Due to the coronavirus outbreak, the compliance world has undergone dramatic changes. As a result, today’s compliance landscape has grown more complex and challenging compared to previous years. The challenges presented by the global pandemic mean that teams are now working remotely, information via face-to-face interaction is limited and the focus of some is not necessarily on compliance but on dealing with keeping operations surviving.
Companies now must face the challenge of meeting their compliance requirements effectively in times when supply chain and compliance programmes need to be realigned to protect businesses from the long-lasting consequences of COVID-19. A critical piece of compliance programmes continues to be third party risk management which is often handled with an initial onboarding effort or constant monitoring. Ongoing due diligence is as important as ever because many partners have seen dramatic changes to their own operations, ownership or productivity. Moreover, the pandemic has closed many government offices or slowed updates to information repositories that were key sources of information about potential partners.
Regulators are aware that it is possible to gather more data remotely and are encouraging or requiring companies to undertake deep dive, thorough due diligence on their partners to ensure that potential risks are properly checked on a regular basis and effectively mitigated. Wrongdoers are becoming more sophisticated and constantly devising complicated ways of circumventing laws and compliance checks by making it harder to assess their compliance culture and integrity. This could have a significant impact on your business during and after the pandemic. The sophistication of nefarious parties is causing many organisations to be exposed to new risks. In turn, companies ought to be building an improved compliance programme to include new risks such as business continuity, ownership changes, government interactions and others to prepare in advance for the long-term consequences of the pandemic.
Even before the pandemic, companies often (and unfortunately) engaged in “check-the-box” due diligence. While check-the-box due diligence may help a company to fulfil your regulatory requirements in a snapshot of time it won’t necessarily help to identify and effectively manage new or complex risks. Compliance-savvy companies aren’t taking the checklist approach because it is not a good return on investment — and the penalties are high in case you are investigated for your partner’s misconduct or your company’s business operations are slowed.
Consequently, regulators are constantly encouraging companies to avoid check-the-box due diligence and adopt more holistic and robust processes on a regular basis which include a periodic review of third parties, their operations and ownership.
Robust renewal due diligence is key and must include reviews for contractual compliance, ensuring that the agreed T&Cs are complied with along with changes to the third party themselves. This review of the partnership should be coupled with an external effort to verify the information provided to your company by a third party. Depending on the jurisdiction, a company can and should obtain corporate registry information, ownership information, in-depth media research in multiple languages, review government watchlists, conduct reputation inquiries, site visits and other efforts that are independent of the insight provided by the third parties themselves. Companies should certainly have a degree of trust with their third parties but should also verify and corroborate the information to ensure they aren’t unnecessarily exposed to risks.
The value of ongoing due diligence during the global pandemic
Initial due diligence during the on-boarding process is essential but it only provides a snapshot in time of the operations or profile of that partner. The initial due diligence effort could be clear of serious risks but over time the partner could engage in new activities that dramatically shift their risk profile. Technology tools exist that can automatically flag and alert companies to these new issues.
Ongoing due diligence doesn’t only ensure that you’re on top of your partner’s compliance but also ensures that you’re meeting the ever-increasing regulatory demands. With the pandemic, the third parties that are essential to companies are also going through dramatic shifts. Depending on the size, industry and location of the partner, it could be an unfortunate reality that their business could cease operations soon. Short of shutting down entirely it is possible that they have been made to focus on providing new goods or services to handle the pandemic, have new ownership/management or have severely slowed production. Some of these issues can be found by ongoing monitoring or renewing due diligence.
Apart from the benefits to operations a company can realize with ongoing monitoring and renewed due diligence, there are a few regulatory benefits as well. This has been an area of increase focus by regulators in recent years. The U.S. Department of Justice and the UK’s Serious Fraud Office recommend ongoing partner monitoring and companies can also see benefits outside of this. Renewed due diligence can improve a business efficiency because it:
- Ensures constant awareness of new risks presented by your partners
- Helps to manage risks in real-time and more effectively
- Can help you avoid or minimise financial losses and liability
- Safeguards reputation from damage and negative press
- Encourages a culture of compliance and ethical conduct in your partners
- Helps to keep the due diligence, corporate information and business intelligence current
- May result in reduced penalties if investigated by authorities for partner misconduct
- Provides a clearer oversight of your partners’ activities, conduct and practices
- Cuts down on repetitive administrative tasks and is cost-effective
- Helps to make better decisions in selecting key partners
Due diligence doesn’t end once you have completed your initial review of your partner. There must be a process that ensures regular ongoing checks, reviews and audits of various documentation, processes and procedures. Companies should ensure that they are made aware of changes to their partners so that their own operations are not negatively impacted.