This blog an extract from Mark's article for the FreePint Topic Series: What You Need to Know Your Customer (KYC). Here Mark looks at what a typical due diligence process looks like.
What does a due diligence process look like?
Typically, the due diligence process begins with identification whereby key information will be requested from the prospective client or third-party, often via a simple questionnaire. For example:
Next, a prospective client or third-party will be put through the watchlist screening process. Names of companies, individuals, NGOs and in specific cases other entities such as vessels, will be checked against global sanctions lists.
At the same time, additional checks may be conducted against law enforcement lists of known criminal entities and lists of debarred or disqualified companies and individuals published by regulators. Often firms will also have a proprietary 'do not do business' or similar list.
At this stage, lists of politically exposed persons are searched to determine government or official connections. The sheer volume of names screened and the frequency with which lists are updated means such a process is often automated and operated in batches containing hundreds of thousands or more names at a time.
By covering watchlist and PEP checks early in the process companies can quickly determine if the potential business opportunity needs to be rejected.
Covering PEP checks early also determines if the prospective client or third-party should be deemed 'high risk'. For example, where it is discovered they are in fact associated with a political figure or where they are deemed under ABC procedures to be a foreign public official.
3. Based on the information gathered during the identification process and anything uncovered by the initial watchlist and PEP screening processes, the prospective client or third-party will then be subject to risk assessment.
At a high level, a typical risk-based approach will assess factors such as the country from which the prospective client or third-party originated and that jurisdiction's track record for tackling criminal and other risks. For example, how does the country rate on Transparency International's Corruption Perceptions Index?
Risks associated with the industry sector involved will also be assessed. For example, is the industry prone to government involvement (e.g. Defence) and therefore at greater risk of corruption? Or does the sector have a dependency on networks of local agents (e.g. Construction) which could also expose it to greater bribery risk?
The type of entity involved will also be considered. For example, is the prospective customer or third-party a charity or offshore trust subject to increased money laundering risk?
Essential factors such as financial risk will also be assessed and, for ABC, more specific factors such as how a third-party compensates its staff for new sales or addresses its own anti-bribery policy may be considered.
After the risk assessment has been completed the data provided from the identification stage will be put through the verification process as the organisation sets out to determine if what it has been told by the prospective client or third-party is bona fide and if there are any hidden risks.
You can read Mark's article in full by clicking here to download a PDF version.
ps 3 ways you can apply this information right now to help build a robust due diligence process