Risk consultants receive calls daily from clients seeking to do business in overseas jurisdictions; in many cases, it is the first time they are contemplating operations in those countries. Whether it’s a product of their own internal compliance guidelines, the threat of increased Securities and Exchange Commission (SEC) and Department of Justice (DOJ) enforcement of the Foreign Corrupt Practices Act, a previous experience or just a fear of not getting the right structure in place for a new venture, they’re asking the right questions and seeking professional assistance before jumping into the new marketplace.
This year’s survey findings justify their concerns. For companies actually affected by fraud, the category with the biggest jump was in vendor/supplier/procurement relationships – up from last year’s 12% to 19% now. When nearly one in five companies is experiencing fraud in this area, investing in the right due diligence can save millions of dollars and countless management man-hours negotiating opportunities and avoiding pitfalls.
While the problem is widespread, and depending on the jurisdiction seemingly intractable, many of Kroll’s clients are experiencing positive results with a three-pronged approach seen below.
Kroll’s clients are experiencing positive results with a three-pronged approach:
Management setting the tone from the top with a commitment to a strong compliance ethic
Creating and maintaining a robust compliance program
Conducting appropriate levels of due diligence that are commensurate with the scope of the transaction and jurisdictional transparency
1. Commitment to Compliance Must Come From the Top
A strong commitment to compliance, driven by the company’s senior management, is key for reinforcing an environment that helps employees stay focused on operating ethically. It also creates the expectation that all new ventures receive an appropriate level of due diligence review.
2. Robust Compliance Programs Standardize Procedures
In addition to setting the tone from the top, organizations also need a robust compliance program that ensures a standardized process is undertaken at all levels and subsidiaries of the company. This is especially critical for when new agents, joint venture partners, vendors, suppliers or other third parties are brought into the corporate fold. At a bare minimum, the program should encompass some basic due diligence as well as components that confirm each relevant person’s awareness and assurance of a commitment to follow the company’s ethics and compliance policies and procedures.
3. Right-sizing Due Diligence Efforts Can Pay Off in the Long-term
For significant commitments to new ventures, however, more comprehensive investigative due diligence may be necessary. This is often true in jurisdictions where corruption and bribery are prevalent in the conduct of business. Exactly whom is the company interacting with to get the deal done? Are there government officials involved and in what capacity? This has been a particular area of SEC and DOJ interest over the last couple of years, with sizeable fines for payments of bribes by subsidiaries to government officials. Just in 2013, these fines have topped $400 million. Particularly in countries where the availability of public records is thin, boots-on-the-ground reputational inquiries are often the only way to ascertain relationships held by the agents/ third parties and their ability to bring the deal to fruition as they claim, in an appropriate manner.
How Much Due Diligence Is Needed?
That is the million-dollar, unanswered question. The short answer is: It depends. The US Securities Act of 1933, the Foreign Corrupt Practices Act, UK Bribery Act and other regulatory acts don’t specifically define the level of due diligence required. Instead, they use words like “robust,” “appropriate,” “enhanced” and “adequate.” In essence, regulators seem to want to ensure that parties find any potential problem. For example, if a material issue is not identified, the authorities could arguably question whether the level of due diligence was appropriate.
Certainly in jurisdictions with less transparency, where the availability of public records is slim or non-existent, where independent media is censored/restricted, or where corruption and bribery are common ways of doing business, more comprehensive due diligence is advisable. Particularly in these instances, the due diligence should follow a more rigorous investigative methodology rather than the more simple screening regimen. This involves an iterative research process, challenging data found and re-researching findings and conducting analysis to fully understand the implications of those results. Combined with local source inquiries of knowledgeable resources, these efforts can help a client feel more comfortable about the level of understanding they have with regard to their business partners and third parties.
On a recent joint venture relationship opportunity in the Middle East, the client asked Kroll to conduct investigative due diligence into principals of the company. Our research quickly started identifying flags about the subjects, including the fact that their bios, word for word, were identical to the bios of other individuals involved in the same line of business in Dubai – only the names were different. The website for the company had only been formed a couple of years ago, odd for a company with 18+ years in business. Worse, we found that the registrant of the website was linked to a known Nigerian fraudster. Needless to say, the client ran from the potential relationship. But it took this investigative level of insight to identify issues that might have otherwise slipped through lighter levels of inquiry.
So, perhaps, the answer to the million-dollar question isn’t a predetermined level of due diligence. Rather, companies should instead focus on compliance programs designed with elements that can raise red flags and identify problems, then escalate due diligence as necessary to deliver the most effective protection and confidence in their new deals.