Dealing with compliance immaturity: Disclosing the subject

Gone are the days of engaging a private detective or an ex-police officer to conduct surveillance. Modern-day due diligence is a skill in research, collection, assessment, risk review, legal review, fact checking, compliance assessment, analysing, summarising and reporting. The risk review, legal review, compliance assessment and analysis are generally not part of the core skills of a private investigator and therefore you require a due diligence professional.

Occasionally when conducting due diligence on a proposed third party a company chooses not to inform that third party about the due diligence. This practice should be discouraged. There is nothing to be gained by not telling the subject company about the process or trying to keep it secret. Except for in an acquisition where the buyer has yet to disclose themselves, there is little advantage in keeping quiet. The third party expects that you will be doing some form of due diligence and engaging a compliance or legal firm to complete a review. There is nothing that the due diligence company or law firm is going to do differently than if that due diligence were secret – no one would ever disclose more than they had to and would never disclose the name of the client for which they were acting.

Sometimes when due diligence is conducted without the knowledge of the subject company, that company learns that someone has been asking questions. This happens quite inadvertently and can occur when the compliance professional leading the investigation is doing the reputational checks involved with the due diligence. Reputational checks require asking questions of referees (if available) or developing a network of people that may know the subject company. If one or more interviewees are close with the owner or manager of the subject company and lets them know that someone has been asking questions, some business owners or managers – particularly those of small- or medium-sized businesses – may feel uncomfortable and get “spooked” that something is going on. When this happens, the subject company will often get very concerned and will try to impair the due diligence process. They might do this for a number of reasons, including:

  • they are experiencing the process for the first time and do not understand it
  • they feel that the due diligence is going to disclose negative information and that they will not have an opportunity of putting their view forward
  • they have something to hide and want to stop the due diligence process before their secret is disclosed.

The subject company will search for the reason why the questions are being asked, and they can generally turn to whoever they are talking to about a partnership, sale of the business or distributor/reseller contract negotiation or to a potential customer to whom they would be a major supplier to see if it is one of those companies that is responsible. They might also look to anyone that has recently asked them complete a questionnaire (a common starting point for a due diligence process and something that is done without disclosing the actual background check). It is likely that one of these situations will ring true and that an organisation is conducting due diligence on them. Sometimes the subject company will reach out to the contact they have at the company requesting the due diligence and tell that person that performing background checks is an invasion of their privacy and that they no longer trust them and that the negotiation is therefore at risk. This initial call would rarely go to the legal or compliance department, but would most likely go to the sales team and work its way through the company from there. By the time that it gets to compliance or legal, it is as if they have put the business relationship at risk due to their overemphasis on background checks and the heavy-handed nature of such arrangements.

There a number of reasons why a subject company may react this way:

  • Immaturity

The target company are not used to due diligence or working with global companies that focus on compliance. They are not aware of the value of due diligence and have been living in the “compliance cave”. This is an issue in itself as it shows a degree of compliance immaturity and certainly gives an insight into how that company might be as an acquired entity. They are probably going to focus on the fact that there is an inbuilt level of trust that is needed in business and that the company should rely on that trust.

  • Negotiating

It is possible that the subject company is simply negotiating, trying to leverage the issue for their own gain as part of a negotiation. They may not be trying to hide anything per se, but may be sending a message that the company is taking too long, being too conservative, being caught in compliance obfuscation or losing sight of the real deal.

  • Hiding

Of course, the third issue is that the subject company has something to hide and are trying to derail the due diligence process to keep that issue hidden.

It very much depends on the jurisdiction and type of company, but it is often a mixture of all three reasons. For small companies, it is likely to be immaturity, and they will talk about the “breach of trust” that has happened. This is a small business/entrepreneurial mentality. For medium-sized companies, it is likely to be negotiating and hiding – the former when they are the subject of an acquisition or joint venture and the latter when they are being selected as a distributor or reseller. This follows common sense, as in the acquisition sense the ability to negotiate is much stronger and more pronounced.

The following are some steps that a compliance team should take in this situation.

Engage the issue head on – don’t avoid it

Your reputation as a compliance team and the reputation of your due diligence provider is at stake and you should strongly respond to the criticisms that the process is heavy handed or that there is a lack of trust. Of course you need to confirm that the process isn’t heavy handed and that any protocols for the due diligence are in place and have been followed by any outside provider. Ask your provider for a full report thus far and details of who they spoke to and the answers. Try and work out what happened and how the company was “tipped off”. Your due diligence provider will probably know from the discussion with a referee whether or not it was too close and whether someone reached out to the subject company.

Talk to the sales team or the referring part of the business

You should reach out to the group that is passing on the complaint from the third party and, if possible, reach out to the third party directly. Your position should be carefully worded and preferably in writing. It is important to stay strong in this situation rather than getting defensive and backing away and you should counsel your deal team or sales team to do the same. It is more than likely that the due diligence was perfectly reasonable and you should not be bullied by a third party who doesn’t like the process or claims that it will derail a transaction. If something like this impacts a transaction then the transaction is probably not worth it.

Develop your messaging

Your messaging should be clear and concise: the company is open to conduct due diligence and background screening on all its proposed business partners and it is company policy to do so. Wherever possible a company policy should be referred to and referenced. The messaging should continue by saying that the due diligence was done under normal circumstances and according to defined protocols set out by the company to its due diligence provider. You might care to explain at this juncture the sort of due diligence performed and explain the likely culprit for the awareness (the reputational checks). You should be strong here and repeat that there is neither a lack of trust nor an assumption of lack of integrity on the part of the subject company – it is normal procedure and gets done for all third parties of certain types right across the company, and this subject company is no different.

Negotiate a proposed way forward

You should not back down and stop the due diligence process. You should ask specifically why the subject company has such objections and why they are opposed to you conducting the due diligence. Here they may show their concern and identify why they have reservations – it might be some litigation that they are not comfortable about or some issue that happened years ago. You should reiterate that although the due diligence is carried out by an external firm the contents of that due diligence report are confidential and privileged. Tell the subject company that if the due diligence does uncover adverse issues, those issues will be considered as part of the overall process of determining whether their company is a suitable third party. Just because there are negative issues does not mean that you will not do business with the company going forward. It might also be the case that you will discuss any negative issues with the subject company and give them an opportunity to be heard on that issue. Do not agree to provide a copy of the external provider’s due diligence report to the subject company. This would certainly waive any privilege argument and might also jeopardise your negotiating power. You might agree to give them an opportunity to be heard on certain negative issues which would otherwise force you to decline working with that company.

Previous Article
Getting buy-in for a third party compliance programme
Getting buy-in for a third party compliance programme

Do you currently have a compliance programme? The first step in determining how to go about gaining buy-in ...

Next Article
Predicting the risks of third parties
Predicting the risks of third parties

Risk versus uncertainty. The first problem that most people encounter is that they are not always clear on ...