Risk-based Third-Party Due Diligence 

1. Scope of Third Parties*: 

*Understanding the universe of third parties and which ones should be subject to due diligence.

  • Defining Third Parties

    (E.g., joint venture partner, agent, contractor and sub-contractor, distributor)

  • Initial Screening of Third Parties

    The goal of an initial screening is to determine third parties “in scope”.

2. Third-Party Risk Assessment*:

*Assessing the level of corruption risk associated with individual third parties 

  • Key Risk Indicators

    (E.g., geographic location, industry, background and identity of the third party)

  •  Risk Assessment Process 

          (High, medium, or low risk.) 

3. Due Diligence*: 

*Conducting risk-based anti-corruption due diligence 

  • Data Collection 
  • Verification and Validation of Data 
  • Evaluation of Results 

4. Approval Process and Post-Approval Risk Mitigation*:

*Managing the approval process and mitigating identified risks 

  • Approval Process 
  • Post-approval Risk Mitigation 
  • “Tone at the top”. Training.