Business Risk Due Diligence

Third Party Risk Management

The U.S. Foreign Corrupt Practices Act has been in force for over 30 years, but in the last dozen years it has become aggressively enforced resulting in numerous criminal convictions, civil actions, large fines, and penalties, and in particularly egregious cases even prison terms for a number of executives.

Global enforcement actions continue to increase with fines and penalties growing significantly year on year.

Infortal specializes in helping companies identify key risk areas and bad actors throughout their operations, global supply chains, M&A deals, and in executive teams.


The compliance field has substantially evolved to help large corporations detect and prevent bribery and corruption at all stages of business activity; particularly in high growth and high risk markets.  When detection and protection aren’t sufficient, remediation is the next best option to catalyze change and prevent further damage.

Infortal works with your compliance team to create a robust compliance program with customizable review of third party risk exposure.


Doing the right thing ethically, combined with a commitment to prevent bribery and other types of corruption at all levels of business, is a great banner for all employees to drive business successes further.  Corporate transparency is similarly gaining more and more traction globally as a sign of excellence in corporate leadership, enhanced strategic focus, and signifies corporate social responsibility to the public.


FCPA Regulatory Compliance

Additional guidance has recently been released in 2019 regarding “Evaluation of Corporate Compliance Programs” and details what elements are needed in a best practice compliance program, updating prior guidance from the DOJ in 2017.  It covers not only risk assessments but also policies, procedures, training, and investigations.


Third Party Risk Management red flags are summarized as follows:

  • Third parties related or closely associated with a foreign official

  • Excessive communications to third party agents or consultants

  • Unreasonably large discounts to third party distributors

  • Third party agreements that include only vaguely described services

  • Third party consultants that are in a different line of business than that for which they are being engaged

  • Third parties that are merely shell companies incorporated in an offshore jurisdiction

  • Third parties that requested payment to offshore bank accounts

Thorough due diligence investigations will spotlight these activities and other criminal or adverse issues which in turn may lead to exposure under the FCPA and other international anti-bribery, anti-corruption, anti-money laundering regulations and provisions.


Third Party Risk Management

What is all the fuss about Third Parties in global supply chains? After all, most major corporations cannot function without their key vendors, distributors, agents, and subcontractors.

The fact is that most companies know little to nothing about their supply chain vendors and yet they potentially pose some of the greatest corruption-related risks in commerce. Finding valuable information and red flags for anti-money laundering, bribery and corrupt practices is not only possible, but often essential, using effective due diligence investigations.

Infortal helps clients identify and mitigate risks in their supply chains.

According to the Department of Justice 90% of all FCPA violations include corruption issues carried out by third party supply chain executives.

Effective business risk mitigation involves, amongst other programs, the risk ranking of supply chain third party agents, distributor, vendors and consultants.

Infortal provides effective due diligence investigations in over 160 countries.

In addition to looking at existing third parties, corporations should also take a close due diligence based look at future mergers and acquisitions (M&A) deals to evaluate the target company’s value, executive and business relationships, and determine whether increased compliance-related risks may exist that have not been identified in the legal and financial due diligence prior to deal closure. Risk assessment provides a window to view information which executives can further use to determine the viability of a deal.

Thorough risk assessments inform better risk management strategies.

Deal volatility, carve-outs and executive issues, including behavioral issues, can cause even the largest M&A deals to flounder or lose significant value, or worse, lose market share and damage reputation for the acquiror.

To prevent deal nightmares and regulatory compliance risk exposure, most due diligence programs have 3 levels of fact finding and assessment, collectively known as due diligence investigations. The data found can be ranked for risk exposure levels, with a greater degree of objectivity than may be supplied internally within organizations. M&A due diligence is very similar in approach but may include other investigative considerations, such as a deeper review of the key executive team (link to Executive Due Diligence).

Risk Based Due Diligence

Risk based due diligence is used to apply different risk levels to enable ranking of risks across large supply chains. In Third Party Risk Management there are numerous avenues through which corrupt business actions may occur. Infortal provides a broad suite of compliance and anti-money laundering initiatives.

Infortal finds that 35% of global supply chain vendors have bribery or corruption related issues.

According to various risk criteria, a risk exposure ranking can be created according to whether business will be conducted in higher risk countries, or in higher risk deals and where risk exposures can potentially have substantial adverse impact on the parent company, particularly if bribery or corruption are prevalent in such areas.

Infortal partners with clients to create a risk based approach. Infortal’s unique due diligence methods and investigative analysis reveals 30% greater results compared to most due diligence providers.

Why increase your risk of exposure?

Hidden and undisclosed information is often found that cannot be found in typical Level 1 due diligence investigations. We often work with clients in support of their compliance programs and bring a broad spectrum of investigative and due diligence services to augment their compliance and security programs.

Justifying the need for a variety of levels of due diligence is key to an acceptable risk-based strategy, particularly when large volumes of third parties need to be evaluated. Regulators at the DOJ and SEC acknowledge the need for risk-based assessments as elaborated in their guidance documents from 2012, 2017 and more recently 2019.

Level 1 Due Diligence

Level 1 due diligence typically provides an overview of company financial background information including disclosed beneficial ownership information, and a screening of supply chain vendors against global anti-money laundering databases and global watchlists. Level 1 builds a preliminary profile of the company.

This is a very basic due diligence screening, and although important to find such preliminary information, this level will not find critical issues such as developing problems, ongoing investigations and current scandals which may pose serious risks to the parent company in the near future.

Level 1 due diligence should be used for the lowest levels of corruption risk.

Level 2 Due Diligence

Level 2 due diligence supplements the basic Level 1 investigation by analysis of social media information in addition to deep, dark and historical deep web searches. Many companies try to accomplish this by only looking at adverse keyword searches. However, as much as 30% of red flag data will be missed in adverse keyword searches. Typically social media and millions of digital news records, journals & periodicals will be searched from all countries in which they are available. In-country database searches should also be included as these may contain additional records not always captured by media data aggregators.

Data aggregators provide very useful information on about 80% of people and businesses, however, the remaining 20% require investigation techniques and analysis of numerous data points.

Infortal starts with aggregated data then continues to investigate information not readily found by most large data aggregators.

Level 2 due diligence may be sufficient in moderate to high level risk situations, however, it may be insufficient to detect all types of corruption related issues. When red flags are known to exist a level 2 report can be shaped to focus on specific areas.

When there are concerns that red flags may exist, it is prudent to start with Level 2 but continue to Level 3 due diligence if any red flag data are revealed. It is important to recognize that some red flags may be missed using this approach.

Level 3 Due Diligence

Level 3 due diligence provides a deeper dive review of information, and when additional red flags are discovered these can provide sufficient preparation to enable damage control to mitigate continuing risks or to find other avenues to proceed which will create lowered risk exposure.

In some cases a “boots on the ground” review (see below) may be required to determine whether the business actually operates legitimately or from a “store front” facility. Local in-country language skills can be key to determine whether organized crime is involved, and to be informed about local regulations that may not be part of a broader country-wide assessment. There are numerous details that can be found through in-country investigations that are difficult, if not impossible, for external teams to assess.

Level 3 due diligence investigations inform a thorough risk-based strategy and are essential for identifying serious red flag concerns.

Additionally Infortal combines this information with open source intelligence (OSINT) investigations to help reveal hidden and undisclosed information frequently missed in other types of due diligence investigation.

Red Flags

We help your team find key indicators that serious red flag issues exist. These are the most critical business risks that need special attention and remediation. Lower level risks are often categorized as green (low risks or no risk) or yellow flags suggesting potential issues may be present requiring further investigation or re-assessment in the future as potential issues may develop.

Red flag risks include:

  • Evidence of fraud, bribery, embezzlement
  • Signs of money laundering
  • Bribery, corruption, racketeering
  • Financial impropriety
  • Counterfeit activities
  • Bad actor executives or key shareholders
  • IP Theft
  • Diversion of goods and services to illegal sources
  • Anti-competitive behavior & bid rigging
  • Contract fraud
  • Conflicts of interest
  • Drug and alcohol trafficking
  • Human trafficking

A wide range of red flag risks may encumber your supply chains and therefore bog down your compliance teams making it difficult to create adequate controls, create effective action plans, and mitigate risks.

Red flag issues may involve multiple stakeholders within your organization, therefore it is important to create a risk based approach that uniquely matches the needs of your organization.

Contact us now to learn how we can assist you with Third Party Risk Management

More Solutions from Infortal

Executive Due Diligence

Our due diligence investigations help you understand fraud, bribery and corruption issues so your organization can avoid unnecessary risk exposures.

Board Advisory Services

Protecting your corporation’s Board of Directors, shareholders and employees are part of key risk mitigation strategy.

Global Background Checks

Infortal has screened workforces for Fortune 100 companies, banks, law firms for 30 years including nationwide and international hires.

This is a block of text. Double-click this text to edit it.