How to Perform Due Diligence on International Business Partners
For a free due diligence consult enter your contact info here or to DIY it read below
How to Perform Due Diligence on International Business Partners
Enforcement actions by the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) for insufficient due diligence on international business partners are underscoring the point that a cursory approach no longer suffices. In the aftermath of such actions, conducting due diligence on international business partners has become a leading practice for companies operating in global jurisdictions. While the due diligence effort may lengthen the start-up time for a new business partner relationship, failing to do so can have considerable negative financial and operational repercussions for companies seeking to conduct business internationally.
The U.S. Foreign Corrupt Practices Act (FCPA), U.K. Bribery Act and multinational agreements oblige companies to “know" their foreign counterparts, but there is no regulatory guidance specifying a minimum level of due diligence to be conducted. “This ambiguity can make it tempting for companies to take a cursory swipe at due diligence—review one database, check the ‘all clear’ box and enter into a business agreement," says Toby Bishop, director of the Deloitte Forensic Center for Deloitte Financial Advisory Services LLP. “The SEC and DOJ judgments show that it’s far better to proceed carefully and thoroughly with any new business relationship."
According to an informal online poll of business executives taken last December during a Deloitte webcast, "Third-Party Business Relationships: Emerging Issues and Regulatory Risks," 42.9% of 1,339 respondents estimated their organization performs due diligence and risk assessments on half or fewer of third-party business partners, while only 13.4% of the respondents estimated the percentage between 76% and 100%. The cost of implementation was named by 30.8% of 1,335 poll respondents, second only to those who didn’t know (33.5%), as the biggest challenge to implementing a companywide third-party risk assessment and due diligence program.
“Increasingly, companies will be expected to conduct a deeper, more systematic investigation of potential international business partners, and CFOs can spearhead that effort by establishing a due diligence process that involves collecting information from the business partner, verifying the data and following up on identified red flags," says Mr. Bishop. A recent report from the Deloitte Forensic Center, International Business Partner Due Diligence: How Much is Enough? authored by John Leonard, senior manager in the Forensic and Dispute Services practice of Deloitte Financial Advisory Services LLP, explores options for information-gathering and examines factors in the due diligence process for CFOs and other senior business leaders to consider.
Common Due Diligence Pitfalls
Enforcement actions filed by the SEC and DOJ reveal some common due diligence pitfalls to consider when designing an effective compliance program, including:
Failing to conduct timely and sufficient due diligence—SEC and DOJ enforcement actions have cited situations where companies engaged business partners and conducted due diligence after the fact. In addition, many companies often rely on their own employees to complete internal documents without requiring the overseas business partner to answer specific questions.
Failing to adequately verify information provided by business partners—Numerous SEC and DOJ enforcement actions have criticized companies for failing to verify information disclosed on questionnaires completed by business partners.
Failing to act on identified red flags—The DOJ has also opined on the need for companies to act on risk factors identified during the due diligence process.
Approaching Due Diligence
There is no law or regulation specifying exactly the process for, or the sufficiency of, international due diligence. Mr. Bishop notes, however, that “the examples of enforcement actions in the report provide some guidance for what is expected of companies operating overseas." He points to the following three steps companies can consider taking in their investigation of a potential international business partner:
Require the business partner to disclose information on a questionnaire.
Use a risk-based approach to verify the information provided and independently identify adverse information.
Take action on any identified red flags uncovered in the process.
“Companies can design an effective and thorough questionnaire for business partners that asks reasonable questions and puts the business partner ‘on the record’ regarding certain key issues," says Mr. Leonard. A questionnaire should be designed working with legal counsel and may contain, at a minimum, the following elements:
Company background, including identifying and registration information.
Ownership and management, including beneficial owners and others able to exercise influence over the entity and any relationships with government officials, as well as information on these individuals.
Disclosure of any civil, criminal and regulatory matters, to identify a history of issues that may present risk factors.
Anti-corruption knowledge and compliance, including questions about knowledge of laws and the company’s compliance regime and training efforts.
References from individuals knowledgeable about the business partner who can provide verification of business relationships and experience.
Signature of a responsible party who attests to the veracity of the information and agrees to abide by all applicable laws and policies of the company in carrying out its activities.
Conducting Background Research
The approach for conducting background research on a potential business partner will depend on the potential business partner’s risk ranking. “Companies can use the information collected in the questionnaire to conduct an assessment of each business partner’s risk level," Mr. Bishop suggests. Factors considered in the assessment include the type of relationship, corruption risk associated with the jurisdiction, interaction with government officials, compliance regime and known adverse information about the potential business partner.
Business partners typically are divided into three categories: high-risk, medium-risk and low-risk. High-risk business partners include those located in a country with a considerable risk of corruption, those having significant interaction with government officials or those for which red flags have been identified in the due diligence process.
Medium-risk business partners may have a lesser degree of contact with government officials, such as lawyers or accountants, yet are located in a high-risk jurisdiction. Low-risk business partners might include vendors of goods and services that are not acting in an official capacity for the company.
CFOs may want to consider hiring an outside firm to conduct background research to benefit from access to sources otherwise not readily available and to demonstrate independence in the vetting process. “When vetting a representative who has a high degree of contact with government officials, or one located in a high-risk jurisdiction, for example, single-database resources will likely prove insufficient," Mr. Leonard notes. Local resources may be required for record retrieval and for human source inquiries regarding the potential business partner’s reputation and background.
Following up on Red Flags
Resolving red flag issues may involve more in-depth research or a simple inquiry with the potential business partner for clarification. In all cases, however, it is critical that the company resolve issues, take appropriate steps to assure that it is conducting business with reputable individuals and organizations, and document these efforts. “When companies have been put on alert by adverse or conflicting information," says Mr. Leonard, "regulators expect resolution."