With the continued growth of new laws and regulations to combat risk and compliance risk, due diligence has become an even more important process to not only undertake, but to get right.
’Due diligence’ is a combination of the words “due”, derived from the Latin word ‘debere’ which means to owe, and “diligence”, derived from the Latin word ‘diligentia’, which means carefulness or attentiveness.
Operating globally has far-reaching implications for any company. Whether the company is undertaking a merger, acquisition, carving out or spinning off a business, or simply onboarding new customers, its legal counsel will need to perform due diligence work to reveal potential legal liabilities and to confirm the identity of customers and suppliers.
International due diligence does however introduce a host of complexities for law firms, legal counsels, and their teams in that lawyers for companies that transact business internationally need to be cognisant of different jurisdictional requirements, laws, regulations and informational requirements that require special consideration when pursuing a transaction.
One specific challenge in certain jurisdictions is strict privacy rules that restrict the availability of public information. Most jurisdictions have their own systems of verifying the registration of companies – frequently accessible online, but there are obstacles that apply to the retrieval and interpretation of these documents, i.e., document naming convention differs across jurisdictions; translations are often required; the information required may not match one-to-one and additional documents may be needed, etc. Performing due diligence is ultimately about judgement and experience, and there are no shortcuts to doing it properly. Therefore, when doing due diligence in difficult jurisdictions, all records, including public/official records, should be approached with a heavy dose of scepticism.
Failing to conduct timely and sufficient due diligence can result in enforcement actions by local government authorities. For example, in November 2021 the Hong Kong Monetary Authority imposed pecuniary penalties of a total of HKD44.2million against four major banks for deficiencies and failures in performing due diligence on their customers, and in the US in March 2022, the Financial Crimes Enforcement Network (finCEN) and the Office of the Comptroller of the Currency (OCC) levied a USD140million fine against USAA Bank for failing to conduct appropriate customer due diligence.
As the world faces ever-increasing global conflicts, risks and uncertainties, organisations are more than ever compelled to refresh and strengthen their compliance and due diligence capabilities. Some companies might use a murky organisation structure to hide their ultimate beneficial owners, but a thorough due diligence exercise can often pierce the veil and allow clients to make more informed decisions. Due diligence is not only useful in finding suspicious links, but also in unravelling the truth behind an overly rosy picture. The challenging COVID-19 environment has also generated new avenues for money laundering and financial institutions should take these risks into consideration in assessing and updating their customer due diligence compliance programs and monitoring for suspicious activity.
With the importance of carrying out effective due diligence in mind, let’s have a look at five steps that you can take to help improve your due diligence processes.
Step 1: Verify customer identities:
Ascertain the identity and location of the potential customer and gain a good understanding of their business activities. This can be as simple as verifying their legal name and registered address. However, with increases in online fraud, collecting more information or running additional identity checks might also be advisable. Companies and other legal entity customers also require verification (e.g., business registration numbers; key management etc.) to ensure the legitimacy of the business and that the account holders have the proper authority to act on behalf of the business.
Step 2: Activity Monitoring
Customer due diligence is not only about getting to know the customer, but also checking and monitoring their activity regularly for AML (Anti-Money Laundering) and CTF (Counter Terrorist Financing) purposes. This monitoring must be ongoing and take customer’s account activity and KYC (Know Your Customer) compliance updates into consideration. Always ask yourself about the plausibility of the information gathered. Remember this is not a ‘tick box’ exercise- each customer should be assessed on their merits and all appropriate enquiries should be made and verified.
Step 3: Don’t ignore Red Flags
It’s not just attributes of the customer relationship or their account activity which could raise suspicion, the customer’s behaviour during account opening and due diligence information gathering could also reveal red flags.
Step 4: Document Everything
It is vital that you document everything that takes place. Documentation needs to be:
- in a digital format
- in one place
- easy to access
Keeping records of all the customer due diligence performed is not just necessary for future regulatory obligations. It also means you can interrogate the records and re-run and re-analyse situations to decrease risk, improve performance and better guard against problematic accounts.
Step 5: Use Technology
There are a number of technology solutions available to the market to assist with your due diligence – but they often come at a hefty price and also potential risk with accuracy. However by investing in a good technological solution, you can potentially save costs, and enable your employees to focus on more strategic tasks. Good due diligence technology should allow you to pull other due diligence data from external sources; and then combine all that data into a complete customer risk profile in a short timeframe. However, it is often not a complete replacement for human knowledge and analysis. Data analytics should also allow for better reporting, auditing, and training for your employees.
The regulatory expectation that compliance programs of organisations remain effective in the face of new global developments remains strong, and institutions must carefully assess the risks they face, understand whether their compliance programs are equipped to address those risks, and be proactive in remedying any gaps, deficiencies, or other challenges.
KorumLegal has a platform of top-quality, experienced legal consultants in the field of compliance and due diligence who can assist with the assessment of heightened risks in this testing environment. Our legal and compliance professionals on secondment help you get more done without overloading your team. Whether you have a short-term gap or need longer-term team and cost flexibility we have the perfect professionals for you.
Please get in touch with KorumLegal should your team require an extra set of hands.
For further information, please contact:
Charné Van Biljon, Korum Legal