By Sanday Chongo Kabange (Hong Kong) and Camellia Xu (Shanghai), The Red Flag Group®
In the wake of the latest events surrounding China’s Huawei Technologies Co. Ltd, the compliance community is once again weighing-in on what constitutes proper due diligence and the roles of ongoing monitoring and repeat due diligence in a compliance programme.
At the request of the U.S. Department of Justice, Canadian authorities arrested Huawei top executive, Meng Wanzhou, alias Sabrina Meng, Cathy Meng and Sabrina Meng Wanzhou, on allegations of fraudulent behaviour; possession of multiple passports/identities; sanction and export controls violations as well as state influence.
Although Meng’s case is taking centre stage in the short term, the backdrop to this case underpins the importance of proper due diligence, ongoing monitoring and repeat due diligence especially in high risk countries such as China and Iran.
The Red Flag Group® has devised some actionable pointers to help businesses navigate through complex integrity and compliance landscapes. These pointers may not necessarily be specific to China or Iran but apply to any jurisdiction and industry considered high risk.
Review your risk exposure regularly. Risks change regularly and are never static. Therefore, review your risk exposure regularly especially if you do business in high risk countries and industries. Regular review of your risk exposure will help you to prioritise and manage them effectively. Your partner may not pose risks during onboarding, but this may change six to twelve months in your business relationship. Thus, reviewing your risk appetite regularly will help you to determine which partners are likely to expose you to risks and which may potentially not. Reviewing one’s risk exposure is an obvious basic practice which every compliance-savvy business should undertake regularly.
Conduct due diligence on ‘questionable’ affiliates, subsidiaries and other related entities. Due diligence shouldn’t end on your key partners you directly do business with. It is highly advisable that you conduct due diligence on your direct partners, their affiliates, subsidiaries, sub-contractors and all influential related principals especially if your key partners have affiliates in high risk countries or have business interests in multiple industries (electronics, pharmaceuticals, finance, extractive industries etc.). A wholesome due diligence is meant to ascertain that your key partners are not using their related entities or shell companies to trade with sanctioned, blacklisted or entities and individuals that are on international watch lists.
Monitor your partners on an ongoing basis. Ongoing monitoring of your key partners will ensure that you are timely alerted when integrity or compliance issues are flagged. You don’t have to wait for an official investigation by regulators or an arrest to act on your partners’ integrity and compliance. Ongoing monitoring solutions are available in the market that can help you receive tailored integrity alerts with customised advice on how to effectively manage the issue before impact. Ongoing monitoring gives you the opportunity to let your partners know that you are constantly keeping an eye on their activities and business practices, which enhances ethical conduct and behaviour.
Repeat due diligence. Repeating due diligence is not only a business good practice but also helps you to understand the risk and integrity profile of your partners. Repeat due diligence gives you an opportunity to get on top of your third parties’ conduct and take decisive decisions against partners that may expose you to risk or do not adhere to your policies. Given that initial due diligence reports are immediately dated, in the sense that the information is useful but is only a snapshot in time, repeat due diligence enables you to keep things updated in tandem with current compliance landscape and business environment. Repeat due diligence also gives you an opportunity to raise or lower the scope based on changing factors such as your partners’ risk profile, business continuity, financial stability and operational status among others. For instance, during onboarding due diligence you may conduct basic screening and media research on your partners but raise the scope during repeat due diligence to include elements such as UBO, corporate registry verification, reputational enquires, peer benchmarking, site visits and litigation checks. Regulators strongly encourage businesses to regularly conduct repeat due diligence on their partners to ensure compliance with prescribed laws and regulations. It goes without saying that repeat due diligence offers an effective defence in the event of third party misconduct.