In anti-corruption and anti-bribery compliance, what does the process of 'due diligence' primarily entail?
Select an answer to reveal the explanation.
Short Explanation and Infographic
Let's say you're about to partner up with a new distributor in another country. You don't know them from Adam. If they go out and bribe a government official to get a contract, your company could be on the hook for millions in fines under the Foreign Corrupt Practices Act (FCPA). That's why you perform due diligence. It's your homework. You investigate their background, check their relationships with government officials, and monitor what they do. You can't just take their word for it, and you definitely can't ignore the risks. Trust me, due diligence is your shield against massive anti-corruption penalties.
Full explanation below image
Full Explanation
In anti-corruption compliance (under laws like the US Foreign Corrupt Practices Act and the UK Bribery Act), due diligence is the investigative process used to assess the risk profile of third parties before and during a business relationship. Option A is correct because organizations can be held liable for bribes paid by third parties acting on their behalf. Due diligence requires gathering information, assessing risk, and monitoring third-party activities to prevent corruption. This process should be risk-based, meaning higher-risk regions or business structures require more extensive scrutiny. Due diligence typically involves background checks, questionnaires, reference checks, and financial monitoring. Option B is incorrect because anti-corruption laws do not prohibit international business, but rather require that it be conducted ethically and legally. Avoiding all international trade is an extreme measure that is unnecessary for compliance. Option C is incorrect because paying facilitation payments without questioning is a major compliance risk and is illegal under many anti-corruption regimes (such as the UK Bribery Act) and highly discouraged under the FCPA. These payments, often called 'grease payments,' must be strictly controlled and phased out. Option D is incorrect because self-certification and reputation are insufficient; due diligence requires independent, risk-based verification to show that the company took reasonable steps to prevent corruption. Relying on reputation alone does not meet regulatory expectations. A thorough due diligence workflow is not a one-time event; it is an ongoing process. Throughout the lifecycle of the business relationship, compliance teams must periodically refresh their checks, monitor transaction records for red flags, and ensure that the third party continues to adhere to the company's code of conduct. This proactive monitoring provides the company with a strong defense if a third party engages in corrupt behavior.