The Red Flag Group®
compliance screening

Compliance screening


Maximising screening across the entire business

There has been a trend over the last few years for governments to hand over to large businesses responsibilities for protecting people from modern-day slavery. This push on the part of governments has typically been in the form of legislation directed at companies to police their own activity around the use of human capital but also that of their suppliers.

There has been a proliferation of tragic stories about large companies engaging a supplier, who, unbeknown to the large company, has used some form of forced labour in producing the product or service that they have purchased. This has often been seen in the food services businesses and, in particular, the Asian seafood industry. In this industry, stories abound of lowly paid workers from Indonesia (who are often forced to work for little or no salary with restricted movement and limited freedom) providing seafood to various intermediaries in various countries (often Vietnam, Thailand and China) before the seafood find its way to a grocery store shelf in the United States.

Companies have sought to manage these risks by enquiring into their own supply chain, asking their suppliers to confirm that they are paying their workers correctly and, in some cases, sending in auditors to validate such practices. But because of the struggle to trace raw materials back to their original source, buyers struggle to ‘hand on heart’ confirm that there is no potential for the misuse of human rights anywhere in the supply chain. The challenges this places on the end buyer or retailer are significant and certainly challenging to overcome.

Like the various pieces of legislation around conflict minerals, and attempts to restrict the sale of certain minerals mined in conflict zones, various governments have now moved to focus on modern-day slavery. For example, the United Kingdom parliament has enacted The Modern Day Slavery Bill, which requires companies to disclose their efforts on due diligence to eradicate slavery in the supply chain. And it is expected that other countries will follow suit – much like California did earlier with its California Transparency in Supply Chains Act 2010.

While this Act and many like it have been on the books for some time, companies are still trying to work out how to manage the problem. Many are hoping that the issue will naturally go away (much like the conflict mineral issue, which has largely disappeared thanks to a decrease in the conflicts themselves and the removal of rebels).

The United Kingdom Modern Day Slavery Act requires no explicit measures to counter overseas slave labour. It leaves the measures up to the company to determine what is right for their business and supply chain. The Home Office that crafted the legislation believes that it will be an ‘additional burden’ to have businesses audit and report on modern slavery. Despite this, the Act does require ‘big businesses’ to make public its efforts to stop the use of slave labour by its suppliers.

There have for example been suggestions from the United Kingdom Home Office about what ‘big companies’ must do. This includes the preparation of a slavery and human trafficking statement for each financial year, which demonstrates the steps a business has taken to eradicate slavery and human trafficking in its business and supply chains.

Whether the Act applies to a particular business due to its engagement in the United Kingdom and whether it is defined as a big company might be a cause for some review. However, it is certainly good practice for every company to engage in the most basic forms of compliance with this and similar legislation.

It is also best practice that companies report out on the steps that they are taking to eradicate human trafficking. The challenge to date is that most of the efforts to truly root out trafficking in the supply chain have been the rudimentary completion of questionnaires and certifications coupled with a very cheap and inexpensive ‘audit’.

Human Trafficking is organised crime and the traffickers have worked out how to avoid a pesky auditor asking questions in a routine audit. In fact, it has been common knowledge for years in southern China that the auditors sent into audit manufacturing practices are more corrupt than the manufacturers themselves – quite a quandary for the foreign buyer that is truly trying to do the right thing.

Some steps that you can take to maximise screening across your entire business are as follows:

Understand your supply chain

Understanding your supply chain is more than just knowing the list of your suppliers. Knowing your supply chain means that, for every single supplier, you understand precisely the work they do for you, how they do it and what risks that poses for your company. It means that you have thought about the risks in the supply chain from an integrity and values perspective, have documented it and are actively working it. It means that you have a group specifically focused on integrity in the supply chain, that you actively work those issues, manage suppliers and their risks proactively.

Validate and review supplier categories for certain risks at least annually

Your business changes regularly and the need for suppliers also changes. You need to look at the business and where your supply chain is changing every year. You need to think about the categorisation of spend in the suppliers and assess every single category for the most obvious risks that your company faces. If you are hiring large teams in emerging markets, then it might be human rights and trafficking risks. If you are securing rare earth minerals from China, then it might be government controls, corruption or export licences. If it is securing tantalum from a smelter that buys its raw product from Africa, then you might have a conflict minerals issue.

For every single line of expense, you need to have assessed and documented the risks associated with that purchase. You also should keep in mind that the risks change in different subsidiaries, different business units, different industry segments and, sometimes, different countries. You need to look behind the category and look at the actual purchase and know the information of where the actual purchase takes place. You may have identified that certain key supplier categories are high in human trafficking. Buying seafood is an example. However, the reason that you know about this is because of the widespread media attention on this issue. For many companies, you simply won’t have this information at your fingertips. You need expert help to understand the risks as they apply to your supply chain.

Collect information on certain suppliers that are high risk

The information available to most companies about their suppliers is often fairly minimal. They obviously know the type of services or products being provided and their status and costs. However, there is often very little information about how the products or services are provided. This information is often hidden behind the veil of secrecy and is not easily shared by the supplier. The buyer should request detailed information on the supplier on those areas of risk that have been identified as highest priority by the buyer. This would mean asking the supplier about precisely how they, for example, buy their raw materials, how they interact with government, and who manages their import processes. Too many companies ask such open and standard questions in questionnaires that they lose the very objective of what they are trying to achieve. This is when the process of sending a questionnaire rather than the actual value of the information obtained is a priority. The questions being asked in questionnaires need to be carefully considered and the answers useful and reviewed when received.

Conduct due diligence

Relying on the answers given in questionnaires is a risk. Too many companies simply rely on that data and don’t look deeper into the actual supplier. The answers are not often validated independently. Due diligence on the supplier can range in scope and depth. It may even be appropriate in some cases to conduct due diligence on the supplier industry and not the actual supplier. For example, conducting due diligence on the shipment of oil by tankers, or the Indonesian fishing industry.

These reviews of countries, industries or supplier groups can give much needed input into the process. It might mean that the actual due diligence on an individual supplier is either not necessary or is highly targeted at a particular risk. For example, knowing that the Indonesian fishing industry uses labour that is often underpaid and without freedom of movement – the necessary due diligence that might have to be done is, how and when that shipment of fish is passed into another country - through what port … in what circumstances? Knowing the way in which the industry works will help you know how to identify whether your specific supplier is likely to be working in that similar method.

Invest in helping your suppliers

Most suppliers will be local companies in local markets. They may not know the focus and seriousness of the International attention given to supplier and integrity risks. You need to help the supplier know how to handle themselves, how to comply with relevant legislation or how to comply with the policies of your company. Making an assumption that they understand all the risks is misguided. Most suppliers also won’t invest their own money and resources to improve themselves to support the management of your risks. The reality is that you may need to incentivise them to change their behaviours around compliance and integrity.

Certifications from suppliers

Getting a certification from your supplier and relying on that as some form of proof that you have taken all steps to remove the risk that you have identified from happening is simply flawed. This is a classic process step in many supplier risk programmes and, by itself, should be seen as the most basic form of compliance. However, frankly, by itself it is fairly useless. As part of a larger programme, there might be some value in collecting a certification. However, most regulators have much higher expectations. While there is nothing wrong with collecting a certification, best practice is to actually ask useful questions in the certification. Make sure that you actually ask questions whose answers you can rely on (assuming that is one of the reasons for collecting the certification in the first place). The questions should be tough, ones that the person completing needs to actually think about, not just click ‘no’ in the relevant checkbox.

Document and communicate your policies on human trafficking

Human trafficking and protecting human capital is not only a ‘values’-type commitment that a company should make in its values statement, it should also go to the heart of the company in managing its risks. It should be communicated to all stakeholders, the board, the employees, and the customers. You should publicise the work you do to avoid human trafficking or other key supplier risks. You should report out the work that you are doing in your annual report or corporate social responsibility report. Doing so would certainly meet the requirements of most local laws such as the United Kingdom Modern Day Slavery Bill.

Train your people on what to look for

Most people understand the fact that suppliers in the supply chain can raise integrity and compliance issues. However, most people are not aware of what the issues actually are, how they arise and how to spot them. All employees, particularly those that select and manage suppliers, need to be trained to identify and manage risks. These risks could be broad and not totally obvious. Many people selecting a public relations company in China wouldn’t be thinking about bribery risks. Likewise, selecting a construction company in Qatar may have its own risks. While some employees may be aware of the obvious supplier risks (for example clothing manufacturing in China), many would not be aware of how and when trafficking rings operate.

Conduct real audits

A typical response to those that ask about supplier management is, we have audited the company, often as part of an initiative run by a non-government organisation (NGO). But these audits are often cursory at best. They rarely identify any major issues. In fact, some suppliers intentionally allow the auditors to find some smaller issues so that they ‘go away with something and stop looking for anything deeper’. Conducting an audit for trafficking, corruption, bribery, price fixing, and collusion, just to name a few are not simple. They are complex audits that must be done with a clear and deep mandate. The audits must have some real teeth and not just focus on the company itself but look at associated companies, side companies, owners and directors, many of whom handle the illegal activity ‘offline’ and away from the company itself. As mentioned previously, many of these risks are perpetrated by criminals, many of whom are more than capable of obfuscating a junior auditor.


There are always allegations of misconduct in suppliers. Supplier misconduct (often coupled with procurement officer conflicts of interest) is often up there with the highest number of allegations made to confidential hotlines. These issues need to be investigated effectively and quickly. Leaving a matter open after an allegation has been made is a public relations nightmare, particularly if the issue was raised by a whistleblower who feels that they have not been taken seriously . Whistleblower management is key to any investigation. Companies should have great systems to track investigations and have a process by which they conduct investigations.

Prepare your PR machine

It is more than likely that one of your suppliers at some stage will come under fire for either a corrupt payment, misuse of labour practices, poor housing for employees or some other high risk activity. There is no doubt that, as a large company, your engagement of that supplier, no matter how big, will come under question. Even the best compliance programme cannot identify and prevent such activity in every situation. Always work with the public relations department to be ready to answer questions about your engagement of a supplier.

Report out

It is becoming common, as is the case under California legislation and the United Kingdom Modern Day Slavery Bill, that there is an obligation (or perhaps an expectation or preference) that the company provide a report out. The United Kingdom Modern Day Slavery Bill per s54(6) states that such a report must be approved by the board, signed by a director, and published on the company website with a link to the information on compliance being displayed in a prominent place. The expectations are about public disclosure, and companies should get ahead of the curve in doing this before forced to do so reactively.

It is clear that managing the risks of suppliers is a focus for large companies. Those companies that seek to hide behind their suppliers and push their responsibility to a supplier will fail, both under the law (in many situations) and certainly in the eyes of their customers and the community."


Why compliance screening?

Compliance screening is used to identify which customers or potential customers have risk associated with them. The overall aim is to find out whether customers are or could be linked to money laundering, bribery, corruption, terrorism financing, or any other kind of financial crime either now or in the future.

Failing to screen existing and prospective partners against a database can expose your business to risk. This can range from minor annoyances to a damaged reputation, financial losses, sanctions breaches and loss of business. It can even lead to criminal proceedings.

What is compliance screening?

In simple terms compliance screening is a way of ensuring that you are dealing with trustworthy customers/partners. Although screening initially involves obtaining information about the customer or potential customer, the compliance screening process is effective when it is properly set up to assess and respond to risk.

Red flags used to identify risk may include:

  • international sanctions
  • criminal activity
  • terrorism
  • harm the reputation of the business
  • being politically active

Once the initial screening has been done, the business must consider what actions needs to be taken in order to minimise the company’s exposure to risk.

The choices

Compliance screening can be done on a single entity alone or extended to take into consideration the company name, trade styles, CEO names, the names of shareholders and any direct line entities between the company and the ultimate holding company. Compliance screening can be done on entities and individuals which may include watchlists, blacklist, media review, proprietary databases.

In addition to relying on information provided by the customer it can also be advisable to extend the scope of screening to include data from all sources available including negative media. It is also possible to have the data analysed by experts in order to remove any false positives which might appear in the screening process.

The limitations of screening

Long-standing companies may be overlooked in the compliance screening process but even if a company has done business with you for a long time it is important to continue the assessment of their potential risk.

Compliance screening can play a critical role in protecting the business from financial crime, but it is essential that it is followed up with effective strategies to monitor and block financial crime.

Even if the risk is considered to be minimal, all screenings and results should be meticulously logged. This is so that it is easy to provide the necessary documentation to confirm compliance even if it is requested years after the initial screening.