Integrity due diligence is essential for identifying risks, protecting reputations and ensuring compliance in today’s evolving business landscape, explains Deirdre McGrath
Integrity due diligence (IDD) identifies risks that traditional due diligence might miss by using a risk-based approach to review the compliance and integrity of potential counterparties.
Key risk categories reported on include financial health, anti-bribery and corruption, political connections, environmental impact, reputational risk (e.g. adverse media) and labour/human rights issues.
Trust, reputation and risk mitigation are crucial in today's fast-paced global business environment. Knowing your customers, suppliers or contractors before and during business engagements is essential for making informed decisions and managing risks effectively.
Public scrutiny and evolving regulations are putting increasing pressure on companies to identify and mitigate risks with business partners, including suppliers, customers, agents and employees. These risks encompass sanctions, financial sustainability, environmental impact, forced labour and human rights abuses.
New EU regulations mandate supply chain mapping and human rights risk assessments. For instance, in March 2024, the European Council and Parliament agreed to prohibit products made with forced labour. IDD reviews can identify these risks.
PwC’s 2024 Global Economic Crime Survey revealed that only 50 percent of Irish companies had a third-party risk management programme.
IDD is crucial for risk mitigation, helping organisations understand their counterparties and make informed decisions.
For companies, IDD can identify ownership structures, business activities, clients, partners, financial performance, reputation, misconduct, disputes, litigation, key stakeholders, sources of funds and political connections.
For individuals, IDD can examine career history, corporate affiliations, directorships, shareholdings, adverse media, litigation, financial positions, reputation, financial trends, insolvency, political connections, donations and sources of wealth.
The UK’s Financial Conduct Authority (FCA) recommends open-source internet checks as “good practice” for human resources and high-risk customer research.
Benefits of IDD
IDD is essential for an organisation’s risk assessment process, helping meet obligations related to anti-money laundering, bribery, corruption and environmental, social and governance requirements under the Corporate Sustainability Reporting Directive and other regulations, such as those issued by the Central Bank of Ireland.
It supports due diligence and compliance for mergers, acquisitions, investments and joint ventures. When adverse issues are identified, businesses can make informed decisions to either withdraw interest or implement mitigating procedures to protect their integrity and reputation.
IDD also aids in reputation and brand protection by highlighting risks associated with existing or potential suppliers in relevant jurisdictions. It provides strategic, competitive intelligence by gathering information on competitor strengths and weaknesses, impacting growth opportunities and long-term strategy through industry trend analysis.
In legal proceedings, IDD can play an important part in securing financial orders by identifying evidence to recover misappropriated funds. For higher-risk third parties, IDD can form part of a legal defence, demonstrating that a corporate body took “all reasonable steps” and “exercised due diligence” to avoid bribery and corruption offences.
There are several use cases for IDD, which are outlined below.
Know your client, supplier or employee: Conduct detailed reviews of business partners or potential hires, focusing on key risks such as financial performance, reputation (both positive and negative), and ESG risks.
CSRD: Help clients report using the European Sustainability Reporting Standards (ESRS) and support company and auditor determinations that a topic/sub-topic may or may not be material to a company.
Fitness and probity diligence for regulated firms: Perform background checks on individuals to support initial and ongoing fitness and probity certifications for key and customer-facing roles under the Central Bank of Ireland’s Individual Accountability Framework.
Global sanctions screening: remediation screening, support for sanctions investigations and ongoing monitoring or advisory services for sanctions policies, procedures and processes.
Mergers and acquisitions diligence: Identify information to evaluate businesses, assess potential value, and understand legal risks associated with transactions, including liability, debarment, prior conduct, ownership and management conflicts of interest.
Joint ventures, partnerships, or business alliances: Understand significant risk relationships, especially in higher-risk countries, and assess potential sources of funding, wealth or media findings.
Business divestment: Evaluate who you are doing business with or selling your business to, ensuring informed decisions.
Investigations: Support investigations by identifying personal, business or social connections between various parties of interest.
Asset tracing: This involves identifying assets held by companies or individuals, such as equity, property, and other lifestyle assets. It helps banks pursue defaulting borrowers, supports divorce cases, assists in pre-civil litigation and identifies evidence of fraud or misappropriation of assets.
Looking to the future: recent legislative developments
Companies should be aware of upcoming European directives, specifically the CSRD and the Corporate Sustainability Due Diligence Directive (CSDDD). These directives will increase the focus on due diligence within global operations and supply chains to prevent adverse human rights and environmental impacts. They will also drive more detailed reporting, disclosure requirements and transparency around business processes.
Findings from IDD open-source intelligence searches and related human-sourced intelligence resources can help clients avoid penalties for non-compliance with these new regulations.
These four key steps will help organisations get ready for IDD:
Prepare: start preparing early to ensure compliance with upcoming legislation.
Assess: determine if and how the new legislation applies to your company or group of companies.
Appoint: designate an internal lead or project team to develop due diligence policies, procedures and infrastructure. Ensure timely implementation of necessary changes.
Decide: choose the due diligence process that best suits your requirements.
Deirdre McGrath is a Partner at PwC