[author: Alek Chance, Pacific Strategies & Assessments]
Risk and compliance professionals have long used enhanced due diligence (EDD) as an essential tool to identify critical regulatory risks. Most of the time, the primary drivers of EDD efforts are compliance issues such as those arising from the FCPA or OFAC regimes. However, as the risk and compliance landscape continues to evolve, companies’ exposure to risks arising from sustainability, human rights and social responsibility issues has increased.
Internal and external factors prompt risk management programs to take a broader view of the potential risks posed by third parties, suppliers and other business partners. While it is undoubtedly difficult for risk management programs to pivot, it is important to remember that compared to other information flows, human-led due diligence research ranging from from documentary research to source interviews and site visits, is an agile resource that can filter for a growing range of concerns.
Regulatory changes and sustainability
In the past, sustainability and social responsibility as compliance issues often fell under the category of âsoft rightsâ involving the voluntary adoption of various internationally recognized standards. It’s changing. With the Global Magnitsky Act, the United States added some human rights violations to the topics of its already strong sanctions program. In the UK, the first people targeted under the new post-Brexit sanctions program were human rights violators. New legislation regarding forced labor in supply chains is under consideration in Washington, and the EU is on the verge of requiring large companies to do their due diligence on human rights. human and environmental issues throughout their value chains.
Other recent or upcoming laws in France, Australia, California, the Netherlands, and the UK impose varying degrees of due diligence or disclosure obligations on companies to address human rights violations or abuse. destruction of the environment. These issues are not only more important from a compliance standpoint, but they also have increasing potential to cause serious reputation issues.
Evolution of views on risk management
Another factor pushing for more comprehensive risk assessments is ESG. ESG (the assessment of environmental, societal and governance issues associated with an investment or counterparty) is based on the idea that sustainability issues in the value chain present real material risks in addition to raising concerns. ethical. ESG was originally created as a concept to inform investment decisions. But because ESG assessment frameworks provide such a comprehensive view of risk, they can unify the concerns of many stakeholders under one umbrella and provide the basis for a more integrated approach.
Expanding the Scope of ESD
Human-led EDD has long been the standard for controlling third parties or other companies that pose high or similar FCPA risks. But it is inherently nimble, and with the right due diligence team, many of the research and investigative methodologies used to focus on anti-corruption or enforcing sanctions can be easily adapted to focus on others. issues in response to changing customer concerns.
While FCPA compliance continues to be an important focus of EDD work, many companies are adding other issues to their lists of key concerns. The most common are human rights violations. But EDD reports can, and regularly do, identify a wide range of issues that are increasingly relevant from a compliance perspective. This includes slavery, the rights of indigenous peoples, child labor, land issues, the trade in conflict minerals, war profits, environmental degradation and many more.
Take a risk-based approach
Every third party or supply chain risk management program should ensure that its due diligence provider has the ability to identify sustainability issues. At a minimum, desktop EDD research can be used to explore red flags or gaps in a counterparty’s voluntary disclosures.
A better way is to take a more focused risk-based approach that begins by mapping geographic issues, industries, and transaction types, and then allocates resources appropriate to the level of risk identified. An oil palm plantation in Sumatra presents different inherent risks to human rights and environmental issues than an app developer in Taipei.
Read: US Conflict Minerals Management: Is Your Supply Chain at Risk?
Getting started with a simple geographic or sectoral risk map may be easier than you think. Just as the Transparency International CPI Score or the World Bank‘s Global Governance Indicators are often used by risk professionals as a starting point for identifying location-specific corruption risks, there are many valuable resources available that can be used as a starting point. can identify high sectoral or geographic risks to human rights and environmental issues. Depending on the situation, EDD methodologies can then range from researching recordings and media to collecting comments from human sources, site visits, and in-depth research of public documents.
Exploit an underutilized resource
To be clear, no EDD program can or should develop an ESG profile for a third party, supplier or customer in the same way that an investor analysis company does for a listed company. But as ESG continues to evolve towards a unifying framework for thinking about risk and long-term resilience, it makes sense to use ESD to address emerging regulatory risks and new stakeholder concerns. Most large companies already have FCPA-focused operational programs or similar regulatory concerns. Wherever such programs are limited to looking for âtraditionalâ regulatory risks, they are probably an underutilized resource.
When so much information about potential business partners or investments is derived from voluntary disclosures, EDD stands out as a source of substantive and independently verified information. It will only gain in importance if, as expected, more stringent mandatory due diligence requirements start to emerge in key jurisdictions.
Leveraging Due Diligence to Strengthen Supply Chain Risk Management
See the original article on risk and compliance issues