Compliance Risk

Mon, Jun 17, 2024

Cracking the Code: How Risk-Based Due Diligence Protects Your Money from Financial Predators

/en/our-team/emanuel-batistaEmanuel Batista

Emanuel Batista

/en/our-team/maria-alejandra-vahosMaria Vahos

Maria Alejandra Vahos

This article was originally published by LEC.

In an era marked by unprecedented technological advancements and an increasingly interconnected global economy, the financial industry has witnessed a surge in complexity and innovation. However, this progress has also ushered in new challenges, particularly in the realm of financial crimes. Financial crimes have been on the rise due to current economic pressures, geopolitical tensions, an increasingly diverse regulatory environment, government scandals, public corruption, the post-COVID era, among others. According to Kroll’s 2023 Fraud and Financial Crime Report, financial crime continues to be a leading threat globally: 69% of respondents expect crime risks to increase over the next 12 months with cybersecurity and data breaches as the primary drivers.

In the face of this dynamically evolving landscape, the role of the compliance function remains more crucial than ever, and the pivotal role of due diligence has emerged as a powerful tool in the ongoing fight against illicit activities, serving as a beacon to illuminate the path towards regulatory compliance and reputational integrity.

The concept of due diligence has taken center stage, becoming a cornerstone process in the investigation of third parties, customers and employees, playing a crucial role in anticipating, detecting and responding to the diverse array of regulatory and reputational risks that accompany the ethical and compliance obligations in today's global landscape.

A Holistic Approach to Risk Mitigation

Within the intricate fabric of any organization, due diligence processes should be seamlessly woven into the fabric of the compliance program. Far from being a mere procedural formality, these processes serve as a robust defense mechanism against potential financial crimes. By meticulously scrutinizing the background, intentions and affiliations of external parties and internal stakeholders, institutions can establish a comprehensive shield against threats that might compromise their ethical standing.

The strategic significance of due diligence is underscored by its alignment with an institution's risk matrix. Every organization navigates a unique landscape of risks, influenced by factors ranging from industry dynamics to geographical reach. As such, due diligence must be tailored to the specific contours of an institution's risk profile. To guide this customization, a set of strategic questions serves as the compass, steering the due diligence process toward a precise alignment with an institution's risk tolerance and strategic objectives.

Unveiling Strategic Questions

These strategic questions function as the cornerstone of effective due diligence implementation. They serve not only to assess risks but also to mold the contours of due diligence processes in a manner that resonates with an institution's overall strategy. The formulation of these questions pivots around the organization's willingness to embrace due diligence as a proactive force rather than a reactive measure.

1. Purpose of Due Diligence

The journey begins with a clear understanding of the purpose behind due diligence efforts. Whether it is to ensure compliance with intricate laws and regulations such as anti-money laundering (AML), the Foreign Corrupt Practices Act (FCPA) or the UK Bribery Act, or to mitigate local reputational risks, due diligence serves as a linchpin in safeguarding an organization's ethical standing, regulatory adherence and avoid financial risks. It is a strategic move to anticipate and address potential pitfalls before they materialize.

2. Ambit of Due Diligence

The canvas of due diligence is broad, encompassing a spectrum of individuals and entities. From third-party suppliers and investors to know your customer (KYC) and know your employee (KYE) assessments, the scope is expansive. It extends also to sponsorships, donations and even entities involved in merger and acquisition processes. The due diligence net is cast wide, encapsulating all who hold the potential to influence an organization's ethical landscape.

3. Scope of Due Diligence

Not all due diligence initiatives follow the same criteria. Depending on the risk factors identified, due diligence strategies may vary from a review of risk databases and reference lists to more comprehensive due diligence involving public records searches and interviews with market sources, depending on the risk profile, industry and relationship (see points below).

4. Risk Profile and Tolerance

The risk landscape varies from institution to institution, influenced by industry specifics and geographical footprints. Understanding an organization's risk profile and its appetite for risk is pivotal in shaping due diligence strategies. A delicate equilibrium must be struck between growth aspirations and risk mitigation, defining the depth and extent of due diligence efforts.

5. Industry and Jurisdiction Analysis

Industries, like geographies, have their unique risk profiles. A regulated industry may demand a more exhaustive due diligence process. The jurisdiction where a company operates can also serve as a determinant of risk levels. The due diligence process must be attuned to these industry and jurisdictional nuances, ensuring a comprehensive risk assessment.

6. Relationship Dynamics

The nature of a relationship with a third party influences the perceived risk. Factors such as the level of expected risk, financial relationship size and anticipated duration of the partnership all play a relevant role in shaping due diligence requirements. A discerning analysis of these dynamics guides the due diligence trajectory.

7. Timing and Integration

Time is of the essence in due diligence. Depending on the depth and breadth of the process, the timeline can vary. However, due diligence must be seamlessly integrated into the workflow, taking into account work plans to ensure that objectives are met without disrupting operations.

Challenges in the Region

The complexities of due diligence are magnified in different regions, presenting unique challenges and hurdles. In LATAM, these challenges are further underscored by a dynamic regulatory landscape and cultural intricacies. Countries such as Costa Rica, Brazil and Chile have recently enacted legislation that emphasizes the importance of due diligence.

Among the challenges faced, regulators such as the SEC and the U.S. Department of Justice cite as a common mistake the failure to conduct timely and sufficient due diligence, the inadequacy of validating information from business partners, overlooking detected red flags, and the perilous "willful blindness”— a deliberate avoidance of crucial facts.

Particularly in LATAM, the main challenges include the lack of digitized and centralized data, different languages that constitute a challenge in the search and analysis process, third parties with low public profile and no easily accessible public information, and budget limitations in the Compliance area. According to Kroll’s 2023 Fraud and Financial Crime Report, 64% of respondents in Brazil and 68% in Mexico agree that third-party gatekeepers create anti-money laundering challenges.

To tackle these challenges, organizations are urged to adopt a series of best practices that can fortify due diligence processes:

1. Risk-Based Onboarding Questionnaire

Commencing with a risk-based onboarding questionnaire is a prudent step, allowing the creation of risk scores. However, third-party information must be corroborated independently to ensure accuracy and reliability.

2. Contractual Safeguards

Incorporating compliance requirements and specific language within contracts can condition the business relationship on the maintenance of ethical conduct.

3. Anti-Bribery and Corruption Compliance

The absence of an anti-bribery and corruption compliance program in a third party should serve as a red flag. The establishment of such a program could be indicative of a commitment to ethical standards.

4. Education and Training

Sharing information and providing training to stakeholders about the organization's due diligence commitment bolsters awareness and compliance efforts.

5. Continuous Monitoring

Internal triggers and controls are essential to monitor changes in risk profiles, and whistleblower policies can facilitate early detection of issues.

6. Documentation

Documenting the rationale behind using each third party and maintaining these records for a stipulated duration ensures transparency and accountability.

7. High-Risk Approval

For high-risk subjects, the decision to proceed with a business relationship should involve collaboration between the compliance officer and senior leadership.

The role of due diligence in preventing financial crime is paramount, woven intricately into the fabric of regulatory compliance and ethical adherence. It stands as a formidable bulwark against the ever-evolving landscape of financial crimes, offering organizations the means to pre-emptively identify, assess and mitigate risks. By embracing due diligence as a proactive measure, organizations can navigate the intricate pathways of global finance with resilience and integrity.

The road ahead is marked by challenges, particularly in regions like LATAM, where unique dynamics demand tailored strategies. However, the key lies in recognizing due diligence not as an isolated process but as an integral component of a holistic compliance program. By aligning with the organization's risk profile, industry dynamics and global best practices, due diligence emerges as a strategy of protection, shielding organizations from the potentially devastating consequences of financial crimes.

As institutions continue to grapple with the complexities of a dynamic financial landscape, the significance of effective due diligence cannot be overstated. It is a beacon of ethical resilience, a safeguard against reputational erosion, and a testament to an organization's unwavering commitment to compliance, thereby shaping a future where financial crimes are thwarted, and integrity reigns supreme.

Footnote Sources
Legislative Assembly of the Republic of Costa Rica, Law on Liability of legal persons on domestic bribery, transnational bribery and other crimes, No. 9699, 2019.
ACAMS, Glossary of AML Terms, No Date.
Batista, Emanuel, Key Takeaways for Effective Reputational Due Diligence, 2019.
National Congress of Chile, Law 20393, Establishes the Criminal Liability of Legal Entities in the Crimes of Money Laundering, Terrorism, Bribery, Aggravating Circumstances, Extenuating Circumstances, 2023.
Diário Oficial Da União,Decreto Nº 11.129, De 11 De Julho De 2022, 2022.
Kroll, Fraud and Financial Crime Report. Can Technology Stop the Threat of Economic, Crypto and ESG Crimes?, 2023.
Kroll, 2022, Report on Anti-Corruption and Bribery, 2022.
Watt, Michael and Foulon, Veronique, Evolving Challenges with Enhanced Due Diligence, 2021.

AML Compliance Due Diligence

Kroll helps clients navigate the complexities of today’s regulatory environment through a broad suite of anti-money laundering compliance screening and due diligence offers.

AML Compliance Due Diligence

Kroll is headquartered in New York with offices around the world.

55 East 52nd Street 17 Fl
New York NY 10055
+1 212 593 1000
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.

More About Kroll

More About Kroll
© 2024 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.