A comprehensive approach to third party and vendor due diligence management is essential for any company conducting business globally. A strong due diligence program’s purpose is two-fold:
- To guide your company, helping you make smart choices when it comes to international business partners, and
- To protect your company, building procedures and a legally-defensible documentary record that can protect you from an enforcement action (under either the FCPA or U.K. Bribery Act) in the event that a third party engages in bribery on your behalf.
To fulfill these purposes, organizations must align the unique risks and strengths of their company to their approach to due diligence.
The Right Pieces: Building a Vendor Management Due Diligence Checklist
Think about your third party due diligence checklist as a puzzle. There are a certain number of pieces (steps) needed before the puzzle is complete, and you can move on to the next stage: the proposed business deal.
Every company’s “puzzle” will look different based on its needs, circumstances and risk profile. It is a compliance professional’s job to make sure that a company has the right pieces to complete the puzzle.
While every compliance risk management program looks different (and should) there are some “puzzle pieces” that are so fundamental to success that it is almost impossible for a program to be complete without them. I recently wrote a whitepaper detailing these essential elements, “How to go from Manual to Automated Third Party Due Diligence Monitoring: Ten Steps to Success,” which you can download for free here.
The Right Processes: A Checklist is Not Enough
Equally important as having the right “pieces” in your due diligence compliance program is having the right processes in place (that have been clearly documented) to make sure the due diligence checklist is actively used.
Government investigators can tell the difference between “paper” compliance programs and programs that are actually effective. Without documentation, how will you prove that your compliance program is doing its job? How will you know whether employees are adhering to your internal processes and procedures and are “putting the pieces together” correctly? A documentation requirement at every step is critical.
You can hire me to create the best due diligence program there is, complete with all the pieces your company needs to mitigate risk so that business decisions can be made confidently. But all my brilliant work will go to waste if the program is not followed.
Compliance programs cannot sit on the shelf; they must be effectively implemented. This means employees actually use the forms and business deals do not go forward until all the boxes are checked off.
The Right Presumptions: Habits Make or Break a Culture of Due Diligence Adherence
Compliance programs are only as effective as business leaders require them to be. Compliance programs must be followed, not just read and signed for at the bottom. To make this happen, companies need a culture of compliance. That is not a piece of the puzzle; it is the glue that holds everything together.
Creating a culture of compliance is to appeal to each officer and employee’s self-image and translate that into an organizational image that everyone can embrace. People want to be proud of their company’s ethical culture; it is up to you to give them the tools to be. And ethics are contagious. Companies with a strong culture of ethics and respect will have fewer incidents of fraud, theft and other corporate misconduct.
A chief compliance officer is the leader of this effort but needs the backing of the board and senior management. Take the time to get their buy-in or the most expensive compliance program you can buy will still not be “effective.”
Putting it All Together
We all know it is easy to make the pieces available to your employees through online portals or emails. But availability is not enough. It is a waste of resources to take the time, effort, and money to put together policies and certification forms if your employees are never going to look at them again. Possibly worse are employees who check the boxes without understanding what they are doing or why.
It is up to the Compliance Department to help all stakeholders, executives, managers and employees understand not just what to do but how and why. Corruption hurts everyone; helping your employees to understand their role and the tools and resources available to them to fight against that worldwide scourge (a little drama never hurt anyone) will ensure that everyone supports due diligence goals.
The most important take-away from this article is that having all the pieces of the puzzle will not make a due diligence program effective—you need the processes in place to “glue” them together. Gain buy-in and the support of your executives, managers and employees and the due diligence performed will be meaningful and effective.