Meeting great expectations in due diligence

Transcription

1 Meeting great expectations in due diligence

2 Growing the business in the real world Imagine a world where the rewards are excellent. You have access to the markets you need with unlimited resources and time to address and mitigate any threats involved. It would be almost perfect, wouldn t it? And now step back to reality. 2 Meeting great expectations in due diligence

3 In this paper, we are going to compare that perfect world with the real world. As experienced compliance personnel, you regularly deal with risk-based integrity and enhanced due diligence enquiries. You will be up to date with key international compliance related legislation such as the US Foreign and Corrupt Practices Act, the UK Bribery Act, The Money Laundering Regulations and associated developments. We work alongside many global clients in your position. We help them to deal with some familiar problems when they look to set up and manage third party due diligence programmes. We work together to bridge the gap between their perfect and real worlds. We d like to share some of the lessons learned and help you to grow your business in the safest and most uncluttered way. third party due diligence not only by looking at the threats that engagement with a third party may present but, more importantly, by reviewing the benefits of potential relationships and possible alternatives. We shall focus on third party integrity due diligence suppliers, agents, distributors, advisers, joint venture partners, brokers anyone on whom you may need to rely upon to grow your business some may call this population the counterparties. We believe that due diligence should be a business enhancer and not just about preventing risk or mitigating threats. We believe that due diligence can help deliver a business strategic vision by actively spotting opportunities to contribute to a comprehensive growth strategy. And in our experience, we ve seen some organisations achieve competitive advantage by doing this well. For this reason we approach 3

4 Dreaming of a perfect world So, in a perfect world the following would be true: All threats are identified at the outset geographical, political, reputational, environmental, labour, fraud and corruption etc. Due diligence is an integral part of the general business strategy so threats are identified early and if an opportunity is disproportionately risky, it will not go ahead. The due diligence programme is embedded into the business risk management culture and is supported from the leadership. Business unit leaders are aware of the value of due diligence and subscribe wholeheartedly to its programme. There are significant budgets for due diligence and compliance. There is an ample time frame. There is an agreed due diligence programme across all business units. All business units carry out due diligence to the same standard. Due diligence is done comprehensively in all jurisdictions. The results are shared across the organisation. Information is easily available from all jurisdictions. Corporate and other registers contain comprehensive and up-to-date information. All third parties have signed a contract and committed to uphold your code of conduct. All contracts with third parties give you the right to audit their anti bribery programme. Regular updated due diligence is carried out on third parties and significant changes noted. You have an extranet where all third parties fill in their details and mandatorily sign up to your code of conduct on antibribery and other relevant risk areas. There is a comprehensive training programme for all staff and third parties on compliance with relevant regulations. You have an online management tool which helps you assess and monitor your entire suite of third parties centrally. There are clear and universally homogeneous anti-bribery and other relevant regulations governing third party relationships in the countries where you do business. Your third parties are open, honest and transparent with you about their skills, track record and background. Due diligence is carried out on the basis of the results of risk assessments, which have a standard methodology throughout your organisation. Maybe there are a few more that you d like to add to the list? When dreaming of a perfect world how long could you make the list? What benefits would you derive? But sadly, we live in the real world... 4 Meeting great expectations in due diligence

5 Dealing with the real world In our experience, you may come across one or a combination of the problems we list below: Budget constraints. As a compliance officer you do not have awareness, access or control over all contracts or engagements. Business units come to you reluctantly and at the last minute before the deal is signed. Business units may see you as an obstacle to business and fail to consult you. There are commercial pressures to proceed with the engagement without knowing about or despite the threats. Business unit leaders have already invested their reputation on a particular deal and are therefore predisposed to reject due diligence findings if they highlight problems. Business units subvert the process by entering into engagements with third parties without proper due diligence. Where due diligence is carried out, the reports are not shared by different business units leading to duplication of time and cost. Different business units use different suppliers and fail to inform each other. Information sources are often incomplete, false or contain no public records of any value. Third parties fail to provide proper information. Business units only subscribe to a tick box due diligence presenting little more than a snapshot based on limited sources. A service provider sends a disappointing due diligence report which raises more questions than it answers. Does any of this sound familiar? 5

6 Bridging the gap Of course, we recognise that there is no such thing as a perfect world, but we can bridge the gap between the perfect and the real world. We employ a number of strategies to help our compliance, risk management and security clients to help their businesses grow and make their tasks easier. We recognise that each organisation is different and therefore every third party due diligence programme will have its own unique characteristics. But in our experience, there are 20 common points that help to bridge the gap to make due diligence enquiries both compliant with relevant regulation and commercially fit-for-purpose: 1 Engage the company leadership to support the due diligence programme. They need to provide the right tone from the top by demonstrating the advantages it has to growing the business and stressing the perils of failing to implement a programme. 2 Agree and embed a universal due diligence programme across the company which will address a number of key points at the outset including: a. Identifying the subject population of due diligence b. Implementing a risk rating system to drive the level of due diligence required. c. Basing this risk rating system on a simple set of risk questions on key red flag issues which non-compliance or legal personnel can use, such as role of third party, how they are remunerated and where they operate. d. Carrying out cost benefit analysis early in the process. Comprehensive due diligence can be expensive and take four to eight weeks. Is the relationship worth it? 3 Encourage due diligence to be seen not only as a regulatory requirement but also as a business enabler, by engaging a wide group of stakeholders. 4 Take care that due diligence is proportionate and scrutiny increased in accordance with risk. A one size fits all approach is not helpful. 5 Ensure that Compliance is engaged at the outset of any proposed engagement with third parties. 6 Manage communication with the counterparties so that the objectives and messages around the programme are clear. 7 Confirm funding is in place either centrally or though business units as a cost of sale.. 8 Coordinate the due diligence centrally. 6 Meeting great expectations in due diligence

7 9 Make it mandatory for third parties to provide full information from the outset to help the diligence process (design your own information request forms). The due diligence process should be risk based, with the focus being on high risk relationships which typically occur with third parties in the distribution channel (i.e. between you and your customer) and/ or those acting on your behalf with government officials. For high risk relationships it should be as comprehensive as possible and aim to: a. Understand the beneficial ownership structure b. Its commercial activities, history and operations c. The backgrounds of the key principals d. Reveal any history of involvement in corrupt or unethical activities e. Understand whether it has a history of litigation f. Establish the wider reputation and any additional risk issues such as solvency, sustainability, regulatory etc. 10 Independently verify information provided by third parties and ensure any red flags are properly identified and mitigated. 11 Ensure higher level approval for on-boarding higher risk third parties. 12 Link compliance due diligence to other risk areas such as sustainability, solvency and operational risk to avoid duplication of resources. 20 point plan 13 Properly document the due diligence process throughout. 14 Store and share information across the company to avoid duplication. 15 Choose a limited number of competent and professional providers and agree the scope and cost of due diligence in advance. 16 Secure appropriate protections into contracts (e.g. anti-corruption compliance, rights to audit, other ethical or environmental issues). 17 Have a plan for exercising rights to audit and when you will do it. 18 Monitor third parties regularly (typically on a 1-3 year cycle) or where there are any significant changes such as share ownership or changes to the corporate structure. 19 Use bespoke or off the shelf technology to help reduce the administrative burden of a comprehensive due diligence programme including contract finder software, a central database to store information, or build a suitable extranet for third parties. 20 Review the efficacy of your due diligence regularly and make relevant improvements to your programme. 7

8 Delivering great due diligence programmes Bridging the gap is something we all try to do to help our businesses grow. Getting the tone from the top right, using technology to improve your reach and control, and having a clearly defined due diligence process understood widely by the business are the key elements to success. Ask yourself a few questions. What does your perfect world look like? How far is that vision from your current reality? Are you using all of the due diligence processes we ve outlined? What are the challenges to implementing some the processes we ve suggested? How will you take your organisation from where you are now, to where you want to be? 8 Meeting great expectations in due diligence

9 We believe that by taking a structured approach and addressing the 20 point plan, together we can bring critical benefits to efficiency, effectiveness, cost, and actively contribute to your business growth. 9

10 Our global corporate intelligence team Our Corporate Intelligence team is led from the UK, but is able to draw on the expertise of a global Corporate Intelligence network of almost 150 staff, and a Forensics network of over 2,000 staff in 50 territories. We have been delivering due diligence programmes to major multi-national companies for several years and collectively we have undertaken over 50,000 due diligence and investigation reports worldwide. Our approach benefits from: Our global network Through our work with a range of clients, we have an inherent understanding of the type and quality of public record information that is available in global territories; we have invested heavily in proprietary global databases that provide instant access to rich data sources. We also have on-theground teams in most global locations. Renowned expertise in anti- corruption compliance Our analysts are trained anti-corruption investigators who understand how to identify and report objectively on potential red flag issues. Deep industry knowledge across most sectors, enhancing our ability to gather market intelligence from within our network. A strong risk and quality culture in our work We uphold high ethical standards in the due diligence work we do and all reports are subject to rigorous quality assurance processes. A unique new bespoke enterprise search technology (OSINTA) Our bespoke Open Source Intelligence Analyst Software (OSINTA) enables us to search across multiple public record sources simultaneously, increasing our research scale and scope, while decreasing the length of time taken to conduct research. Tailored client portals for managing the end-to-end due diligence process We work with many clients for whom we design and implement due diligence procedures and translate those into internal workflow technology tools or online portals. This enables the due diligence process to work smoothly between all stakeholders (compliance, business units, counterparties, and due diligence service providers) and creates a live resource for ongoing monitoring of third party relationships. 10 Meeting great expectations in due diligence

11 Our global corporate intelligence network Global Mark Anderson, UK +44 (0) Americas Glenn Ware, US +1 (703) Jennifer Moll, US +1 (617) Mona Clayton, Brazil Luis Vite, Mexico EMEA Chris Nason, UK +44 (0) Lynne Rainey, NI +44 (0) Tareq Haddad, UAE +971 (4) Corrin Holgate, SA Edwin Harland, CIS and CEE Asia Jean Roux, China 86 (21) Kunal Gupta, India 91 (0) Steve Hipkin, Indonesia Daniella Arena, Australia +61 (2)

12 This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this publication or for any decision based on it PwC. All rights reserved. Not for further distribution without the permission of PwC. PwC refers to the network of member firms of PricewaterhouseCoopers International Limited (PwCIL), or, as the context requires, individual member firms of the PwC network. Each member firm is a separate legal entity and does not act as agent of PwCIL or any other member firm. PwCIL does not provide any services to clients. PwCIL is not responsible or liable for the acts or omissions of any of its member firms nor can it control the exercise of their professional judgment or bind them in any way. No member firm is responsible or liable for the acts or omissions of any other member firm nor can it control the exercise of another member firm s professional judgment or bind another member firm or PwCIL in any way. Design Services (02/12).