In this 5 part series, I am visiting with Tom Fox, the Compliance Evangelist. We consider various aspects of international due diligence investigations. In many ways this can be viewed as finding a needle in the corporate haystack of information and data.
We discussed ways through the maelstrom to find useful and actionable information for your compliance program. In Part 3, we consider what works and what does not work in due diligence investigations today.
Unfortunately most Chief Compliance Officers (CCOs) are working with limited information from their due diligence programs or due diligence providers. This means they do not have enough information to input into their risk assessment. As we previously explored, if a company is performing or having performed for them only a Level I due diligence, they may well only be uncovering up to 1% of the adverse information or raising the appropriate red flags. In a high-risk jurisdiction, Candice Tal believes that if a company is not receiving up to 35% of the required information, they are really operating behind the 8-ball.
Moreover, relying on computer searches raises an amount of concern for other reasons. These include both shell companies and front offices. There are still situations that without a physical drive by of the third parties facilitates, the address may simply be a local postal box. The problem of shell companies still exists far beyond the initial dump of information past the Panama Papers and Paradise Papers. Even with a real physical address, if your third-party shares an address of a flat in London that also houses some 1,500 additional corporations, this is a serious red flag that you are dealing with a shell company. That in and of itself is a red flag which, if not cleared, could lead to a serious legal violation and a significant reputational hit to your organization.
Tal pointed to another area which is often missed in due diligence investigations which is the extended relationships between people in Latin America, where you can see a lot of family run enterprises. Tal stated, “A Level I due diligence will not pick up on this where one company is a family which may run multiple businesses. Some other business may be corrupt and the question becomes how does that impact the primary relationship? This can be a very important red flag that is being missed as the US Company may not even know who the real owners are going forward.”
She added that if you do not have good information to begin with on the basics, such as a company name, you cannot research a matter correctly. A wrong company name can lead to a false negative. Due diligence investigations might come back with no information about the company or with information on a different company, “so that’s another type of issue for some Chief Compliance Officers to be concerned about.” Of course the physical issue of whether a company actually exists or actually have employees working there can still be a problem as well.
We next turned to a strategy which a CCO could employ to allow for a sufficient level of due diligence but with an eye towards doing so in a cost-effective manner. In other words, what should be your investment in due diligence? Tal said, “a very good strategy would be to do the Level I due diligence but consider adding to it by building in deep dives on media and the Internet.” With such deeper dives a compliance professional can increase their due diligence yield to up to 35% more information than Level I can provide. This approach also allows for a quicker and more expeditious uncovering of red flags that might warrant more focused investigations. It can then allow a quicker clearing of red flags to move forward.
With a more long-term focus, a CCO needs to perform due diligence on an ongoing basis. Even if a company has done a basic due diligence investigation, feel they have a solid compliance program around their third parties, internal controls and accounting provisions, recent enforcement actions mandate more due diligence and a review of your third parties more than every two to three years. The Panasonic Avionics enforcement action made clear that due diligence should be viewed as an ongoing process. Additionally, there has been and will continue to be political instability in various areas of the world. This political upheaval can mean you find yourself in a country now having to do business in a completely different manner. Both South Africa and Malaysia have had peaceful regime changes impacting whom you may have done business with and with whom you are doing business, therefore ongoing monitoring is really vital to a solid compliance program.
Next, we will consider due diligence in the mergers and acquisition (M&A) context from the compliance perspective.
To listen to the full podcast click here.