policy Shifts in Q1 2021

January 29, 2021
Next Post
Who Should Regulate GMOs?

Who Should Regulate GMOs?

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights