Risk-based Third-Party Due Diligence
1. Scope of Third Parties*:
*Understanding the universe of third parties and which ones should be subject to due diligence.
- Defining Third Parties
(E.g., joint venture partner, agent, contractor and sub-contractor, distributor)
- Initial Screening of Third Parties
The goal of an initial screening is to determine third parties “in scope”.
2. Third-Party Risk Assessment*:
*Assessing the level of corruption risk associated with individual third parties
- Key Risk Indicators
(E.g., geographic location, industry, background and identity of the third party)
- Risk Assessment Process
(High, medium, or low risk.)
3. Due Diligence*:
*Conducting risk-based anti-corruption due diligence
- Data Collection
- Verification and Validation of Data
- Evaluation of Results
4. Approval Process and Post-Approval Risk Mitigation*:
*Managing the approval process and mitigating identified risks
- Approval Process
- Post-approval Risk Mitigation
- “Tone at the top”. Training.