Third-party due diligence red flags: Now what?

Mariette Cutler (mariette.cutler@gmail.com) is Managing Director of Risk Navigation Group Inc. in Chicago Illinois, USA.

Well-designed compliance programs should apply risk-based due diligence to their third-party relationships. The main takeaway from the DOJ guidance[1] is the word “risk-based.” Risk is part of doing business, and eliminating too much of it can hamper company growth. Even if you invest an unlimited amount of money, time, and energy into a due diligence program, you can never eliminate all risks, including third-party risk. There is no one-size-fits-all approach to mitigating this specific type of risk, but there are some things to keep in mind when a red flag does show up in the due diligence process. A red flag does not mean per se that a company cannot do business with the third party; it means does the company want to do business with this third party, given the red flag?

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field