Use this button to switch between dark and light mode.

Stop the Risk: Asking the Right Questions for Complete Due Diligence

May 08, 2023 (7 min read)
Ask the right questions to conduct thorough due diligence

With the rise of mandatory due diligence legislation, it is no longer sufficient for compliance officers to screen a third party for indicators of bribery and corruption alone. Effective due diligence in the modern business environment should also encompass Environmental, Social and Governance (ESG) factors like a company’s human rights record and environmental impact.

More countries have adopted—or are considering adopting—a version of a Deferred Prosecution Agreement which incentivizes companies to follow a rigorous due diligence and compliance checklist. Where once the US FCPA stood virtually alone as the legal threat to foreign bribery, companies operating internationally are now at risk of prosecution for activity in their supply chain in multiple jurisdictions.

While there are important differences in national anti-bribery and corruption laws, following best practices around due diligence and compliance makes it more likely that a company will be compliant and be able to identify and manage bribery and corruption risks. This starts with asking and answering the following questions.

In this post, we'll go over the types of questions you should be asking, how to plan for different eventualities and what tools you should be using to conduct your due diligence

Top questions to ask in your due diligence analysis 

How much risk is possible by doing business with the company in question?

If the risk is relatively low like a small, local business with regional suppliers, you can get away with a simplified due diligence process. Perform a check for low-risk entities and individuals, based on information provided by your intended business partner and supplemented by background research using the internet or a specialized due diligence database.

If the risk is relatively high like a business whose operations include working in emerging markets or highly regulated industries and whose third-party connections are unknown, use a specialized database to perform enhanced due diligence. This is the most efficient way to discover signs—through negative news mentions, company data or legal information—that the business in question may pose a risk due to past or current economic offenses or payment difficulties. Some databases will provide a risk score and automatic updates when the risk level changes and allow compliance officers to produce reports ready for the C-suite and auditors.

If the risk is very high, but it’s a high-value contract and enhanced due diligence has raised issues that need further checking, bring in an outside advisor. There are professional bureaus that may uncover additional information through local investigations which are unlikely to be discovered using online resources alone.

Are there any Politically Exposed Persons (PEPs) involved in the commercial relationship?

If you know some PEPs may be involved in the relationship, then it is essential to check for potential PEP risk against individuals, the company and wider associates. Specific datasets on companies and executives can help you to identify PEPs, while adverse news searches may indicate additional risks. Conducting ongoing monitoring of all names against PEP lists is also recommended as an individual’s status may change.

Even if the relationship is not political in nature, it is still recommended to check for potential PEP risk in relation to the individuals in question, the company and wider associates. That’s because people who have links to government officials and politicians may pose a corruption risk. If you are active in the financial sector, it’s especially important to conduct PEP checks, but other sectors such as pharmaceuticals have proven vulnerable as well. .

Have you investigated any adverse reports about your business partner?

Analyze adverse news about your business partner—and not just by looking at recent news reports. If you uncover negative news about the business such as an alleged connection to corruption, you should investigate further before getting into a business relationship. If the business is still embroiled in corruption scandals, you may end up being liable for offenses yourself. News sources should be global and in multiple languages, reflecting the international nature of supply chains and corruption risk.

Is the business or individual currently involved in legal issues or do they have a litigious history?

There are clear ways to know that a third party may cause you a problem without an official PEP designation or corruption charge. Look for legal cases related to the business that could point to bad practices. Lawsuits related to product liability could pose both reputational and financial threats. Likewise, bankruptcies and liens could signal a financial risk.

Have you obtained information about a third party’s true beneficial owners?

Nowadays, it is no longer straightforward to identify true beneficial owners if the business in question is reluctant to cooperate. Concealed beneficial ownership, however, presents intrinsic risks so we recommend robust ongoing due diligence. This can minimize the risks of hidden corruption, bribery and money laundering.

Do you have the data you need to assess corruption risk?

Companies often have a lot of data on their customers—for example, individual banks record millions of transactions. But this is rarely enough to identify the risk that a current or prospective third party is implicated in bribery and corruption. It is usually necessary to buy in trusted and accurate datasets on companies, sanctions, watch lists, legal cases, PEPs, adverse news and more. Companies can either integrate this data into their own due diligence process or use an external tool to carry out due diligence and ongoing monitoring. In the following section, we look in more detail at the sources you need most.

MORE: What is Unstructured Data?

What datasets should you use for your due diligence checks?

Now that we've gone over what to look for in your due diligence screening processes, let's take a closer look at different types of datasets you can use for your due diligence. Depending on what you're screening for, you'll want to consider one or more of the following. 

Sanction lists

Sanction lists identify countries, entities and individuals against whom national or international sanctions have been imposed in connection to conflict, human rights abuses, terrorism or other serious offenses. Sanctions may stem from one or more resolutions of the UN Security Council, decisions by other international cooperative bodies, and national government rulings.

Examples of sanctions include arms or trade embargoes, bans on immigration, freezing of bank accounts and restrictions on diplomatic or military relations. The important sanctions lists include those of the United Nations Security Council (UNSC), the US Office of Foreign Assets Control (OFAC), European Union Common Foreign and Security Policy (CFSP) and the UK HM Treasury.

Watch lists

Third parties should also be screened against relevant law enforcement lists from Interpol, the US Federal Bureau of Investigation (FBI), and national or regional wanted lists issued by police forces in any countries connected to the business or individual subject to your due diligence investigation.

Such lists may be related to terrorist screening or criminality. Crime-related lists, for example, contain information about natural and legal persons regarded as risks. These would include sentenced criminals and known names from the world of organized crime.

PEP lists

Even if someone you are working with has held an important post in an international organization, they may not be considered a PEP. For the purposes of due diligence,  international and national PEPs include example government leaders, eminent politicians and top military officials,  but not individuals who fulfill or have held important posts in an international organization (directors, top managers, etc.) and their immediate support staff.

If a potential customer or business partner is identified as a PEP, you must ensure effective risk management by means of an enhanced due diligence procedure.

Compliance-related lists

Compliance-related lists contain information about natural and legal persons against whom enforcement measures have been taken, such as a fine, restriction of commercial activities or exclusion. Examples of compliance-related lists are the Financial Claims Enforcement Network List and the World Bank List of Debarred/Ineligible Firms.

Company and Ultimate Beneficial Ownership data

A company profile contains information on the formal legal incorporation of the business in question, its corporate structure, ownership relationships, control mechanisms and so on. Data on Ultimate Beneficial Ownership is particularly important as it helps compliance officers to understand the full picture of who controls third parties. The pace of change in corporate structures means that this data should be refreshed regularly as part of an ongoing monitoring process.

ESG data

ESG risk assessments are challenging for many reasons. One such reason, cited recently by the Hong Kong Institute of Certified Public Accountments, is that the diversity of ESG information makes standardized reporting difficult.

Nonetheless, a third party’s ESG record can be assessed by carrying out targeted searching for key terms (from “environmental” to “forced labor”) across a database holding wide range of trusted sources. This should include news coverage, PEPs and sanctions lists, financial reports and more.

Legal proceedings

Compliance officers should check summaries of legal proceedings in which the legal or natural person in question may have been involved.

News reports

Current and archived news reports can play a useful part, for instance for checking the reputation or official status of natural and legal persons. Regard news reports as a supplement to traditional sources for a due diligence investigation. Data should be scraped from a long list of authoritative news sources across the world – preferably tens of thousands of sources. Being able to filter for negative mentions is useful for exposing the risk of unethical conduct.

MOREThe 6 Kinds of Datasets Critical to Your Due Diligence Investigations

Improve your due diligence efficiency

By checking across a broad collection of content relevant to due diligence investigations, you reduce the risk of overlooking important information or failing to satisfy the statutory compliance requirements.

Using a tool like Nexis Diligence+ makes your compliance efforts easy by allowing you to access multiple datasets and screen across different entities all in one place.