Wed, Oct 18, 2023

Cracking the Code: How Risk-Based Due Diligence Protects Your Money from Financial Predators

In an era marked by unprecedented technological advancements and an increasingly interconnected global economy, the realm of finance has witnessed a surge in complexity and innovation.

This article was originally published by LEC

In an era marked by unprecedented technological advancements and an increasingly interconnected global economy, the realm of finance has witnessed a surge in complexity and innovation. However, this progress has also ushered in new challenges, particularly in the realm of financial crimes. Financial crimes have been on the rise due to current economic pressures, geopolitical tensions, an increasingly diverse regulatory environment, government scandals, public corruption, the post-COVID era, and Russia’s war on Ukraine, among others. According to Kroll’s 2023 Fraud and Financial Crime Report, financial crime continues to be a leading threat globally: 69% of global executives and risk professionals surveyed expect crime risks to increase over the next 12 months with cybersecurity and data breaches as the primary drivers.

In the face of this dynamically evolving landscape, the role of the compliance function remains more crucial than ever, and the pivotal role of due diligence has emerged as a powerful tool in the ongoing fight against these illicit activities, serving as a beacon to illuminate the path towards regulatory compliance and reputational integrity.

The concept of due diligence has taken center stage, becoming a cornerstone process in the investigation of third parties, customers and employees. This multifaceted approach plays a crucial role in anticipating, detecting and responding to the diverse array of regulatory and reputational risks that accompany the ethical and compliance obligations in today's global landscape.

A Holistic Approach to Risk Mitigation

Within the intricate fabric of any organization, due diligence processes should be seamlessly woven into the fabric of the compliance program. Far from being a mere procedural formality, these processes serve as a robust defense mechanism against potential financial crimes. By meticulously scrutinizing the background, intentions and affiliations of external parties and internal stakeholders, institutions can establish a comprehensive shield against threats that might compromise their ethical standing.

The strategic significance of due diligence is underscored by its alignment with an institution's risk matrix. Every organization navigates a unique landscape of risks, influenced by factors ranging from industry dynamics to geographical reach. As such, due diligence must be tailored to the specific contours of an institution's risk profile. To guide this customization, a set of strategic questions serves as the compass, steering the due diligence process toward a precise alignment with an institution's risk tolerance and strategic objectives. It is from this perspective that we speak of due diligence from a risk-based approach.

Unveiling Strategic Questions

These strategic questions function as the cornerstone of effective due diligence implementation. They serve not only to assess risks but also to mold the contours of due diligence processes in a manner that resonates with an institution's overall strategy. The formulation of these questions pivots around the organization's willingness to embrace due diligence as a proactive force rather than a reactive measure.

Purpose of Due Diligence

The journey begins with a clear understanding of the purpose behind due diligence efforts. Whether it is to ensure compliance with intricate laws and regulations such as anti-money laundering (AML), the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act, or to mitigate local reputational risks, due diligence serves as a linchpin in safeguarding an organization's ethical standing and regulatory adherence. It is a strategic move to anticipate and address potential pitfalls before they materialize.

Scope of Due Diligence

The canvas of due diligence is broad, encompassing a spectrum of individuals and entities. From third-party suppliers and investors to know your customer (KYC) and know your employee (KYE) assessments, the scope is expansive. It extends to sponsorships, donations and even entities involved in merger and acquisition processes. The due diligence net is cast wide, encapsulating all who hold the potential to influence an organization's ethical landscape.

Risk Profile and Tolerance

The risk landscape varies from institution to institution, influenced by industry specifics and geographical footprints. Understanding an organization's risk profile and its appetite for risk is pivotal in shaping due diligence strategies. A delicate equilibrium must be struck between growth aspirations and risk mitigation, guiding the depth and extent of due diligence efforts.

Industry and Jurisdiction Analysis

Industries, like geographies, have their unique risk profiles. A regulated industry may demand a more exhaustive due diligence process. The jurisdiction of incorporation can also serve as a determinant of risk levels. The due diligence process must be attuned to these industry and jurisdictional nuances, ensuring a comprehensive risk assessment.

Relationship Dynamics

The nature of a relationship with a third party influences the perceived risk. Factors such as the level of expected risk, financial relationship size and anticipated duration of the partnership all play a role in shaping due diligence requirements. A discerning analysis of these dynamics guides the due diligence trajectory.

Appropriate Due Diligence Type

Not all due diligence efforts are created equal. Depending on the identified risk factors, due diligence strategies can range from checking risk databases and watch lists to more extensive endeavors involving public record searches and discreet sources. The level of corroboration required informs the due diligence type, ensuring a tailored approach.

Timing and Integration

Time is of the essence in due diligence. Depending on the depth and breadth of the process, the timeline can vary. However, due diligence must be seamlessly integrated into the workflow, factoring into work plans to ensure thoroughness without disrupting operations.

Challenges in the Region

The complexities of due diligence are magnified in different regions, presenting unique challenges and hurdles. In LATAM, these challenges are further underscored by a dynamic regulatory landscape and cultural intricacies. Recent legal amendments have underscored the importance of due diligence, with countries like Costa Rica, Brazil and Chile instituting stringent measures.

Among the challenges faced, several common errors stand out, echoing the sentiments of regulatory bodies like the SEC and the U.S. Department of Justice. These include the failure to conduct timely and sufficient due diligence, the inadequacy of validating information from business partners, overlooking detected red flags, and the perilous "willful blindness”— a deliberate avoidance of crucial facts.

Particularly in LATAM, the main challenges include the lack of digitized and centralized data in some jurisdictions, lack of cultural and jurisdictional awareness, different languages that constitute a challenge in the search and analysis process, third parties with low public profile and no easily accessible public information, and budget limitations in the Compliance area. According to Kroll's 2023 Fraud and Financial Crime Report, 64% of respondents in Brazil and 68% in Mexico agree that third-party gatekeepers create anti-money laundering challenges.

To tackle these challenges, organizations are urged to adopt a series of best practices that can fortify due diligence processes:

Risk-Based Onboarding Questionnaire

Commencing with a risk-based onboarding questionnaire is a prudent step, allowing the creation of risk scores. However, third-party information must be corroborated independently to ensure accuracy and reliability.

Contractual Safeguards

Incorporating compliance requirements and specific language within contracts can hold third parties accountable for illicit activities, reinforcing the importance of ethical conduct.

Anti-Bribery and Corruption Compliance

The absence of an anti-bribery and corruption compliance program in a third party should serve as a red flag. Collaboration to establish such a program could be indicative of a commitment to ethical standards.

Education and Training

Sharing information and providing training to stakeholders about the organization's due diligence commitment bolsters awareness and compliance efforts.

Continuous Monitoring

Internal triggers and controls are essential to monitor changes in risk profiles, and whistleblower policies can facilitate early detection of issues.


Documenting the rationale behind using each third party and maintaining these records for a stipulated duration ensures transparency and accountability.

High-Risk Approval

For high-risk subjects, the decision to proceed with a business relationship should involve collaboration between the compliance officer and senior leadership.

The role of due diligence in preventing financial crime is paramount, woven intricately into the fabric of regulatory compliance and ethical adherence. It stands as a formidable bulwark against the ever-evolving landscape of financial crimes, offering organizations the means to pre-emptively identify, assess and mitigate risks. By embracing due diligence as a proactive measure, organizations can navigate the intricate pathways of global finance with resilience and integrity.

The road ahead is marked by challenges, particularly in regions like LATAM, where unique dynamics demand tailored strategies. However, the key lies in recognizing due diligence not as an isolated process but as an integral component of a holistic compliance program. By aligning with the organization's risk profile, industry dynamics and global best practices, due diligence emerges as a beacon of protection, shielding organizations from the potentially devastating consequences of financial crimes.

As institutions continue to grapple with the complexities of a dynamic financial landscape, the significance of effective due diligence cannot be overstated. It is a beacon of ethical resilience, a safeguard against reputational erosion, and a testament to an organization's unwavering commitment to compliance, thereby shaping a future where financial crimes are thwarted, and integrity reigns supreme.


Legislative Assembly of the Republic of Costa Rica, Law on Liability of legal persons on domestic bribery, transnational bribery and other crimes, No. 9699, 2019.
ACAMS, Glossary of AML Terms, No Date.
Batista, Emanuel, Key Takeaways for Effective Reputational Due Diligence, 2019.
National Congress of Chile, Law 20393, Establishes the Criminal Liability of Legal Entities in the Crimes of Money Laundering, Terrorism, Bribery, Aggravating Circumstances, Extenuating Circumstances, 2023.
Diário Oficial Da União,Decreto Nº 11.129, De 11 De Julho De 2022, 2022.
Kroll, Fraud and Financial Crime Report. Can Technology Stop the Threat of Economic, Crypto and ESG Crimes?, 2023.
Kroll, 2022, Report on Anti-Corruption and Bribery, 2022.
Watt, Michael and Foulon, Veronique, Evolving Challenges with Enhanced Due Diligence, 2021.

AML Compliance Due Diligence

Kroll helps clients navigate the complexities of today’s regulatory environment through a broad suite of anti-money laundering compliance screening and due diligence offers.