Skip to main content

On-demand webinar coming soon...

Blog

Compliance check: The art of enhanced due diligence for third parties

The most robust defense against third-party risk is a deep dive into due diligence

Jisha Dymond
‪Chief Ethics & Compliance Officer
November 16, 2023

Young employee collaborates with an older teammate on a project.

The third parties your organization does business with can represent significant risk — on everything from bribery and corruption to human rights violations, sanctions, money laundering, and terrorist financing. To preserve your company’s values and ensure compliance with applicable laws and regulations, it’s critical to evaluate the potential reputational risks of working with outside companies. Third-party due diligence helps your organization make informed decisions about whether to engage with a particular third party and how to manage the risks involved if you do.

The U.S. Department of Justice (DOJ) has made it clear that while third-party due diligence is crucial, ensuring a risk-based approach is just as important: the higher the risk, the deeper the diligence required. Applying enhanced due diligence to third parties when your initial risk assessment indicates more scrutiny is needed or red flags have been raised in your initial screening will strengthen your program and allow you to focus on the top risks.  

Let’s take a closer look at what enhanced due diligence involves and why it’s so important in protecting your organization and creating a strong ethics and compliance culture. 

 

Download The CECO’s guide to managing third parties to learn more. 

 

3 tiers of due diligence

To effectively manage third-party relationships, you need to evaluate and manage risk for all the organizations and people you work with — whether that’s your suppliers, vendors, agents, partners, contractors, distributors, or customers. There’s no one-size-fits-all approach to due diligence because third parties represent a wide variety of risk factors for the enterprise. A simple screening may suffice for some companies, while others necessitate a deeper dive.  

We can break down third-party due diligence based on the risk priority level identified during your initial triage: 

  • Tier 1: Screening third parties against global watchlists, often including screening against adverse media and politically exposed persons. It's a baseline for medium- and high-risk third parties and usually sufficient for most low-risk third parties. 

  • Tier 2: Supplementing tier-1 screening with searches of the internet, newspapers, international media, in-country databases, and government records. Use tier-2 due diligence when there are no major red flags, but the third party is in a higher-risk jurisdiction. 

  • Tier 3: Reporting covering the full range of sources, including paid content and retrieval of records if necessary. Tier 3, enhanced due diligence, is the deepest dive and should be used when red flags come up in tiers 1 and 2 or when you’ve otherwise identified higher risk.

For every step in the due diligence process, keep thorough documentation on what you find. You’ll need these records should you have to disclose a violation or undergo an audit.

 

What’s the scope of enhanced due diligence?

As you can see, enhanced due diligence is the deepest level of third-party due diligence, and it requires a greater investment of time and resources on higher-risk parties. Indicators of high risk include the location of the third-party, its sector, the value of your contract, or whether an intermediary is involved, and whether there’s government interaction. For example, some countries involve a higher risk of terrorist financing, and some industries involve a higher risk of money laundering or financial crimes. 

Enhanced due diligence may involve exploring the following factors for the third party in question: 

  • The ownership and management structure of the company

  • The company’s financials

  • Its personnel, especially executive leadership, politically exposed persons, and those with ties to government officials

  • The company’s compliance regime and compliance training for employees

  • Its other corporate relationships

  • Interviews with local sources

This is by no means an exhaustive list. The scope of enhanced due diligence can be extensive since there may be numerous areas relevant for investigation. 

 

Why enhanced due diligence is so important

The global regulations driving third-party due diligence are constantly evolving, with new regulatory requirements every year. Recent resolutions by the DOJ have specifically focused on third-party management, including the expectation that due diligence is not a one-time exercise and, indeed, must be updated during the length of the relationship. In October 2023, the DOJ announced that an acquiring company that discloses potential wrongdoing at a company being acquired within six months of the deal closing date — and fully cooperates and fixes the underlying problems within a year of closing – can presume it won’t be prosecuted by the DOJ. 

Enhanced due diligence is critical to any acquisition to ensure you understand exactly what you’re buying. It also enables you to allocate resources more efficiently. The reality is most compliance professionals have limited resources. Being able to conduct the right amount of diligence to the right risk is key. 

In addition to risk mitigation and building your reputation as an ethical company, there are clear incentives for conducting enhanced due diligence. 

The DOJ National Security Division (NSD), the Department of Commerce’s Bureau of Industry and Security (BIS), and the Department of the Treasury’s Office of Foreign Assets Control (OFAC) have issued joint compliance communications that encourage companies to voluntarily disclose potentially criminal violations to reduce or even avoid their own criminal liability. The latest Tri-Seal Compliance Note describes the incentives and relief each department offers to urge companies to prevent, identify, and remediate potential violations. This includes reducing criminal liability and civil penalties. 

In essence, these US departments have incentivized US companies to implement robust compliance programs and create a culture of compliance rooted in trust and ethical behavior. Enhanced due diligence for third parties is an important element of that culture since voluntarily reporting potential problems caused by third parties can limit your liability while helping to create a more ethical business ecosystem. 

 

Identify and mitigate third-party risk

Third parties are undoubtedly an essential part of being a successful business today, but vetting third parties to ensure they won’t put your organization at risk or compromise on your company values is an indispensable step in creating an ethical and compliant culture. For organizations implementing risk-based third-party due diligence, enhanced due diligence is an important deep dive into your relationships. It provides you with a wealth of information so you can rule out parties that present too much risk, enter partnerships well informed, and continue monitoring those partnerships.

 

For a deep dive into third-party management, download the eBook The CECO’s guide to managing third parties.


You may also like

Webinar

Third-Party Risk

Virtual Lunch & Learn: A deep dive into OneTrust's Third Party Management capabilities

Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.

December 17, 2024

Learn more

Infographic

Third-Party Risk

Rise above risk: Third-party management in technology

November 21, 2024

Learn more

Webinar

Third-Party Risk

Bill S-211: Will you be ready by May 31?

In this webinar, our experts will discuss the Canadian regulation and others like it globally, while providing actionable insights into building a robust and mature Third-party program.

November 07, 2024

Learn more

Webinar

Third-Party Risk

Live Demo EMEA: Building a robust third-party risk management program with OneTrust

Join to explore how OneTrust's TPRM solution can revolutionize your third-party risk management approach. We will cover best practices for implementing and leveraging the software to minimize risks.

October 10, 2024

Learn more

eBook

Third-Party Risk

Simplifying vendor risk management

Streamline third-party relationships and avoid common mistakes in the process.

October 03, 2024

Learn more

Checklist

Third-Party Risk

Essential checklist for simplifying third-party risk management

Third-party management doesn’t have to be a complicated process for your business.

October 02, 2024

Learn more

Infographic

Third-Party Risk

Navigating risk in financial services with third-party management

Working with third parties introduces privacy and security risks, making compliance and business growth a balancing act.

October 01, 2024

Learn more

Infographic

Third-Party Risk

Manufacturing risk: Managing third parties in the supply chain

Third-party management keeps manufacturing operations running smoothly by verifying vendor and supplier compliance with regulations.

September 30, 2024

Learn more

eBook

Third-Party Risk

The complete guide to third-party management

It’s imperative for security teams to implement a holistic approach to third-party management.

September 27, 2024

Learn more

Webinar

Third-Party Risk

APAC - Third-party risk management and due diligence: What’s the difference and why does it matter?​

Join this APAC webinar to learn the unique competencies of third-party risk and due diligence programs and examine when and how to align them to maximize the effectiveness of each.

September 18, 2024

Learn more

eBook

Third-Party Risk

Deploying third-party management to navigate risk across industries

Download this eBook to explore third-party management across industries and key considerations before bringing this approach organization-wide.

August 06, 2024

Learn more

Webinar

Third-Party Risk

Master Third-Party Risk Management with OneTrust: ​Live Demo and Secrets to Success

Join this free demo session to learn the ins an outs of OneTrust’s Third-Party Management solution.

July 02, 2024

Learn more

Infographic

Speak-Up Program Management

Modern slavery: Identifying the signs of forced labor in your supply chain

Looking up and down your organization's supply chain for key indicators is critical to preventing, identifying, and stamping out forced labor.

June 25, 2024

Learn more

Webinar

Third-Party Risk

Third-Party risk management and due diligence: What's the difference and why does it matter?

In this webinar, we’ll discuss the unique competencies of third-party risk and due diligence programs and examine when and how to align them.

May 08, 2024

Learn more

Webinar

Third-Party Risk

Live demo EMEA: Building your third-party risk management program with OneTrust

Join our webinar to learn how you can build an well-rounded Third-Party Risk Management Program that works for your organisation

April 23, 2024

Learn more

Video

Third-Party Risk

OneTrust third-party management demo video

Watch this demo video to learn how OneTrust third-party management helps organizations create resilient, secure, and scalable third-party ecosystems. 

April 04, 2024

Learn more

Checklist

Third-Party Risk

6 steps to effective third-party risk management

See the path to managing third-party risk effectively with a checklist that outlines the six steps for a sound TPRM program.

March 29, 2024

Learn more

Webinar

Third-Party Risk

A look back at 2023 & third-party management trends for the new year

Join this webinar as we discuss key trends for third-party management and lessons learned over the last year.

January 24, 2024

Learn more

Webinar

Third-Party Due Diligence

Best practices for conducting third-party due diligence for ethics & compliance​

Join this webinar for best practices for conducting third-party due diligence for ethics and compliance.

January 11, 2024

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

December 05, 2023

Learn more

Webinar

Third-Party Risk

Elevating third-party safety: The art of TPRM and TPDD integration

Join our webinar to learn the primary goals of successful Third-Party Risk and Third-Party Due Diligence programs.

November 21, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Investigations

Join our live webinar and learn how to conduct comprehensive ethics investigations that are trustworthy and efficient.

September 07, 2023

Learn more

Infographic

Third-Party Risk

What are your third parties not telling you?

Learn how to actively screen and monitor your third parties in the OneTrust Third-Party Risk Exchange.

July 24, 2023

Learn more

Webinar

Third-Party Due Diligence

Driving excellence in third-party risk management: An in-depth look at different due diligence approaches

Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.

July 20, 2023

Learn more

Webinar

Third-Party Due Diligence

A shortcut to third party due diligence fundamentals

In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.

July 13, 2023

Learn more

Webinar

Third-Party Due Diligence

Sanctions and export controls: Ensuring compliance

Watch our live expert webinar on understanding global sanctions and export controls and how to reduce your organiztion's risk exposure and ensure compliance.

June 29, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

Webinar

Third-Party Risk

Bridging the gap: How procurement and InfoSec can work together to reduce third-party risks

Join our upcoming webinar as we explore the pivotal ways procurement and InfoSec teams can collaborate to reduce third-party risks.

June 08, 2023

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

eBook

Third-Party Due Diligence

The global regulations driving third-party due diligence

Download our eBook learn how to start building a robust third-party due dilligence (TPDD) strategy that protects your brand and minimizes risk.

May 30, 2023

Learn more

Webinar

GRC & Security Assurance

Live demo EMEA: How to monitor third-party risks with OneTrust

Join us for a live demo of OneTrust's Third-Party Management capabilities and how  our holistic approach helps you monitor and screen third parties across critial risk domains with up-to-date intelligence.

May 23, 2023

Learn more

Webinar

Third-Party Due Diligence

Ethics live Demo: Third Party Due Diligence webinar

Learn how OneTrust's Third-Party Due Dilligence, backed by Dow Jones, can help provide your business the data it needs to find trustworthy third parties and mitigate risk.

May 18, 2023

Learn more

Webinar

Third-Party Due Diligence

Maturing your third-party due diligence program: Process, data & technology

Experts at OneTrust and Dow Jones discuss third-party due diligence, covering industry trends, challenges, and how to streamline the process with technology.

April 27, 2023 1 min read

Learn more

Webinar

Third-Party Risk

Third-Party management secrets: Aligning risk management and due diligence

Watch this webinar to learn how to align your TPRM and TPDD programs to achieve workflow efficiencies and the distinction between the two discipline areas.

April 20, 2023

Learn more

Webinar

Ethics & Compliance

Unpacking the global third-party due diligence regulatory landscape

Learn how a strategic plan for compliance can help companies eliminate human rights and environmental violations and avoid costly consequences.

March 06, 2023

Learn more

Webinar

Ethics & Compliance

Third party due diligence – A practical deep dive

In this session, we'll look into the scope of third-party due diligence and a deep dive into practical implementation aspects and best practices for organizations.

December 13, 2022

Learn more

Webinar

Third-Party Due Diligence

7 best practices for conducting third-party due diligence for ethics & compliance

Watch this webinar and learn the seven best practices for third-party due diligence. 

January 03, 2022

Learn more