Conducting due diligence on your third parties is an integral part of running a compliance programme, as it helps you uncover risks that might otherwise slip past if third parties simply answered questionnaires or were trusted to self-disclose information.

Here we discuss four things you should get from a good due diligence report.

1. Integrity and compliance risk knowledge
First and foremost, at its bare minimum a due diligence report gives findings about a third party’s history of compliance to laws on anti-bribery and anti-corruption (ABAC), fraud and money laundering, and anti-competitive behaviour. The report should provide details about any media reports, investigations, legal proceedings, enforcement actions, sanctions and fines, and any other run-ins that the third party has had with the authorities.

In places where laws are poorly enforced, press is severely restricted, illicit dealings are deeply entrenched in business, or business is run with very limited transparency, this information is especially important, so it is essential to source information from on-the-ground sources, such as former employees, clients, local partners and business journalists. What these sources know about the third party and its reputation locally and within its sector, including possible associations with influential persons or illegal organisations, can be very beneficial.

2. Business and operational risks visibility
A comprehensive due diligence report also gives information about the business and operations of a third party, and the related risks the third party may bring into your business if it is onboarded. For example, a third party may be compliant with local and international ABAC regulations; however, if its financial statements underline a steady increase in losses in the past few years, it might not be wise to onboard this third party.

Checking for operational risks also looks at the size of the third party, how long the third party has been operating, the third party’s locations and whether these locations make sense for business, and the third party’s overall presence in the market. A good due diligence report not only informs you about a third party’s compliance issues but also – and this is equally important – about its ability to do business with you and fulfil its obligations to you.

3. Expert insights and onboarding
The report needs to prioritise the findings that are valuable to your purpose for conducting due diligence in the first place and present these findings in the context of the location, industry and laws applicable to the third party. For example, while a third party might have been listed as having breaches in health and safety regulations, we cannot just reject onboarding this third party – some analysis is required. The finding must be put into the context of the third party’s industry and location, and whether such breaches result in material risk for the third party and, potentially, your business. Such risk prioritisation and insight are things only country and industry experts can provide. In short, some things might look like a major risk, but further analysis from local experts may suggest otherwise.

Going further, quality reports will contextualise the identified risks based on the type of engagement you will have with the third party. The nature and severity of the risks of a potential distributor, for example, are inherently different from those of a supplier: the risks of a potential distributor may lie with its compliance primarily to ABAC laws, while those of a supplier may lie with its compliance to environmental, social and governance standards. In other words, we need our distributors to engage in ethical business while our suppliers need to have minimal risks related to potential disruptions to operations.

4. Steps to become an appropriate candidate for your distributor or supplier programme
A good report presents the risks and provides expert insights. What now? A best practice report will also provide ideas on the possible measures that the third party can implement to ensure they are a suitable candidate for becoming your business partner.

For example, if a report revealed that the third party was recently investigated in relation to an allegedly rigged government bidding, and local expert insight suggests these types of investigations often imply civil and criminal liabilities, the action to be taken by the third party can be as simple as full disclosure of their exact involvement and the legal remedies they have taken to mitigate the risks to your business. This information will help you determine whether it is worth having this third party in your partner programme.

Essentially, the benefits of a good diligence report can be summarised as providing value to your business by bringing you quality and useful information about your third parties. Information is power. That is applicable in many areas of business, and it is certainly applicable in compliance.

Paul Garcia
Research & Analysis Associate
marketing@redflaggroup.com

The Red Flag Group
21/F Cityplaza Three
14 Taikoo Wan Road, Taikoo, Hong Kong T: (852) 3185 0700
F: (852) 3185 0701
E: info@redflaggroup.com
W: www.redflaggroup.com

Related Articles

An Innovative Approach to Compliance Case Management [Brought to you by Intralinks]

by Intralinks |

How technology can help institutions automate processes, address today’s regulatory world and avoid risk.

Is your firm cybersecurity-ready? [Brought to you by SS&C Intralinks]

by Intralinks |

Like all industries, law firms are susceptible to cyber-attacks. In 2016, the Panama Papers leak shocked the world and brought cybersecurity to the fore. What came to light wasn’t only how politicians and world leaders exploit secretive offshore tax regimes; but also the rather astonishing lack of basic security practices on the part of the law firm Mossack Fonseca.

Q&A with Beomsu Kim, one of ALB Asia Super 50 Disputes Lawyers [Brought to you by KL Partners]

by Asian Legal Business《亚洲法律杂志》 |

The most effective strategy in dispute resolution is to explain the client’s position to the court or arbitral tribunal in a clear and comprehensive manner.