All organisations need to do robust due diligence by Alex Plavsic, Head of Forensic, KPMG on 07-Oct-2013

Imagine, for a minute, you run a mid-sized firm looking for a way to manage your logistics in Russia and you were recommended to a customs broker. On the surface, the company looked to have a good reputation and had not been referenced in sanctions or blacklist checks. The firm’s main contact point at the customs broker, the general director, also had a good reputation.

However, further investigation revealed that the shareholders were caught up in allegations that they had paid bribes to customs officials and had faced various administrative fines through other businesses. They were also embroiled in litigation in the US as a result of their activities there and were suing their business partner for fraud.

As Alex Plavsic, Head of Forensic at KPMG explains, this is not a made-up story, but sadly, one of a long list of cases that we has worked on where a company would have been open to huge risks if they had not conducted robust due diligence on their potential partner. And these risks are real and a growing issue globally.

In the financial services industry alone, over £57 million was paid out in fines relating to money laundering, corruption and other integrity issues to the Financial Services Authority in 2012. But, all too often, we are still finding many cases where companies are blindly entering into agreements with only the most cursory internet searches or their counterparty – or just as bad – only thinking about due diligence once the ink is dry on the contracts.

Yet regulatory scrutiny is mounting the world over and failure to comply can expose organizations to reputational damage, operational risk and government investigations, as well as obviously fines, penalties and potentially even criminal liability.

KPMG analysed some 8000 integrity due diligence reports to understand what lessons can be learned about the nature of risks to which organizations are exposed through their third-party business associations. The results were surprising. Over 20% of subjects were given an overall risk rating of red, meaning they were associated with significant risks (such as allegations or incidences of corruption, fraud, money laundering or other unethical or illegal practices). In addition, nearly 9 out of 10 integrity due diligence reports identified some kind of risk that warranted review.

From our research, it is evident that the single greatest risk to companies is the integrity of directors, shareholders and ultimate beneficial owners of a company. Often, companies fall into the trap of placing too much emphasis on the corporate entity, and not its directors and shareholders. Negative information on individuals running or owning a company accounted for 68% of red flagged reports in the financial services industry since 2009.

Fraud was also the most prevalent risk uncovered. This exceeds all other risks, including regulatory violations, bribery and corruption, money laundering, business disputes, sanctions and Politically Exposed Persons (PEP) associations. Financial fraud has hit record highs as reported in our Fraud Barometer earlier this year.

Our analysis also found that the location where financial institutions choose to do business matters. While mid-sized businesses may have a less extensive international footprint than larger organisations, several sectors (oil and gas in particular) have interests in risky markets. The Middle East and North Africa were identified as third-party risk hotspots and accounted for 72% of all red-rated reports.

For example, an oil and gas firm had been recommended to a joint venture partner in an African country. The company appeared to have the requisite track record, some well-known international customers and was endorsed by local and international players in the sector. However, due diligence uncovered that the ultimate beneficial owners of the company were all politically exposed, had been accused of corruption and embezzlement of funds and been linked to arms smuggling scandals. These factors combined made the firm re-evaluate the recommendation it had received.

Organisations need to go beyond a standard screening procedure, which typically just incorporates sanctions and press checks. A thorough investigation into a company’s key payers is an absolute necessity and we advise companies to carefully consider external political and economic factors when entering into any business relationship.

For more information and to see the full report, please visit: Astrus Insights - KPMG's analysis of third-party integrity risks.

Tweets by @biz_works