The Red Flag Group®
Compliance and audit in word tag cloud on wooden blocks

Ongoing maintenance options for partner due diligence

Ongoing maintenance options for partner due diligence

Model 1. On-going due diligence

Many companies look at the on-going nature of due diligence and look at repeating due diligence at regular intervals. There are a number of ways that this can be performed, and it depends on:

  • The risk profile of the channel, noting that the risk could now be different to when the last due diligence was conducted.
  • The depth of due diligence done previously.
  • Budget considerations.
  • Timing.
  • What other monitoring methods you are using below.

Models for on-going due diligence as follows:

  • At partner renewal time, conducting a fresh due diligence at the same level as previously offered and requiring that due diligence to “pass” prior to finalising the contract-renewal process. This model is by far the most “complete”; however, it also tends to be the most expensive and can cause issues at renewal time (as orders may be placed on hold pending the completion of the renewal due diligence).
  • Conducting a lower level of due diligence at renewal time (e.g. doing a Low level case when the original on-boarding was High level). This acts as more of a “top-up” for the due diligence process and checks whether the third party has any new media references, litigation or other changes in the interim period that would materially cause a change in the status of the subject company as an “authorised partner”.
  • Having an on-going daily scan across your entire partner community against watchlists and daily feeds of media checks where any hits are immediately sent in the form of a newsletter or “ping” to compliance.
  • To use a questionnaire process to seek confirmation from the partner and to check for any differences compared to the original due diligence. This may be a much cheaper process and is recommended for low-risk partners.

Which model you adopt will depend on the underlying programme that you have in place (i.e. the original due diligence) and also your overall risk tolerance. It will also depend on the renewal model that you have for the contracts. In some cases, partner contracts are “evergreen”, which may complicate the renewal timing. Whether you conduct on-going screening could be as simple as conducting watchlists and media checks in order to see if there have been any recent issues that have appeared after the original due diligence was created.

Model 2. HealthChecks

Differentiated from audits, HealthChecks are “softer” assessments of a partner’s compliance programme. Successful implementation of a compliance programme goes beyond the mere roll out of codes, policies and mandatory training. HealthChecks are designed to test how successfully embedded the culture of compliance is in the partner company. This may involve:

  • Conducting a Risk Roundtable with the partner to highlight risk areas and to ascertain their understanding of compliance
  • Checking to see if compliance training is tracked and renewed across the company.

The deliverables of a HealthCheck should be designed to give the partner recommendations against the gaps identified and a timeframe that they have to work towards an improvement plan.

Model 3. Audits

Conversely, audits are focused on evidentiary documentation and financial transactional review and analysis. Best practices for audits involve:

  • Checking the application and use of Mandatory Development Funds (MDFs)
  • Matching any back-to-back payments to customers
  • Looking at gifts, travel and hospitality
  • Enquiring about use of consultants that assist in sales and marketing
  • Looking at special pricing requests and whether they have been validly passed on to the customer pricing.

The deliverables of an audit are typically not designed to give the partner recommendations (compared to a HeathCheck) but are “internal-only” documents.

Model 4. Training results and effectiveness

Another way of assessing partner compliance is to look at whether they have done any training, and whether that training meets the most basic standards of good compliance training. These include:

  • Direct and non-legalistic tone and language of training
  • Use of real-life and practical scenario-type questions
  • Questions and case studies which are customised to function groups, e.g. questions for salespeople, marketing functions, operations etc.

If the partner has no training processes for its staff, or if training has been given but has been broadly ineffective, then it is clear that the partner is lacking a focus on compliance and risk management. This information can be obtained from the partner as part of a survey or certification.

Model 5. IntegrityCircles®

IntegrityCircles® are casual group-chat sessions conducted by an experienced compliance person, where compliance issues and concerns can be raised in an informal environment in small groups of partners or in on-one-on sessions. These sessions are often conducted as break-out sessions from partner conferences or other opportunities where multiple partners get together.

Model 6. Certifications

Another common method of monitoring your channel partners is to have them certify that they have complied with your compliance standards. Best practices for this include certifying that they have:

  • Abided by your company’s code of conduct and anti-corruption policy.
  • Conducted training on compliance.
  • Conducted due diligence on their sub-distributors.
  • Reported on any compliance issues they have become aware of.
  • Complied with the terms of their contract.

Model 7. Compliance programme review

This is recommended for significant partners who would not ordinarily have due diligence conducted upon them. These companies would be strategic in nature, often large and multinational, with a strong brand and reputation. It is highly likely that these companies would have their own compliance programmes and would be comfortable in sharing this information with you. The best form of monitoring for these partners would be an annual meeting where compliance programmes can be discussed, reviewed and assessed for completeness. Taking this approach is a much better use of time and resources than conducting background checks on a company of this size.