Third Party Due Diligence

Fikret Sebilcioğlu
  • Fikret Sebilcioğlu          CFE, CPA, TRACE Anti-Bribery Specialist         
  • Managing Partner
  • Internal Controls&Forensic
  • E-mail to Fikret

Under many legal frameworks, organizations may be held liable for acts of corruption by their third parties. Dedicated third party monitoring clearly reduces legal costs. Organizations that apply adequate resources to monitoring third parties through FTEs and outsourced third party due diligence providers are less likely to have faced legal action. 

In the field of anti-corruption in particular, due diligence obligations on third parties have recently expanded in the wake of various laws such as the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. Under most of these laws, corporate criminal liability can be triggered when the bribe is paid by or through third parties including agents, consultants, suppliers, distributors, joint-venture partners, or any individual or entity that has some form of business relationship with the company. Therefore, companies look into the details of transactions and their related third parties to identify and avoid the risk that third parties could bribe on their behalf. 

Governments from all regions are introducing stricter laws to combat bribery in business transactions. Enforcement is on the rise, with criminal penalties for wrongdoing reaching record levels. The extraterritorial reach of anti-corruption laws also means that organizations doing business and raising capital in multiple jurisdictions can be prosecuted for acts of bribery committed anywhere in the world.

In light of this uptick in regulatory and enforcement activity, organizations are devoting more and more resources to establishing policies, infrastructure and processes aimed at fighting corruption within their own businesses and throughout their supply chains. An area of special attention has been the prevention of indirect corruption (i.e. through third parties), which is explicitly prohibited by the United Nations Convention against Corruption, the OECD Anti-Bribery Convention and the national legislations of their signatory countries.

In fact, conducting risk-based due diligence on third parties has become a legal expectation in many countries that have ratified the OECD Anti-Bribery Convention and/or the United Nations Convention against Corruption, and conducting adequate due diligence may help organizations decrease, and under some laws even avoid, the risk of criminal culpability for corrupt third-party conduct. 

How Cerebra can help

Cerebra provides third-party due diligence on behalf of clients operating in Turkey. We work with clients to develop due diligence approaches that are appropriate for third parties presenting varying levels of risk, while providing the additional benefit of an objective and independent perspective. Our methodologies are informed by and responsive to a variety of risks as well as regulatory compliance-drivers, including the U.S. Foreign Corrupt Practices Act (FCPA), UK Bribery Act. 

Cerebra performs third party due diligence projects considering that the level of scrutiny necessary for an organization to reach reasonable confidence that it is engaged in a normal, legitimate business transaction varies with corruption risk. The level of corruption risk determines how much scrutiny is required to be able to defend before a judge or a prosecutor that the organization is confident it is dealing with a bona fide third party. The higher the risk, the broader and deeper the third-party due diligence should be.

Cerebra's risk-based third-party due diligence process includes the followings:

  • Scope of Third Parties: Understanding the universe of third parties and which ones should be subject to due diligence
  • Third-Party Risk Assessment: Assessing the level of corruption risk associated with individual third parties
  • Due Diligence: Conducting risk-based anti-corruption due diligence
    • Company search 
      • Date of incorporation
      • Ownership structure including current and prior shareholders
      • Key management team
      • Nature of business
      • Tax payer identification number
    • People search
      • Eductaion records
      • Employment records 
      • Social media
      • Cour cases
    • Reported criminal records
  • Approval Process and Post-Approval Risk Mitigation: Managing the approval process and mitigating identified risks 
  • Effective Implementation of the Third- Party Due Diligence Process: Communicating on the due diligence process and ensuring its effective implementation by the organization’s management and employees.