Key considerations in carrying out an effective forensic due diligence.
By Rethabile Thobejane, Compliance Assistant, CMS South Africa
There is no doubt that commercial crime is a risk faced by all organisations across all industry sectors. It is, accordingly, critical for organisations to implement meaningful measures to mitigate the risks occasioned by fraudulent and corrupt conduct or practices. As part of these measures, organisations need to ensure that they conduct effective forensic due diligence on their business partners and vendors. This will go a long way in assisting organisations to understand the commercial crime risk that these entities may pose to them.
The lack of effective forensic due diligence on business partners and vendors has often resulted in organisations falling victim to fraudulent and/or corrupt activities, or in certain instances, being used as a vehicle to commit commercial crimes. Fraud, money laundering, bribery and corruption are some of the commercial crimes that date eons back and the methods used to perpetrate such crimes are constantly evolving. As such, the methods used to mitigate the risks associated with such activities need to also evolve in order to remain effective in curtailing such risks. In this respect, forensic due diligence exercises are incredibly valuable in assisting organisations to fully understand who it is they are doing business with.
The ultimate purpose of a forensic due diligence is to understand the commercial crime risks associated with the entities that an organisation wants to conduct business with. Therefore, it is important that a forensic due diligence is constructed meaningfully to achieve this purpose. In this respect, there are various considerations that need to be considered when conducting a forensic due diligence. Some of the key considerations would include:
A detailed understanding of the vendors and business partners that the organisation usually engages with. For example, does the organisation mostly procure goods or does the organisation make use of agents, consultants and/or other types of service providers?
Conducting a detailed risk assessment in order to determine the specific risks that these vendors and/or business partners may pose to the organisation.
Considering the size and nature of the organisation in order to consider how best to implement a risk-based approach when conducting forensic due diligence. This is because a ‘one size fits all/tick box’ approach may not be the most effective manner in carrying out meaningful forensic due diligence on your business partners or vendors.
Identifying the type of due diligence procedures that are going to be conducted based on the risk profile of a given business partner and/or vendor. This would then allow the organisation to optimise company resources effectively so that more resources and time is spent conducting a detailed forensic due diligence on medium to high-risk business partners and vendors whilst still ensuring that effective forensic due diligence is carried out on low-risk business partners and vendors without expending an inefficient use of resources to do so.
Larger organisations are more likely to have more resources at their disposal to carry out more comprehensive forensic due diligence procedures, whilst small to medium sized organisations may find this to be a little more challenging as they may not necessarily have the same level of resources at their disposal as a larger organisation. However, this should not deter small to medium sized organisations from carrying out forensic due diligence and vetting their business partners and vendors. All organisations, regardless of size, should invest in conducting meaningful fraud risk management which includes effective forensic due diligence. The cost of such investment will go a long way in protecting organisations from the ever-increasing risk of commercial crime. The cost of not investing in such measures can be crippling to a business should it become a victim of some or other form of commercial crime.
In certain jurisdictions there is a legislative and/or regulatory requirement for organisations to conduct certain forensic due diligence procedures on their business partners and vendors. For example, organisations that are subject to the United States of America’s Foreign Corrupt Practice Act, 1977 are required to conduct meaningful forensic due diligence procedures on their business partners and agents. South African companies are required to comply with the provisions and regulations of South Africa’s Companies Act, 2008. Regulation 43 of the Companies Act prescribes that certain companies (such as, amongst others, state owned companies and every listed company) must appoint a social and ethics committee.
The social and ethics committee is required to, amongst others, monitor the company’s activities having regard to any relevant legislation, other legal requirements or prevailing codes of best practice in matters of social and economic development, including the company’s standing in terms of the goals and purposes of the United Nations Global Compact Principles and the OECD recommendations regarding corruption, both of which incorporate the requirement for organisations to implement meaningful anti-corruption compliance programmes which would include effective forensic due diligence.
Notwithstanding the legislative and/or regulatory requirements to which an organisation may be subject, organisations should adopt the approach of ensuring that the measures that they implement in mitigating the risk of commercial crime (including conducting effective forensic due diligence) will effectively mitigate the commercial crime risks that the organisation faces. Organisations should refrain from doing the bare minimum just to ensure that they are regulatory compliant; organisations should always strive to do more to curtail the risks of commercial crime whilst also ensuring that they are regulatory compliant. The culture of each organisation must be that everyone within the company is effectively trained, they have the relevant expertise and that there are systems in place to strengthen and protect the organisation’s credibility where commercial crime is concerned.
In an ever-changing world and given the significant increase in commercial crime risks organisations are facing world-wide, organisations need to be proactive in mitigating all forms of commercial crime risks faced. A reactionary approach would inevitably be too costly for an organisation given the financial and reputational risks associated with commercial crime risks. Meaningful forensic due diligence procedures which are incorporated in an organisation’s commercial crime risk mitigation programme will go a long way in protecting an organisation from the scourge of commercial crime.