This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Integrity due diligence

How much is enough?

Deloitte | Jon GreenawayThe need for integrity due diligence on international business partners is clear - companies are liable for the actions of business partners on their behalf under laws covering bribery in foreign jurisdictions.

However there is no regulatory guidance specifying a minimum level, and this ambiguity can result in companies doing the minimum with regard to  due diligence.

But as evidenced by recent actions under the bribing of foreign public officials provisions of the Australian Criminal Code Act 1995 (Cth), continued enforcement by the Securities and Exchange Commission (SEC) and the Department of Justice (DoJ) of the Foreign Corrupt Practices Act (FCPA) in the US, and the provisions of the UK Bribery Act, this approach will no longer suffice.

A rule, not an exception

Performing thorough due diligence is, to reverse the phrase, becoming the rule rather than the exception.

Increasingly, companies are expected to conduct a deeper, more systematic investigation of potential international business partners that involves collecting information from the business, verifying the data and following up on identified “red flags.”

Failing to do so can have considerable financial and operational repercussions for companies conducting business internationally.

Extensive financial due diligence is very often undertaken during mergers and acquisitions, providing shareholders with deep insights into value creation opportunities.  However due diligence on existing and potential agents and business partners is often ignored, leaving an exposure to risks such as bribery and corruption.

Evidence of a rigorous and ongoing due diligence process has been a factor taken into consideration by the SEC and DoJ in the US when it comes to fines and deferred prosecution agreements handed down under the FCPA. There is also reason to believe Australian and UK courts will take into account the risk management processes a company subject to action had in place. In March 2011 the Ministry of Justice published adequate procedures and prosecution guidance in relation to  the UK Bribery Act which identified due diligence as a key principle and particularly important in mergers and takeovers.

Following best practice

Companies that follow best practice in conducting due diligence are now going further than just reviewing the public record for information that establishes the reputation and credentials of potential business partners. They are engaging management of their vendors and agents via thorough due diligence questionnaires that are signed off by the executive or owner attesting to the information.

Areas covered include demonstrating compliance with the company’s code of conduct, whether the business partner had experienced a corruption event and, if it had, how it was managed, and confirmation that the circumstances that gave rise to it have been mitigated. In other words, the prospective partner’s activities are very much “on the record”.

As a result of obtaining information directly from a business partner, a review of the public record for corporate and shareholder information, litigation records, media coverage and regulatory actions becomes even more important in terms of verification of the data provided. One recent FCPA prosecution lamented that the extent of verification was only to verify a consultant’s existence and physical address via Dun & Bradstreet.

What to do

Best practice will require a company to take three steps:

  1. Require the prospective business partner to disclose information via a questionnaire
  2. Use a risk-based approach to verify the information
  3. Take action on red flags.

There are also a number of areas in which information should be gathered as part of the due diligence process. For example:

  • Evidence of a legitimate business (existence of staff, plant and equipment, premises etc.)
  • What is the ownership structure and affiliations?
  • Countries of operation relevant to the business relationship
  • Records of bankruptcy and litigation matters
  • Conflicts of interest
  • Business ethics
  • Product safety issues.

Risk factors particular to the industry and the function performed by the business partner also need to be considered as part of the risk-based approach that will determine thresholds required for the due diligence.

Those charged with the responsibility for the integrity of a prospective business partner have a critical role to play – in terms of providing general assurance that a deal is a good one but also that the deal will not expose a company to cross jurisdictional bribery and corruption issues.

Having the right resources to undertake due diligence, and identifying experience gaps, are also vital. Reaching out to firms providing business intelligence services, such as Deloitte, to fill those gaps should be seriously considered.


Jon Greenaway | Account Director Forensic

Michael Clarson | Manager Forensic



Follow us


Talk to us