It was an honor to be discussing due diligence investigations this week with Tom Fox, The Compliance Evangelist.
In many ways this can be viewed as finding a needle in the corporate haystack of information and data.In Episode I, we consider why basic Level 1 due diligence is no longer enough to identify key FCPA risks and how different levels of international due diligence are accomplished. Tal will help us through that maelstrom to find useful and actionable information for your compliance program.
Tal explained there are typically three levels of due diligence. Level I, the basic level, looks only at a global watch lists for sanctions, politically exposed persons (PEPs), anti-terrorist lists, anti-money laundering (AML) and similar government produced lists. Level I generally provides a summary of the beneficial owners of a company, its corporate structure, perhaps some financial information and the Global Watch lists. Many companies use that as their primary tool for risk ranking.
A Level II due diligence investigation is an intermediate between Level I and Level III. Level II takes a deeper dive looking at every aspect of public records information in addition to areas that are not necessarily in the public record. It encompasses items like a deeper dive of executive backgrounds.
The final level, Level III, is also called a deep dive due diligence investigation. This level works to not to identify bad people or bad actors but also patterns of behavior which might tend to indicate a propensity for circumvention of internal controls or stepping over or even getting too close to the ethical line that indicates behavior that may turn criminal or turn in a direction that would hurt your business reputation going forward. Tal said there are behavioral issues that can be discovered through Level III due diligence. It can be through the online searching of media including newspapers, publications and digital media. A wide variety of information can come up in behavioral assessments in terms of what is the background of the executive or how they may have behaved in the past. Additionally there may be information available in a country that may not reach the rest of the press. So you may find that there are local issues that are well documented. Sometimes you can only find that information through local language searches online, other times Tal indicates you need to do in-country research.
It is a process that is labor intensive; whether that is shoe leather getting out and walking around talking to people, conducting face-to-face interviews or taking a very deep Internet dive. It is the spade work of digging into many different sources of information to come up with a much fuller picture of whoever you are looking at, whether it be an individual or through a third party. Tal encapsulated it in what she called the “80-20 rule”. In investigations, you do find about 80 percent of information online about companies and individuals. Therefore, if you conduct a Level II search that incorporates a deep media search and switch, you can find 80% of the information fairly readily.
However, there is another 20% out there that is generally not available on the Internet. Level I searches never get to that information. One reason is because many companies do not disclose all their information and you may not find that information readily in those basic types of searches, Tal emphasized that it does, however, exist and investigators can find about 20% of that information. It is this final 20% of information or rather not finding out about it that often trips companies up in terms of corporate compliance programs.
We began with an understanding of the differences between basic and deep dive due diligence. Candice Tal explained there are typically three levels of due diligence.
The three levels are typically Level I, the basic level which usually looks only at a global watch lists for sanctions, politically exposed persons (PEPs), anti-terrorist lists, anti-money laundering (AML) and similar government produced lists. Level I generally provides a summary of the beneficial owners of a company, its corporate structure, perhaps some financial information and the Global Watch lists. Many companies use that as their primary tool for risk ranking. A Level II due diligence investigation is an intermediate between Level I and Level III. Level II takes a deeper dive looking at every aspect of public records information in addition to areas that are not necessarily in the public record. It encompasses items like a deeper dive of executive backgrounds.
Tal further explained that a great deal of hidden and undisclosed information is found through deep internet searches. Unfortunately, a Level I, or even Level II search may be only looking at adverse keywords; which usually consists of only 20 or 30 keywords. If a person or company has a history of bribery, corruption or perceived types of bribing of local officials, that information could be uncovered but it may well not be found unless you look in the right places for it.
Next, we will consider recent FCPA enforcement actions where lack of or failures in due diligence was a key takeaway.
