How To Determine When Enhanced Due Diligence Is Warranted

It can cost time and money and could even drown a deal. When do the challenges and costs associated with this step outweigh the risks of not doing it?

In the compliance world — especially as it relates to deal-making and neutralizing corruption — due diligence is risk assessment commandment. When, however, is enhanced due diligence warranted? What motivates firms to decide if a third party should undergo an even stricter, more refined level of scrutiny? What are the costs and challenges?

The importance of enhanced due diligence is borne out in results from the recently completed Compliance Week Survey on Anti-Bribery and Corruption, conducted in conjunction with Refinitiv.

The pitch for an EDD program is a straightforward one: No enhanced due diligence investigation is ever the same. By undertaking a detailed review of new and existing customers and third parties, you can help guard against reputation and regulatory risk.

Nearly 90 percent of respondents to the survey said they put at least some of their third parties through these enhanced reviews with an eye toward safeguarding their reputations and complying with both foreign and domestic legal demands. The goal: Reducing uncertainty and risk and making more informed, safe, and profitable business decisions.

What were the biggest challenges firms face at the enhanced due diligence stage of their screening process? Responses included cost of enhanced checks (30.7 percent); lack of knowledge (31.3 percent); delivery time (16.9 percent); and data security (14.5 percent). On a scale of 1-5 (where five was the strongest), respondents were asked which factors weighed heaviest in their decision on whether enhanced due diligence was needed. Top answers included geographical risk, political risk, industry-related risk, past behavior, and the importance of the third party to the business. To grasp when enhanced due diligence — increased screening and analysis of otherwise standard data collection — is necessary, we turned to Kevin Bogdanov, Director of Market Development – Risk, Americas for Refinitiv’s customer and third-party risk management business. He is currently exploring how data, technology, automation, and AI will disrupt and redefine of Know-Your-Customer and third-party risk compliance.

“Enhanced due diligence really just fulfills a role within a certain stage of the due-diligence cycle,” he says. “You’ve got a risk assessment that your company will usually leverage and using that assessment you will determine what is risky for your business, in terms of cyber-security, inquests, bribery, corruption, or whatever. So, off the back of that, you might want to determine where there might be heightened exposure that requires greater due diligence to make sure that you really go out to those problematic areas.” “These are just a couple of examples,” he adds. “But if any of these criteria or a combination of these criteria exist, then that is going to necessitate a greater level of due diligence. You would ideally have a risk matrix and risk assessment from the onset to determine what matters to you in terms of where your risk is and then, if any of those criteria are established in the available data, you would obviously go ahead and warrant some deeper diligence.”

Once committed to that process, does enhanced due diligence retain a given life span? The answer: “Sort of.” “There is a process here, an end process, ideally,” Bogdanov says. “Obviously, you can’t sort of screen, or take your diligence at a point in time, and assume that nothing changes. However, if you just look at a couple of examples of things that can change — ownership structures, loans, joint ventures, new product lines, and new markets that the businesses will enter — any one of these changes may be a trigger. Another big one is mergers and acquisitions.” “Any of these types of changes will fundamentally upend in the level of risk and the type of risk that is inherent in a third party. So, what you need to do is you need to establish a cadence and framework for continuous monitoring of those parties.”

Keep reading / access the full report…