Picture your commercial landscape in a pre-compliance eraDifficult, isn't it? Such are the intense demands of recent years that it's sometimes hard to remember simpler times.
Accordingly, the number of compliance and due diligence stories on our blog is high. But the sheer abundance and rapid growth of source material to draw on from around the web is so immense that for content providers and consumers alike, doubts that you're missing something are all too common.
But breaking things into chunks can help. So, just for a moment, let's forget about the overarching discipline of government, risk and compliance. We'll discard all internal compliance. And we can turn instead to external due diligence; essentially investigating your third parties, particularly for reasons of reputation risk management.
What are third parties?"Third party" has a variety of narrow definitions in business and law, some implying a layer of separation or distance between two parties.
But in our expanding world of company due diligence, the term has become much broader, extending to any person or entity outside your organisation with whom you have any sort of contractual relationship; and it implies quite the opposite: inextricable closeness, and a closeness that could come under scrutiny either by regulators or by the public – whether the press, social media or your potential market.
These third parties could be your customers, suppliers, agents and distributors, or joint-venture business partners. Indeed, "business partner" could be used as a near-synonym for "third party" in the context of ongoing and significant relationships.
Gone are the days when trade was purely transactional. Delivering private company information and technical solutions used in risk analysis for a quarter of a century, we at Bureau van Dijk can make this assertion with a high degree of confidence.
Ted Datta (right), director of governance, risk and compliance solutions at our London offices, suggests that: "third-party relationships are being – and should be – treated as partnerships." He adds: "Businesses can no longer turn a blind eye when inadvertently and indirectly 'buying diamonds from warlords'."
While this is an extreme example, it illustrates a crucial point: that you have a responsibility for who you do business with. Your third parties' wrongdoings are, by extension, yours in the eyes of anyone taking a view on your business and its conduct.
Damaged reputationsAnd the cost of a damaged reputation can be massive; according to a widely cited study by the World Economic Forum in 2012, more than 25% of a company's market value is directly attributable to its reputation, a terrifying statistic when you consider Warren Buffett's plausible claim that "it takes 20 years to build a reputation and five minutes to ruin it".
This is before you even consider PEPs and Sanctions, and anti-money laundering regulations from the likes of the Office of Foreign Assets Control (OFAC) in the US and similar bodies in the EU. Officially applying to everyone, these currently most directly affect the banking sector and other heavily regulated professions day-to-day. But they're contributing to this climate of heightened compliance and have a clear knock-on effect on anyone banks deal with and lend money to; to renegotiate its banking agreement, one of Bureau van Dijk's clients, a large manufacturer and retailer, had to demonstrate to a very well-known international bank that it had started the ongoing process of performing enhanced and rigorous supplier due diligence, in just one of many recent examples of changing practice.
Ticking clockEven the so-called "unregulated" corporations are bound by related laws on both sides of the Atlantic, such as those on anti-bribery, money laundering and corruption; and, in the informed opinion of Bill Hauserman (right), senior director of compliance at Bureau van Dijk in the US, the clock is ticking for corporates. "It's a question of when, not if, these regulations will apply more widely," he says. "The tide is flowing, so corporations need to prepare."
So how do you find out what your business partners have been up to? And, almost more to the point, how do you establish who your business partners actually are? Or rather who ultimately owns and controls these third parties?
That's half the battle, because sanctioned persons and entities can hide behind cloudy parent companies with complicated ownership structures, something that provides no responsibility buffer to the unwitting.