What is all the fuss about Third Parties in global supply chains? After all most major corporations cannot function without their key vendors, distributors, agents, and subcontractors.
The fact is that most companies know little to nothing about their supply chain vendors and yet they potentially pose some of the greatest corruption-related risks in commerce. Finding valuable information and red flags for anti-money laundering, bribery and corrupt practices is not only possible, but often essential, using effective due diligence investigations.
Infortal helps clients identify and mitigate risks in their supply chains.
According to the Department of Justice 90% of all FCPA violations include corruption issues carried out by third party supply chain executives.
Effective business risk mitigation involves, amongst other programs, the risk ranking of supply chain third party agents, distributor, vendors and consultants.
Infortal provides effective due diligence investigations in over 160 countries.
In addition to looking at existing third parties, corporations should also take a close due diligence based look at future mergers and acquisitions (M&A) deals to evaluate the target company’s value, executive and business relationships, and determine whether increased compliance-related risks may exist that have not been identified in the legal and financial due diligence prior to deal closure. Risk assessment provides a window to view information which executives can further use to determine the viability of a deal.
Thorough risk assessments inform better risk management strategies.
Deal volatility, carve-outs and executive issues, including behavioral issues, can cause even the largest M&A deals to flounder or lose significant value, or worse, lose market share and damage reputation for the acquiror.
To prevent deal nightmares and regulatory compliance risk exposure, most due diligence programs have 3 levels of fact finding and assessment, collectively known as due diligence investigations. The data found can be ranked for risk exposure levels, with a greater degree of objectivity than may be supplied internally within organizations. M&A due diligence is very similar in approach but may include other investigative considerations, such as a deeper review of the key executive team (link to Executive Due Diligence).
Risk Based Due Diligence
Risk based due diligence is used to apply different risk levels to enable ranking of risks across large supply chains. In Third Party Risk Management there are numerous avenues through which corrupt business actions may occur. Infortal provides a broad suite of compliance and anti-money laundering initiatives.
Infortal finds that 35% of global supply chain vendors have bribery or corruption related issues.
According to various risk criteria, a risk exposure ranking can be created according to whether business will be conducted in higher risk countries, or in higher risk deals and where risk exposures can potentially have substantial adverse impact on the parent company, particularly if bribery or corruption are prevalent in such areas.
Infortal partners with clients to create a risk based approach. Infortal’s unique due diligence methods and investigative analysis reveals 30% greater results compared to most due diligence providers.
Why increase your risk of exposure?
Hidden and undisclosed information is often found that cannot be found in typical Level 1 due diligence investigations. We often work with clients in support of their compliance programs and bring a broad spectrum of investigative and due diligence services to augment their compliance and security programs.
Justifying the need for a variety of levels of due diligence is key to an acceptable risk-based strategy, particularly when large volumes of third parties need to be evaluated. Regulators at the DOJ and SEC acknowledge the need for risk-based assessments as elaborated in their guidance documents from 2012, 2017 and more recently 2019.
Level 1 Due Diligence
Level 1 due diligence typically provides an overview of company financial background information including disclosed beneficial ownership information, and a screening of supply chain vendors against global anti-money laundering databases and global watchlists. Level 1 builds a preliminary profile of the company.
This is a very basic due diligence screening, and although important to find such preliminary information, this level will not find critical issues such as developing problems, ongoing investigations and current scandals which may pose serious risks to the parent company in the near future.
Level 1 due diligence should be used for the lowest levels of corruption risk.
Level 2 Due Diligence
Level 2 due diligence supplements the basic Level 1 investigation by analysis of social media information in addition to deep, dark and historical deep web searches. Many companies try to accomplish this by only looking at adverse keyword searches. However, as much as 30% of red flag data will be missed in adverse keyword searches. Typically social media and millions of digital news records, journals & periodicals will be searched from all countries in which they are available. In-country database searches should also be included as these may contain additional records not always captured by media data aggregators.
Data aggregators provide very useful information on about 80% of people and businesses, however, the remaining 20% require investigation techniques and analysis of numerous data points.
Infortal starts with aggregated data then continues to investigate information not readily found by most large data aggregators.
Level 2 due diligence may be sufficient in moderate to high level risk situations, however, it may be insufficient to detect all types of corruption related issues. When red flags are known to exist a level 2 report can be shaped to focus on specific areas.
When there are concerns that red flags may exist, it is prudent to start with Level 2 but continue to Level 3 due diligence if any red flag data are revealed. It is important to recognize that some red flags may be missed using this approach.
Level 3 Due Diligence
Level 3 due diligence provides a deeper dive review of information, and when additional red flags are discovered these can provide sufficient preparation to enable damage control to mitigate continuing risks or to find other avenues to proceed which will create lowered risk exposure.
In some cases a “boots on the ground” review (see below) may be required to determine whether the business actually operates legitimately or from a “store front” facility. Local in-country language skills can be key to determine whether organized crime is involved, and to be informed about local regulations that may not be part of a broader country-wide assessment. There are numerous details that can be found through in-country investigations that are difficult, if not impossible, for external teams to assess.
Level 3 due diligence investigations inform a thorough risk-based strategy and are essential for identifying serious red flag concerns.
Additionally Infortal combines this information with open source intelligence (OSINT) investigations to help reveal hidden and undisclosed information frequently missed in other types of due diligence investigation.
We help your team find key indicators that serious red flag issues exist. These are the most critical business risks that need special attention and remediation. Lower level risks are often categorized as green (low risks or no risk) or yellow flags suggesting potential issues may be present requiring further investigation or re-assessment in the future as potential issues may develop.
Red flag risks include:
- Evidence of fraud, bribery, embezzlement
- Signs of money laundering
- Bribery, corruption, racketeering
- Financial impropriety
- Counterfeit activities
- Bad actor executives or key shareholders
- IP Theft
- Diversion of goods and services to illegal sources
- Anti-competitive behavior & bid rigging
- Contract fraud
- Conflicts of interest
- Drug and alcohol trafficking
- Human trafficking
A wide range of red flag risks may encumber your supply chains and therefore bog down your compliance teams making it difficult to create adequate controls, create effective action plans, and mitigate risks.
Red flag issues may involve multiple stakeholders within your organization, therefore it is important to create a risk based approach that uniquely matches the needs of your organization.