Tag: Due Diligence

Categories
10 For 10

10 For 10: Top Compliance Stories For the Week Ending August 26, 2023

Welcome to 10 For 10, the podcast which brings you the week’s Top 10 compliance stories in one podcast each week. Tom Fox, the Voice of Compliance brings to you, the compliance professional, the compliance stories you need to be aware of to end your busy week. Sit back, and in 10 minutes hear about the stories every compliance professional should be aware of from the prior week. Every Saturday, 10 For 10 highlights the most important news, insights, and analysis for the compliance professional, all curated by the Voice of Compliance, Tom Fox. Get your weekly filling of compliance stories with 10 for 10, a podcast produced by the Compliance Podcast Network.

  • Venezuela makes last ditch appeal re: CITGO. (Reuters)
  • SFO drops ENRC investigation. (FT)
  • Poverty a direct result of corruption. (Time)
  • Is due diligence over in China? (FCPABlog)
  • Ukraine institutes whistleblower bounty program. (BusinessInsider)
  • Nigerian ex-Energy Minister arrested for corruption by FCA. (Reuters)
  • Ex-Vitol employee to face FCPA charges. (WSJ)
  • ABC ex-prosecutor surges in Guatemalan Presidential race. (WaPo)
  • Lithium batteries scrutinized under UFLPA. (Reuters)
  • More Odebrecht indictments coming. (WSJ)

You can check out the Daily Compliance News for four curated compliance and ethics related stories each day, here.

Connect with Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Daily Compliance News

Daily Compliance News: August 23, 2023 – The End of DD in China Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance brings to you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen in to the Daily Compliance News. All, from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

  • Is due diligence over in China? (FCPABlog)
  • Ukraine institutes whistleblower bounty program. (BusinessInsider)
  • Nigerian ex-Energy Minister arrested for corruption by FCA. (Reuters)
  • Ex-Vitol employee to face FCPA charges. (WSJ)
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 10 – Ethical Remote Workers Edition

What happens when two top compliance commentators get together? They talk compliance of course. Join Tom Fox and Kristy Grant-Hart in 2 Gurus Talk Compliance as they discuss the latest compliance issues in this week’s episode!

Tom and Kristy consider the possibility of an international anti-bribery court, challenges in enforcing judgments against countries without strong anti-corruption laws, and the United States’ unlikely participation. The European Commission issued an adequacy decision regarding data transfers between the US and EU, resolving a long-standing issue, but privacy advocate Max Schrems plans to challenge its validity. The importance of on-site due diligence, and the value of on-site audits and cybersecurity disclosure were also explored. The benefits of remote work, global anti-corruption efforts, AI safeguards, and the dangers of zero tolerance policies were covered as well. The conversation provided insights into various compliance-related topics.

Highlights Include

·      World ABC Court

·      No DOJ control on Cognizant investigation.

·      SEC adopts Cyber disclosure rules.

·      Fight against corruption in Ukraine.

·      Goldilocks Compliance.

·      Data Privacy Framework Program Launches New Website Enabling U.S. Companies to Participate in Cross-Border Data Transfers

·      Site Visits: Sometimes the Best Due Diligence is Done on Foot

·      New Data Reveals that Remote Workers are Likely More Ethical than their Office Counterparts.

·      White House Says Amazon, Google, Meta, Microsoft Agree to AI Safeguards

·      Man Steals Vehicle, Crashes it into Building during Search for WiFi Connection

 Resources 

  1. WSJ Risk and Compliance Journal
  2. FCPA Blog
  3. Radical Compliance
  4. Dept. Of Commerce Press Release
  5. WSJ
  6. Conflicts of Interest Blog
  7. GAB
  8. Fast Company
  9. Fox 35 Orlando

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Tom 

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report: Jen Hoar – Uncovering Executive Risk: Corporate Intelligence

Welcome to the award-winning FCPA Compliance Report, the longest-running podcast in compliance. In this episode, Tom welcomes Jen Hoar, a corporate intelligence specialist to the podcast to discuss the use of corporate intelligence as a part of a risk management strategy, this podcast episode explored the importance of conducting thorough background checks on potential executives. Tom and Jen discussed the need to ask questions to gain a better understanding of the person’s style and how they interact with their team, peers, board, and investors. They also discussed the importance of disclosure and anonymity when conducting such inquiries, as well as the need to conduct independent third-party vetting of an individual’s reputation before investing in them. Finally, they discussed the use of corporate intelligence to shape a client’s relationship with an executive and the need to assess the potential risks of hiring an executive before becoming emotionally, financially, and reputationally invested in the deal. 

Key Highlights

·      Executive Risk

·      Investigating Executives

·      People Show Who They Are

·      Reputation Checking

·      Corporate Intelligence

Resources

Jen Hoar on LinkedIn

Forward Risk

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
FCPA Compliance Report

FCPA Compliance Report – Candice Tal on Due Diligence: Levels and Evaluation

Welcome to the award-winning FCPA Compliance Report, the longest running podcast in compliance. Join Tom Fox, the host of FCPA Compliance Report, as he speaks with Candice Tal, founder and CEO of Infortal. Get ready to boost your compliance program in this exciting episode of FCPA Compliance Report. In this episode, Tom and Candice discuss the three levels of due diligence typically used to investigate joint venture partners and senior executives and the significance of conducting thorough due diligence. Level one is for low-risk situations, level two is for moderate-risk situations, and level three is for high-risk situations that require deep dark web searches. The key takeaways are to never skimp out on basic due diligence and to consider level three due diligence for high-risk areas or key executives. Don’t miss out on this informative episode of FCPA Compliance Report hosted by Tom Fox and featuring Candice Tal!

 Key Highlights

·      Introduction of Candice Tal

·      What are the 3 levels of due diligence.

·      What is deep dive due diligence.

·      Finding reputational issues.

·      Evaluating due diligence.

Notable Quotes

“Due diligence typically is sorted out into 3 general levels or tiers.”

“If you’re not doing deep dive due diligence, you’re not finding reputational issues.”

“You just can’t find reputational issues on database searches.”

Resources

Candice Tal on LinkedIn

Infortal

Tom Fox

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – The How Question in Due Diligence

What is satisfactory due diligence under the FCPA? That question seems more important after the story on Unaoil S.A.M. and the subsequent release of the Panama and Paradise Papers. However, both events largely focused on the “who” part of due diligence and the need to know with whom you are doing business in the future. However, another important question that does not come up as often in due diligence is how?

How does a third party perform its services with or for your company? How can a third party help you make sales if it is on the sales side? If a third party comes through the supply chain, how do their products or services meet the needs of your company? Suppose the third party has a closer business relationship, such as a JV, teaming agreement, or similar arrangement. In that case, you may need a much deeper understanding of how this third party does business because the relationship may become so close you will be intertwined with the party. It may mean more than how their product works, but how does this third party conduct themselves and their business?

 Three key takeaways:

1. The how question can be as critical as the who question.

2. The more integrated a third party is into your operations, the more important this question becomes.

3. Incorporate a how-to question into your due diligence and ongoing monitoring and auditing after the contract is signed.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Evaluation of Due Diligence With Candice Tal

An important part of the job duties of any compliance practitioner is clearing red flags which might appear for a proposed third-party relationship during the due diligence process. Not only must all red flags be cleared, but there must also be evidence of the decision-making process to show to a regulator if one comes knocking. Around third parties, consider what risks you face in both your sales and supply chain. Suppose there is a key player several tiers down the line which creates or builds a key component or delivers a critical service. In that case, you may want to put more management around that relationship from the compliance perspective.

For anything below tier 2, you may be able to manage your risks by having your direct tier one counterpart take the lead in managing such compliance risks. But make sure that the expectation is communicated to your direct counterparty so that if the government comes knocking, you can show that you did not only contractually obligate your direct counterparty to do so but also provided them the tools and training to do so. Finally, you will need to be able to show that your direct counterpart did so.

Three key takeaways:

  1. There is no set formula for clearing red flags or the evaluation of due diligence.
  2. Know when to say enough has been done.
  3. You must “Document, Document, and Document” your evaluation of any red flags.
Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for 3rd Parties – Due Diligence

Most companies fully understand the need to comply with the requirements around third parties, as they represent the greatest risks for bribery and corruption. However, most companies are not created out of new cloth but are ongoing enterprises with a fully up-and-running business. This means they may need to bring resources to bear while continuing to operate an ongoing business. This can be particularly true in performing due diligence on third parties. Many companies understand the need for a robust due diligence program to investigate third parties but have struggled with creating an inventory to define the basis of third-party risk and perform the requisite due diligence required.

It is stated in the 2023 ECCP that: “Risk-Based and Integrated ProcessesHow has the management of the company’s third-party process corresponded to the nature and level of the enterprise risk identified by the company? How has this process been integrated into the relevant procurement and vendor management processes?”

Getting your arms around due diligence can sometimes be bewildering for the compliance practitioner. The information you gathered in Steps 1-Business Justification and 2-Questionnaire of the third-party management process should provide the initial information to consider the level of due diligence needed. This leads to Step 3 of the third-party management process: due diligence. The 2020 Resource Guide stated, “As part of risk-based due diligence, companies should understand the qualifications and associations of their third-party partners, including its business reputation, and relationship, if any, with foreign officials. The degree of scrutiny should increase as red flags surface.”

 Three key takeaways:

1. Risk rank your third parties and use this as a basis for adequate due diligence.

2. Any red flags which appear must be cleared, and there must be documented evidence of such clearance.

3. There must be documented evidence of a review of the due diligence.

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures-Why Business Ventures are Different than 3rd Parties

Business ventures, whether JVs, partnerships, franchises, team agreements, strategic alliances or one of the myriad types of business relationships a U.S. company can form outside the U.S., are different than the usual risk presented by third-parties under compliance requirements such as those mandated by the FCPA. The problems for companies is that they tend to treat business venture risk the same as third-party risk. They are different and must be managed differently.

The bottom line is that may compliance practitioners have not thought through the specific risks of business ventures such as JVs, franchises, strategic alliances, teaming partner or others as opposed to sales agents or representatives on the sales side of the business. I hope that this will help facilitate a discussion that maybe people will begin to think about more of the issues, more of the risk parameters and perhaps put a better risk management strategy in place.
Three key takeaways:

  1. Business ventures bring different FCPA risks from third-parties.
  2. JVs have both external compliance risks and corporate governance risks.
  3. Use your full compliance tool kit for business ventures in managing the FCPA risk for franchises.
Categories
Blog

Reprioritizing Your Third-Party Risk Management Program-Questionnaire and Due Diligence

Are you considering a third-party questionnaire for your organization? With so much debate around what should be asked, and how detailed you should be, it can be hard to know where to start. In this 5-part blog post series, sponsored by Diligent, I will consider the full range of third-party risk management. Today, we consider the third-party questionnaire and I am joined by Stephanie Font, the director of the Operations Optimization Group at Diligent as we discuss third party questionnaires and due diligence investigations.

With so much debate around what should be asked in your questionnaire and how detailed your questionnaire should be, it can be hard to know where to start. It is important that every compliance professional understand your risk profile to all crafting of the right due diligence process to ensure compliance. Here are the steps you need to follow to also get compliance and  risk.:

  1. Questionnaire: Gathering basic information about the third party and what regulations need to be complied with.
  2. Due Diligence Investigation: Investigating the third party based on their answers to the questionnaire and other risk factors.
  3. Documenting: Keeping records of the due diligence investigations to be used in the future.

Questionnaire: Gathering basic information about the third party and what regulations need to be complied with.

The first step to managing third parties is to create a questionnaire to gather basic information about the third party and what regulations need to be complied with. When creating the questionnaire, it is important to understand the organization’s risk model and what it is trying to achieve. The questionnaire should be tailored to the specific risk factors the organization is trying to address, as well as the regulations that need to be complied with. Questions should include items such as the size of the company, where they do business, and the type of relationship they have. Additionally, the questionnaire should ask questions that will alert to any potential risk factors, such as if they do business in a highly sanctioned country. Once the questionnaire is sent and responses are received, the answers can be used to inform the next step of the due diligence process. Your third-party risk management system should automate some of the process by flagging risk factors and indicating what level of investigation is needed. Lastly, it is important to document the process and create an audit trail that can be used for various reasons, such as compliance and internal review.

Due Diligence Investigation: Investigating the third party based on their answers to the questionnaire and other risk factors.

The second step of third-party due diligence is the due diligence investigation. This step involves investigating the third party based on their answers to the questionnaire and other risk factors. The best approach to this investigation is to first understand the company’s risk and what it is trying to accomplish. This allows the company to create a risk model and tailor the questionnaire to fit their needs. The questionnaire should include questions about the size of the company, where it does business, and other risk factors that may arise. After the questionnaire is complete, the next step is to assess the risk factors and determine the appropriate level of investigation needed. This could range from a baseline screening for sanctions list and other global databases to an enhanced due diligence investigation which involves boots on the ground to ask questions about the company’s reputation and verify a manufacturing site. Additionally, it is important to document the process to create an audit trail for internal stakeholders and regulators. This process should be tracked in a third-party risk management system to ensure everything is done correctly.

Documenting: Keeping records of the due diligence investigations to be used in the future.

Documenting is an important step in the due diligence process, as it helps to create an audit trail of the activities and decisions that were taken. When it comes to due diligence, it is important to keep records of all investigations that were conducted, as these records can be used in the future to defend any decisions that were taken. This allows for all the necessary information to be stored in a secure location and can even track any changes or updates to the investigations over time. Additionally, the system can be used to flag any potential risks that come up in the investigations, and it can also automate the process of deciding which type of investigation is necessary based on the risk model. Finally, it is important to keep all documents related to the due diligence process, such as the questionnaire, investigation reports, and any other relevant documents, to create an audit trail and ensure that all compliance regulations are met.

Third party due diligence is a crucial part of any compliance program. A thorough questionnaire and a detailed due diligence investigation can help organizations to mitigate risk and ensure compliance with applicable regulations. Additionally, it is important to document the process, as this creates an audit trail that can be used in the future. With the right tools and processes in place, organizations of any size can successfully manage third party risk and create a robust compliance program. With the right information and guidance, you too can create a successful third-party due diligence process for your organization.

For more information, on Diligent’s Third Party Risk Management solution, click here.

Listen to Stephanie Font on the podcast series here.