Often Third Party Assessements (‘TPA’) largely focus on verifying the veracity of (company) registration data and screening involved entities and individuals against watch lists. Frequently a TPA also includes reviewing local regulatory data and media. If derogatory information is found in the process there is little ambiguity on the consequences; these are, what we could call the ‘hard red flags’.
Such basic verifications which can be largely automated mainly fulfill a ‘check the box’ compliance role as these will not uncover the more sophisticated third parties trying to avoid detection. In practice, we encounter third parties that easily pass any of such standard (‘level 1’) screening while we know for a fact that we’re dealing with vehicles only used to funnel the proceeds of corruption to the ‘right’ individual.
In order to detect these more sophisticated, but unwanted, third parties, the screening needs to move beyond the basic ‘who’ and ‘what’ questions and should include a focus on the ‘why’ and the ‘how’:
- Why are these individuals director(s) and shareholder(s)?
- How are they involved in this business, who are the other employees?
- How does the media and business profile of this third party fit with their official narrative?
- How does their business process work and how do they make their money?
- To what extent are these findings mutually consistent and congruent within the sector and the country?
The research thus becomes more analysis rather than simple fact checking; it becomes an art where consistency and rationality form the yard sticks. And instead of the mere presence of a derogatory fact, the absence of a rationale and inconsistencies form the key red flags.
To give one example, in a particular case we noticed that a percentage of shares in a Moldovan Bank were transferred to an otherwise unknown Russian female. While we were able to confirm her identity after some research, we did not find any media or business profile and were unable to answer why she became a shareholder and how she had obtained the wealth needed for the acquisition of the shares. When further research showed that from the moment she obtained the shares, she provided a power of attorney for all shareholder meetings to the sister of the suspected real UBO, we were finally able to understand what was going on and to advise our client accordingly.
Hence, the art of screening is knowing how to apply soft red flags, proceeding from the right questions and analyse the available data rather than screening on derogatory facts only.
Or in other words, to really get to know the customer (or supplier, business partner, et cetera). And if the ‘why’ and ‘how’ questions cannot be answered consistently, it is time to revisit the on-boarding decision of the third party in question.
(slightly altered from my original post on LinkedIn published on 3 July 2017)