12 Tips for an Effective Due Diligence Program for Third Parties


In an evolving global economy, expanding business opportunities often lead to more complex supply channels and business relationships that can increase corruption risks and burden efforts to comply with the applicable laws around the world. Organizations that fail to implement anti-bribery and anti-corruption programs face significant financial and criminal penalties for violating a number of U.S. laws, as well as the laws of other countries in which they do business. Furthermore, many of these laws — such as the U.S. Foreign Corrupt Practices Act (FCPA) — hold organizations accountable for violations incurred by their subsidiaries and/or third parties acting on their behalf.

Given the heightened FCPA scrutiny in the U.S., implementing anti-corruption due diligence programs for third-party agents, consultants, brokers, advisors and others, is critical for organizations doing business outside the U.S. Such programs enable organizations to confirm the legitimacy of their business partners, perform proper risk evaluations and avoid bad business transactions and subsequent liability.

The following 12 tips can help organizations develop and implement an effective due diligence system for evaluating prospective business partnerships and confirming/reevaluating existing relationships.

  1. Define third parties. Establish which third-party relationships should be subject to due diligence. Review all third parties in both sales and supply channels with consideration given to industry and geographic location, services provided, potential contact with foreign government officials and whether they will use third parties themselves to perform their contractual duties. Note that enforcement agencies take an expansive view of who is considered a foreign government official. For example, a federal appeals court recently upheld convictions under the FCPA based on bribery of officials at a state-owned telecommunications company.
  2. Define the risk and level of due diligence required for each third party. Perform a risk assessment using key risk indicators to determine the appropriate amount of due diligence required in each situation. Risk indicators include geographic location, industry, background and identity of the party, government connection, compensation structure of the agreement and how the third party was selected.
  3. Collect, verify and validate all relevant data. Proper due diligence requires gathering comprehensive information on third parties, including their structure, location, ownership, operations, reputation and existing compliance programs. The legal or compliance department should verify and validate the data and investigate any gaps, inconsistencies or other red flags.
  4. Understand how to spot red flags. Ensure that management is aware of red flags that signal the potential for corruption and require more careful review. Some common red flags are payments that cannot be fully or appropriately explained or partners that are strongly recommended or advised by a governmental agency or official. No red flag should be left unaddressed or unresolved, and mitigating measures should reflect the level of seriousness of the red flag(s).
  5. Use technology to make the process more efficient. Technology can help streamline a traditionally paper-based process and allow for data to be more easily sorted and identified. For example, automated red-flag alarm systems provide alerts when a third party raises more than one red flag and requires the approval of senior management. Access to such databases should be restricted, however, and adequate data protection measures should be implemented.
  6. Perform due diligence on all acquisition targets to limit successor liability. Companies can often inherit the liabilities of businesses acquired in a merger or acquisition. Conduct thorough due diligence on any potential acquisition targets to determine if they — or a related third party — have carried out any risky transactions.
  7. Analyze third parties in commercial transactions. Due diligence should be performed in any commercial transaction conducted with a foreign entity or individual. This includes background checks, searching the sanctions list maintained by the Office of Foreign Assets Control (OFAC) and reviewing the exact role of each third party in the transaction to ensure they serve a legitimate need or service.
  8. Manage existing third-party relationships. Organizations should monitor their existing third-party relationships and regularly update risk assessments and due diligence to identify any new red flags.
  9. Train employees. Training is vital for communicating an organization’s anti-corruption standards and procedures to personnel. Effective training should provide an overview of the FCPA and related laws, including its purpose, what types of entities and transactions are covered and how to avoid violations. Where appropriate, organizations may also consider anti-corruption training for agents, contractors and suppliers based on the third-party's risk profile.
  10. Monitor the due diligence process. Senior management should periodically review the suitability, adequacy and effectiveness of a due diligence process to ensure it is properly applied and to deter any potential abuse. Improvements should be implemented as the needs or circumstances of the organization change.
  11. Impose disciplinary sanctions for non-compliance. Make it clear to managers and employees that any abuse or disregard of the third-party due diligence process may lead to disciplinary sanctions, including termination in appropriate circumstances.
  12. Create a system for reporting violations. Implement a process for employees and third parties to report potential violations of the organization’s policies or applicable laws that guarantees confidentiality and the organization’s commitment to take prompt action in response to reported violations.

Effective due diligence measures are a crucial component of a successful anti-corruption program. Educating personnel on how to properly use those measures is key for compliance.

[View source.]


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomson Reuters Compliance Learning | Attorney Advertising

Written by:


Thomson Reuters Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.