Skip to content


Not All Due Diligence Is Created Equally

By GAN Integrity (Updated )

There are many decisions that need to be made when building a due diligence program.

Will your program be centralized or decentralized? Are you taking a risk-based approach? How much budget and resources can you allocate to support this function? These decisions are critical and impact not only due diligence but the effectiveness of your overall compliance program.

The variances between how compliance teams approach these common questions are why not all due diligence are created equally. And while there is no such thing as the ‘perfect’ compliance program, improvements can always be made.

Whether you are building a program from scratch or reevaluating processes that have been in place for years, third parties are typically a top priority for compliance teams and take center stage for good reason. Third parties pose an increasingly significant risk to companies of all sizes and proper due diligence can help mitigate risks and ensure compliance with major regulations like the Foreign Corrupt Practices Act (FCPA).

Components of an Industry-Leading Due Diligence Process

No matter where your strategy stands today, there is likely room for major improvement that can increase your team’s efficiency and better mitigate potential risks for your company. There are three key components to consider when examining your current due diligence processes:

1. Risk-based methodology

Compliance teams should absolutely be taking a risk-based approach to due diligence. Many companies think they are taking a risk-based approach when, in reality, they are not taking it far enough. The blanket approach may seem efficient but it actually causes missed red flags when the process is not tailored to the company’s specific risks. In some cases, a deeper level report is needed. For example, a sales agent based out of Canada and a contract worker in South Africa should receive different and custom levels of due diligence. Having both of these parties receive the same due diligence overlooks potentially critical red flags.

Taking a risk-based approach ensures you are spending more of your resources on third parties with the greatest risk exposure. This allows you to better allocate resources and reduce the number of missed red flags.

2. Best-in-class expertise

Expert opinions and deeper levels of reporting helps your team not miss red flags. Consultants can gather accurate information that gives a more holistic view of a third party’s background and integrity profile. Whether you request level one, two, or three reports, being able to access this advanced and in-depth information is a cornerstone of any advanced due diligence program.

3. Technology enabled solution

Today, only 31% of compliance teams use technology for due diligence process management. This occurs in parallel with increased expectations by regulators that organizations are using technology in their compliance processes. Having a technology backbone gives the capacity to process high-volumes of third parties with ease, the ability to track historical information, and provides a single repository for all information.

Explore the Hybrid Approach

To give compliance teams the automation they need to reduce administrative burden, the risk-based approach they require, and the depth of reporting necessary to not miss any red flags, we partnered with Control Risks. You can read about why we built an end-to-end due diligence solution and understand the shortcomings that surround many current due diligence processes.

If you would like to take a deep-dive, watch the on-demand webinar, Common Due Diligence Pitfalls and How to Avoid Them, for insights into due diligence case studies, best practices, and expert advice.

If you are ready to see what an end-to-end due diligence approach would look like for your company, let us know. We work with numerous enterprise customers that manage thousands of third parties. A proper approach to due diligence can be a game changer for your compliance program.

due diligence pitfalls

Implement a bespoke Third-Party Risk Management solution

View platform

Related reading

Join the E&C Community

Get the latest news from GAN Integrity in your inbox.