The First Step in Any Due Diligence Inquiry
[T]here are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – there are things we do not know we don’t know. — former Secretary of the Defense, Donald Rumsfeld
It is getting pretty crowded these days out in the Anti-Corruption Compliance space. There are more and more companies, consultants, software providers and other entities offering to provide the right mix of information and data needed to support a due diligence review of a third-party, joint venture partner or acquisition target. These companies, consultants and investigators are at the infancy of this new and sophisticated industry. Just look on the Internet for information and you will be overwhelmed.
How does a Compliance Officer shop intelligently for the right mix of information? Hopefully, the CCO will not just rely on word of mouth recommendations. What are the right questions to ask?
Of course, it depends on the 4 Ws – who, what, when and where. The due diligence process has to be documented – at every step of the process. When I say documented, I do not mean reams and reams of paper but a good accurate summary of what was done and why cerrtain decisions were made. So long as these are completed in good faith and with reasonable explanations, a company will be fine.
Let’s be clear — we are not talking about conducting a financial audit or due diligence review, but we are talking about a due diligence investigation for potential corruption risks. The first, and most important question, is who are the parties to the project? How does a company find out about all of the related and affiliated parties, along with the complicated issue of personal relationships among family members and even political connections and relationships.
Companies have been conducting due diligence reviews for financial and legal issues for years – anti-corruption due diligence is another matter, which frequently requires a greater in-depth analysis and fact checking. A known relationship with a government official could take on monumental significance in an anti-corruption assessment and is usually of much smaller significance in a financial or legal due diligence process.
The best source of information is usually local in nature – and it is hard to get boots-on-the-ground investigations in some of the developing countries. With time, this market will – and should – develop with new entrants or expansion of existing companies into this lucrative area.
Basic reviews should include collection and review of:
1. Publicly-available information about criminal and civil litigation, including government enforcement and private litigation, relating to all parties – owners, investors, and associated financial institutions
2. Federal sanctions lists — Office of Foreign Assets Control (OFAC) , global watchlists, Politically Exposed Persons (PEP).
3. Newspapers, magazines, journals, NGO reports. Rumors or unsubstantiated reports need to be gathered, only to be assessed and resolved in a due diligence review.
4. Company records, ownership reports, court records, business references, real estate records, and any other available information on assets or other related items.
5. The physical facilities maintained by the company, especially those smaller businesses in high-risk countries and industries.
A run-of-the-mill background check does not satisfy the due diligence requirement. The real work is in following up on the information gathered to determine what issues require further inquiry and the undisclosed gaps in intelligence. The trick is to assess the implications of the information, what you need to know, what you do not know, what you will never know, and how to weigh all of this information.
This is your basic first step – before you unleash your questionnaires, before you interview any business references, before you interview any parties, and before you do anything – you need an initial complement of information to determine what your next steps need to be.
Michael:
Correct as always.
The key is to conduct a risk assessment including a country/region reputational analysis. A standard background check may satisfy in Norway, but in high risk locations like China, Russia etc. we at Guardian Consulting LLC recommend to our clients a “boots on the ground” research process with native resources overseen by Americans with in-country experience, peeling back several layers, looking for possible cutouts, verifying supplied information. And of course it is vital that all steps are documented and archived so it can be used as part of defense/mitigation in case something comes up later.