How Diligent Is Your Due Diligence Provider?
Authors: Russell Scarcella, Vice President, Exiger & Karen Kelly, Director, Strategy & Development, Exiger
A necessary component of any residency or citizenship by investment (RCBI) program is a comprehensive and multi-tiered due diligence regime. Industry experts agree that this should include engaging international due diligence specialists to perform enhanced background checks on each program applicant. In selecting a due diligence provider, it is important to consider the provider’s due diligence expertise and international reach; however, methodology and operational integrity is equally important. How they ensure all work performed on behalf of the program is done legally and ethically, and how they assess and monitor the integrity of their third-party intelligence resources around the world, are critical aspects in protecting the RCBI program, and the industry, from unnecessary legal and reputational risk.
To perform due diligence at the depth required for RCBI programs, due diligence providers regularly engage with on-the-ground, in-country intelligence resources as an integral part of their process. These types of resources are required to accomplish in-person visits to government offices in order to confirm document copies are authentic, to conduct site visits to verify that a business is actually operational, to retrieve court documents that are not available online, and most significantly, to conduct discreet reputational inquiries of local sources who have knowledge of the applicant or the applicant’s business.
There have been anecdotal but disturbing examples over the years where such inquiries by third-party intelligence resources have been addressed inappropriately or unprofessionally, with disregard for industry protocols, and sometimes even the law. Examples have included disclosing to a source that an individual is applying for citizenship under an RCBI program; causing alarm or attracting attention by acting suspiciously or taking photographs around a private residence; or even paying bribes to local officials for access to information concerning an applicant. Each of these situations is quite serious and endangers not only the applicant, but the reputation of the program and the RCBI industry as a whole.
In order to protect against such rogue behavior, and the risk that comes with it, it is imperative that due diligence providers maintain a comprehensive, documented and defensible protocol for how they onboard, sustain and monitor their relationships with global third-party intelligence resources. This protocol should be tailored to meet the specific and sensitive requirements of the RCBI industry.
A proper third-party relationship management program should include multiple components at the inception and throughout such relationships. It behooves an RCBI program’s leadership to make in depth inquiries across all of the following components:
Comprehensive Background Checks
Background checks go without saying. It is necessary to ensure that any individual or entity that a due diligence provider engages with, has been properly vetted and confirmed to have a clean and trustworthy history, free from criminal, ethical or reputational blemishes that might reflect poorly on the RCBI program in the long term. These checks should at minimum include all shareholders and management of the on-the-ground intelligence resources, so that the due diligence provider has a clear understanding of the people undertaking the sensitive work.
The relationship between a due diligence provider and their on-the-ground intelligence resources is a business relationship. As such, it should absolutely be bound and guided by a contractual agreement setting forth the terms and expectations of the parties. Contractual Agreements are the foundation for enforcing the protocols that are paramount to the due diligence process, as well as clearly defining what is permitted and what is prohibited conduct. Any agreement should include strong language prohibiting bribery or corruption of any kind, regardless of local custom or law.
A non-disclosure agreement should be a necessary part of the contracting documents setting forth clearly that the third party may not disclose to any ultimate source that he/she is working on behalf of the due diligence provider, or any end client such as an RCBI program.
Documentation of policies, procedures, rules and requirements surrounding the relationship, including non-pretexting agreement
All third-party intelligence resources should be obligated to review and acknowledge company policies and procedures (including procedures and obligations forbidding bribery, corruption, and pre-texting – lying or misrepresenting oneself to obtain information or cooperation). Due diligence providers should also have clear data protection policies and procedures to which third-party intelligence resources must adhere.
A formal training program should be completed by all third-party intelligence resources to ensure a consistent and effective understanding of policies and procedures (including anti-bribery and non-pre-texting requirements). The due diligence provider should mandate periodic training refreshes for all third-party resources.
Periodic review of work product through cross engagement with multiple sources
It is important that the due diligence provider continue to ensure the quality and effectiveness of their third-party intelligence resources. This is most effectively accomplished through the periodic engagement of multiple third-party resources on the same due diligence investigation in order to cross-check results. This is a costly undertaking that should be borne by the due diligence provider as a necessary cost of doing business in maintaining excellence in their work product.
Ongoing comprehensive global monitoring
A final, yet vital, component is engaging a systematic, technology-driven method for the continuous and ongoing global monitoring of all third-party intelligence resources. It is essential that due diligence providers ensure a method of monitoring unstructured web content in local languages in all locations where their third-party resources conduct business. Simply screening for hits on PEP lists and watchlists is insufficient, as a third-party intelligence resource can be involved in myriad situations that may call into question the integrity and reliability of their work without rising to the level of landing on a watchlist or PEP list. It is imperative that a due diligence provider stay ahead of any such situation to ensure that credible information is being delivered and to protect the overall integrity of the RCBI program, and of the RCBI industry as a whole.
RCBI programs have an obligation to protect the information provided by applicants while still performing the background due diligence checks necessary to identify red flags and approve only deserving individuals. Both mandates can be met by partnering with due diligence providers that not only have the capabilities to perform these complex checks, but that are also committed to ensuring compliance by all third-party intelligence resources they engage with throughout the course of an investigation. It is incumbent upon any RCBI program that its leadership be proactive in asking questions and learning the details of the third-party relationship management program in place in order to ensure that their due diligence provider is meeting these best-in-class standards.