Frequently Asked Questions

• What is required for Due Diligence?

  Due Diligence is defined as “a measure of prudence, activity, or assiduity, as is properly to be expected from, and ordinarily exercised by, a reasonable and prudent person under the particular circumstances; not measured by any absolute standard but depends on the relative facts of the special case”. In layman’s terms – as it relates to compliance and risk assessment, it means that you did your best to investigate who a person or company was, and what risks were involved in doing a transaction with this entity.

  Investigating a new relationship--which can be with a client, agent, vendor, supplier, or employee--should be done to the best of your ability. There is no one source that can uncover all risks involved with a new relationship, but performing the task of investigating a person and their links to activities or individuals that could be of risk is essential in establishing a compliance policy.

• What is the difference between initial and ongoing due diligence?

  Initial due diligence and ongoing due diligence relate to terms in the FFEIC manual or Bank Secrecy Act/AML Examination manual. Initial due diligence is a term that refers to the vetting that must occur prior to engaging in a new relationship with a person or company, in order to ensure that a) they are who they say they are, and b) there is not current information that said person or company could be already linked to a criminal activity or other activity that would make that relationship high risk. Ongoing due diligence means that a person or company is periodically being screened to make sure that said relationship is not adding additional risk.

• What are the best ways to implement controls, or enforce your FCPA policy?

  Designing an FCPA policy is just one of the many critical steps in staying in compliance with this very broad piece of legislation. In order to enforce your policy regarding the Foreign Corrupt Practices Act, an organization must ideally perform due diligence on their immediate contacts to prove a) links to a foreign government and b) that the person or entity is not already linked to corruption or FCPA investigation. Depending on your risk profile, it may be necessary to screen payments to 3rd parties or monitor all 3rd party relationships with agents and partners to ensure the payments are not showing in the bank accounts of foreign officials or executives of state owned enterprises without being properly documented.

• What is Enhanced Due Diligence? How does it compare with “plain vanilla” due diligence?

  Enhanced due diligence is the process of “digging deep” into a person’s or company’s history and relationships to verify their identity, looking into the following:

  
  

  1. An individual’s background, or possible links to illicit activities
  2. The true ownership of a company and their executives (otherwise known as “piercing the corporate veil”)
  3. Interviewing a company’s vendors or other contacts to gauge the reliability of its previous business relationships
  4. Looking into a person or company’s ties to government owned entities

  
  

  Enhanced Due Diligence (EDD) is usually defined as a one time event requiring significant resources to confirm a person/company is not a risky relationship. One who is requesting an EDD report should realize it is only a snapshot in time and once the investigation is complete, the potential for risk going forward increases as time passes.

• What is de-conflicting?

  De-conflicting is a term used in the military relating to separating the good from the bad actors. When performing due diligence, it pertains to the act of confirming whether or not a 3rd party is or is not the particular 3rd party result that may represent risk to your organization.

• What is a unique identifier?

  An unique identifier allows a person to be de-conflicted from others based on details such as photo, date of birth, or other critical pieces of information. Many persons or companies around the world have similar or identical names; when performing due diligence, a person should be able to properly de-conflict from an entity on a sanction list by using such details.

• How is “fuzzy logic” applied to name screening?

  The process of screening a name versus a “watch” list or PEP/Foreign officials list requires an organization to assume that the person being vetted has their name spelled correctly, and also that the referenced watch list has their illicit individual or company included with the correct spelling within it. Although this may appear, at first glance, to be a simple task, the fact is that a significant amount of names are not always translated in exactly the same way. One report claimed this is how the potential Christmas bomber was able to get through the US Homeland Security systems in 2009, as his name was spelled uniquely in two different systems. When performing due diligence, a person should not assume that a person or company linked to illicit behavior has been properly “keyed in” or, more importantly, that the translation is done correctly. Organizations should implement a tool that will recognize a slight spelling variation, or, more desirably, have an algorithm in place that recognizes those names which may be translated into different forms and show them as “hits”.

• How would due diligence for the Foreign Corrupt Practices Act (FCPA) differ from the typical due diligence process?

  From the perspective of the FCPA, an organization must perform due diligence by first checking a new relationship versus a comprehensive list of foreign officials, which would contain the following:

  
  

  1. Government Officials – International, National, State, and local
  2. Close family members/Associates of Government Officials
  3. State owned Enterprises (Government owned corporations)
  4. Executives of SOEs

  
  

  In addition, a user would need to screen against a list of persons or companies known to have been linked to bribery FCPA infractions. This is where it is critical to create and use an ongoing due diligence service that would flag a current vendor or partner if that person/company is linked to such an infraction.