Conducting due diligence on suppliers

Who needs due diligence?

Anyone trading, regardless of the size, should carry out due diligence. This is to ensure that their business profile and reputation aren’t damaged by being associated with a bad business partner or supplier.

For European companies,  it is a way of enabling businesses to understand whom they are dealing with and whether any trading partners are compatible ethically.

If the third party is based in the UK, it can be comparatively easy to check their records and to conduct a search on them. Further references can also be obtained from competitors and by means of their quality assurance accreditations. On the other hand, international third-party risk can be extremely difficult to monitor and assess.

Effective third-party due diligence

Due diligence should take into account the strategic, financial, legal and reputational risks the company may be exposed to. This step by step guide outlines how to create a due diligence process:

Stage 1 - Research and investigation

The following information should be obtained wherever possible:

  • Company structure and incorporation documents

  • Key shareholders, board members and beneficiaries

  • Disclosures on any political connections

  • Certified proof of any industry standards and compliance with health and safety legislation

  • The financial stability of the business

  • Quality and environmental management systems and documentation to verify it

  • Any Corporate Social Responsibility or Ethical Sourcing policies

  • Trading terms

The due diligence process should include verification of the data presented, e.g. by credit checks, competitor references, public records, online data bases and media reports.

Stage 2 - Watchlist screening

All parties (including associated trading partners and key personnel) should be screened against watchlists of criminal entities, political affiliation, disqualified companies and global sanctions.

Stage 3 - Risk assessment

The risk assessment evaluates the data collected and should take into account specific country and sector risks which may expose the business to money laundering risks. It should also consider the risks which may occur as the result of employees, either in terms of training, skills and knowledge, excessive risk taking, hospitality expenditure or political donations.

Stage 4 – Review

In order to be able to justify the actions taken as the result of due diligence all decisions should be clearly recorded with the rationale behind it.  Third party proofs should be obtained to substantiate data wherever possible. This will also allow the due diligence process to be audited.

Supplier due diligence as a continual process

It is not enough to assume that due diligence has finished once this process is complete. Since businesses and the factors effecting need to change with time, it is essential that the relationship is monitored on an ongoing basis to avoid being exposed to risk. However, once the process is set up it should be comparatively easy to adjust it in response to shareholder demands and changing business needs.