ALM Properties, Inc.
Page printed from: Corporate Counsel
Select 'Print' in your browser menu to print this document.
5 Rules for Better Compliance Questionnaires
Third party due diligence is big business. For companies, third party due diligence begins by considering a business relationship with a third party. The third party will perform some sort of service that the business either cannot or does not want to perform itself.
Rule 1: Avoid Legalese
Don't draft your questionnaire so it looks like a law school exam or like it’s excerpted from the Code of Federal Regulations. Chances are the person filling out your due diligence form is not a lawyer. He or she may not know what your legal and compliance jargon means. If you want good answers, ask good questions.
Rule 2: Be Reasonable
Do you really expect an organization with over 100,000 employees in 100 countries to know if one particular manager in the U.K. is on some local community board part-time? Under the Department of Justice's definition of foreign official, a local community sports organizer may constitute a government official because she technically does work for the city government. Who cares? Be reasonable and proportionate, and focus on the risk to your project and your relationship. Put the “due” back in “due diligence.”
Rule 3: Walk the Walk
Don't ask your third parties if they follow a particular compliance practice (e.g., prohibiting facilitation payments) if your company does not follow that practice. Likewise, don’t ask your vendors for something that you would object to providing to your own customers doing diligence on you.
Rule 4: Get to the Point
One lengthy Foreign Corrupt Practices Act questionnaire that has become compliance officer lore looks like a Myers-Briggs personality test. Keep it simple. Ask what you need to know to evaluate the compliance risk for the relationship and only collect data that's necessary to evaluate that risk. If you’re not going to use the information, don’t ask for it.
Rule 5: Pick up the Phone
Even the best due diligence response will get you only so far. The best way to find out information is to pick up the phone and call the third party. Call their references. Call your operations personnel who may know the vendor well. Explain the due diligence process, the legal requirements, and the risks you are evaluating. When third parties understand the process and your concerns, you get better information. As a bonus, you always find out something that was not in the questionnaire, and you can better gauge credibility.