Due Diligence Checklist

A Step-by-Step Guide to Managing Third-Party Bribery and Corruption Risk in 2022

WHAT SHOULD MY DUE DILIGENCE CHECKLIST INCLUDE?

Companies operating in today’s global business environment must navigate ever-strengthening anti-bribery and corruption regulations. Some of the most significant recent enforcement actions against companies arose from due diligence failures, leading to fines, legal action, strategic risks and reputational damage. Meanwhile, related initiatives such as Environmental, Social and Governance (ESG) standards prompt companies to carry out effective supply chain due diligence to mitigate bribery & corruption, modern slavery and wider ethical conduct risks.

A due diligence checklist takes you step-by-step through the information you need in order to carry out a thorough investigation when you’re contemplating a new commercial relationship or a prospective business partner or monitoring an existing one. Some checklists offer a narrowly defined area of application. This is suitable if you are preparing for a business takeover or a real estate transaction, but inappropriate for your own business as it stands.

Other due diligence checklists take a more extensive approach but turn out not to cover all you need to surface the relevant risks. Rather than focusing on either a narrow or broad scope, our checklist includes questions aligned to situational risks to help you determine the level of third-party due diligence investigation required to mitigate risk. Our checklist also recognizes that regulatory requirements change, so it summarizes the key laws against foreign bribery as of 2022 and suggests how companies can remain compliant.

RISK-BASED DUE DILIGENCE CHECKLIST

What countries do you conduct business in, and where are your business contacts?

All my business partners are based in my own country.

You need to understand and follow the compliance legislation and requirements in that country.

I supply exclusively to customers in my own country, but I buy in goods and/or services from businesses based abroad.

You need to take account of the compliance legislation and requirements in all of the countries in question. Laws such as the UK’s Bribery Act and Modern Slavery Act, the US Foreign Corrupt Practices Act (FCPA) and Brazil’s Clean Company Act explicitly state that they also apply to businesses that run commercial operations outside the UK or the US. Moreover, regulators from different jurisdictions are increasingly cooperating on crossborder investigations and enforcement actions.

Are foreign laws applicable to me?

Anti-bribery and corruption laws in the US, UK, Europe, South America and Asia might be relevant to you, depending on where your company does business. Several recent laws have specified extra-territorial application.

The direction of travel

It seems inevitable that more anti-bribery and corruption legislation will follow in 2022 and beyond. In 2021 a new law was proposed in Germany which would require large German-based companies to establish due diligence processes to prevent human rights and environmental abuses within their business and their global supply chains. A proposed European Supply Chain law would also hold companies liable for human rights and environmental abuses in their supply chain

Other trends will make it harder for foreign bribery to go undetected by regulators. Mutual legal assistance between national regulations and increasingly extra-territorial application of laws has increased the pace of global enforcement actions. More countries have adopted—or are considering adopting—a version of a Deferred Prosecution Agreement which incentivizes companies to follow a rigorous due diligence and compliance checklist. Where once the US FCPA stood virtually alone as the legal threat to foreign bribery, companies operating internationally are now at risk of prosecution for activity in their supply chain in multiple jurisdictions.

While there are important differences in national anti-bribery and corruption laws, following best practices around due diligence and compliance makes it more likely that a company will be compliant and be able to identify and manage bribery and corruption risks. This starts with asking and answering the following questions:

How much risk can be foreseen in doing business with the company in question?

The risk is relatively low. It’s a small, local business here, with regional suppliers.

Perform simplified due diligence for low-risk entities and individuals, based on information provided by your intended business partner and supplemented by background research using the internet or a specialized due diligence database.

The risk is relatively high. It’s a business whose operations include working in emerging markets or highly-regulated industries. I have no idea what links it may have with other third parties.

Use a specialized database to perform enhanced due diligence. This is the most efficient way to discover signs—through negative news mentions, company data or legal information—that the business in question may pose a risk due to past or current economic offenses or payment difficulties. Some databases will provide a risk score and automatic updates when the risk level changes and allow compliance officers to produce reports ready for the C-suite and auditors.

The risk is very high. I know nothing about the business’s structure; it’s a high-value contract and enhanced due diligence has raised issues that need further checking.

Bring in an outside adviser. There are professional bureau that may uncover additional information through local investigations which are unlikely to be discovered using online resources alone.

Are there any Politically Exposed Persons (PEPs) involved in the commercial relationship?

No, the relationship is non-political in nature.

It is recommended to still check for potential PEP risk as people who have links to government officials and politicians may pose a corruption risk so PEP checks in relation to the individuals in question, the company and wider associates are advised. If you are active in the financial sector, it’s especially important to conduct PEP checks, but other sectors such as pharmaceuticals have proven vulnerable as well. Specific datasets on companies and executives can help you to identify PEPs, while adverse news searches may indicate additional risks. Conducting ongoing monitoring of all names against PEP lists is also recommended as individuals’ status may change.

Yes, some PEPs may be involved in the relationship.

As above, it is recommended to check for potential PEP risk as people who have links to government officials and politicians may pose a corruption risk so PEP checks in relation to the individuals in question, the company and wider associates are advised. If you are active in the financial sector, it’s especially important to conduct PEP checks, but other sectors such as pharmaceuticals have proven vulnerable as well. Specific datasets on companies and executives can help you to identify PEPs, while adverse news searches may indicate additional risks. Conducting ongoing monitoring of all names against PEP lists is also recommended as individuals’ status may change.

Have you investigated any adverse reports about your business partner?

Analyze adverse news about your business partner—and not just by looking at recent news reports. If you uncover negative news about the business such as an alleged connection to corruption, you should investigate further before getting into a business relationship. If the business is still embroiled in corruption scandals, you may end up being liable for offenses yourself. News sources should be global and in multiple languages, reflecting the international nature of supply chains and corruption risk.

Is the business or individual currently involved in legal issues or do they have a litigious history?

Look for legal cases related to the business. Bankruptcies and liens could signal a financial risk. Lawsuits related to product liability could pose both reputational and financial threats.

Have you obtained information about a third party’s true beneficial owners?

Nowadays, it is no longer straightforward to identify true beneficial owners if the business in question is reluctant to cooperate. Concealed beneficial ownership, however, presents intrinsic risks so we recommend robust ongoing due diligence. This can minimize the risks of hidden corruption, bribery and money laundering.

Do you have the data you need to assess corruption risk?

Companies often have a lot of data on their customers—for example, individual banks record millions of transactions. But this is rarely enough to identify the risk that a current or prospective third party is implicated in bribery and corruption. It is usually necessary to buy in trusted and accurate datasets on companies, sanctions, watch lists, legal cases, PEPs, adverse news and more. Companies can either integrate this data into their own due diligence process, or use an external tool to carry out due diligence and ongoing monitoring. In the following pages, we look in more detail at the sources you need most.