Page 1

Simplifying third-party due diligence in a complex world

A challenging landscape Understanding who you conduct business with has become more than just good business practice; it is increasingly becoming a smart compliance imperative. Multinational organizations are rapidly adjusting to enforcement standards according to which companies are responsible for the actions of their business partners and vendors, and need to conduct effective third-party due diligence on them. Be it the Foreign Corrupt Practices Act (FCPA) in the US, the UK Bribery Act or the recently enacted anticorruption regulations in India, Brazil, Russia, China and Mexico, governments are taking clear steps against the practice of making improper payment through third parties. The Criminal Division of the United States Department of Justice (DOJ) and the Enforcement Division of the United States Securities and Exchange Commission (SEC) recently provided guidance on compliance with the FCPA.

• Understand the business rationale for including a third party

in a transaction. You should understand the role of and need for the third-party due diligence to be conducted and ensure that the contract terms specifically describe the services to be performed and the potential risks involved with these.

• Monitor your third-party relationships once they begin. Where appropriate, this may include acquiring and exercising audit rights, updating existing due diligence, conducting regular training sessions and requesting third party to obtain annual compliance certification.

Proper due diligence and monitoring not only helps to reduce the risk of corruption, but can also cut down on fraudulent transactions, embezzlement, conflict of interest, related-party transactions and money laundering. They help a company to safeguard its assets and reputation. Responding to these emerging standards in a standardized and efficient manner is however a huge operational challenge. Management is often challenged by widely varying availability of information across markets and fragmentation of their own internal systems. The question is — how can one create a consistent and, practical diligence process for third parties in New York, New Delhi, Ningbo and Nairobi in order to mitigate third- party risk? While guidance is in the context of anticorruption controls, the principles generally help third parties deal with risk.

Some key points relating to third parties include:

• Understand the qualifications and associations of a third-party

partner, including its business reputation and its relationship, if any, with government officials. The degree of scrutiny should be risk-based, and you should increase your scrutiny if and when red flags surface.

Simplifying third-party due diligence in a complex world





int venture partner


more likely to arise from third parties than from internal staff. of respondents have no systems or processes in place to manage and monitor third-party relationships.

Overcoming obstacles


Consistency Client needs


Our Integrity Diligence teams understand this problem. We help clients design, implement and maintain effective third-party diligence systems around the world. Our offerings are built on our wide and long experience of conducting complex international fraudand corruption-related investigations, as well as fraud and corruption risk consulting projects, in every major market worldwide. Our Integrity Diligence offering is designed to respond to the following needs of our clients

1 Consistency Standardized risk-based procedures for diligence that can be practically implemented wherever our clients do business worldwide

2 Accessibility The ability to continuously update and monitor diligence programs from locals market to headquarters as well as a broad global network of forensic professionals who are located near our clients and their third parties

3 Integrity A careful approach to applicable laws on data privacy and collection in relevant jurisdictions

Simplifying third-party due diligence in a complex world

EY_ID is a technology tool created by EY to help its clients efficiently and effectively address the risks involved in their third-party business relationships worldwide. The tool is a web-based, globally accessible platform and provides companies with the opportunity to collect relevant information about their third-party partners, segment third parties by their level of risk, conduct and document multiple levels of due diligence conducted on these, obtain certifications from third parties and incorporate streamlined approval processes in their operations. It is designed to enhance standardization, transparency and accountability throughout the life cycle of a third-party partnership.

It also offers a highly customizable platform that can be configured to meet your specific program design, including features such as the following: • End-to-end third-party life cycle management in a clientbranded and secure website

• Automated risk-scoring engine and self-directed risk

assessment tool to calculate third-party risk, based on clients’ risk tolerance and priorities

• Highly customizable workflow manager with client-driven approval hierarchy

• Secure and archived repository for third party records, red-flag analyses and approvals

Addressing third-party risk in today’s environment requires a systematic approach, and EY_ID is there to provide the tools.

EY_ID offers advanced dashboards with visual data analytics and an enhanced search functionality.

Simplifying third-party due diligence in a complex world

• Today, EY Fraud Investigation & Dispute Services India has more than 65 thirdof respondents party due diligence specialists with multibelieve risks are more likely to arise lingual capabilities. The in-house team from third parties than from is proficient in English, German, French, internal staff. Spanish, Chinese, Japanese, Bangla and various other Indian languages.









when conducting third-party due diligence Omission of certain key personnel/ shareholders

of respondents have

• An analysis of over 30,000 third-party due no systems or processes in place diligence checks which were undertaken to manage and monitor in the lastthird-party three years highlighted that relationships. almost 50% of cases which were reviewed had red flags.


Commonly raised red flags

of respondents say all of their third parties are required to comply with their companies’ ABAC codes of conduct.

A lack of information or trading history (this factor alone would not rule out start-ups)

A business address in a non-commercial zone or at service office suites

Sector focus Pharmaceutical

Low capitalized company Suppliers with a small capital base acting merely as middlemen for undisclosed suppliers

Oil & Gas

Commonly raised red flags from using forensic data analytics Automobile

Multiple suppliers with same address services SharedFinancial or similar addresses, contact details or bank accounts are potential red flags, as are overly close relationships within a small group of local vendors.

FMCG Multiple payments just below authorized level Evidence of unusual data trends such as split payments to bypass approval thresholds, large numbers of one-time vendor payments to bypass Retail supplier due diligence procedures; duplicate payments; lack of proper supporting documentation around vendor set-up, diligence or payments; and multiple duplication in vendor master files are examples of this type of red flag. Technology

Tampering or irregularities with the tendering process Acceptance of late bids or bids being accepted despite failings in technical specifications or scoring, and bids at or very close to set budgets

Generic description of expense reimbursement claims Text mining within databases to identify “concepts” or generic descriptions can further focus on high risk transactions.

Types of third parties representing the biggest compliance risk 12% Vendor/Supplier


of respondents believe risks are more likely to arise from third parties than from internal staff.


of respondents have no systems or processes in place to manage and monitor third-party relationships.



Agent 57% 9%

Joint venture partner

Source: EY Asia-Pacific Fraud Survey 2013

Simplifying third-party due diligence in a complex world


Our offices Ahmedabad


6th floor, Wing A & B,

2nd floor, Shivalik Ishaan

Oval Office, 18, iLabs Centre

Worldmark 1, Aero city

Ernst & Young LLP

Near C.N. Vidhyalayva

Hitech City, Madhapur

Opp. Holiday Inn, Mahipalpur,


Hyderabad - 500081

New Delhi - 110037

EY | Assurance | Tax | Transactions | Advisory

Ahmedabad - 380 015

Tel: + 91 40 6736 2000

Tel: + 91 11 6671 8000

Tel: + 91 79 6608 3800

Fax: + 91 40 6736 2200

Fax: + 91 11 6671 9999


4th & 5th Floor, Plot No 2B, Tower 2, Sector 126, NOIDA 201 304

Fax: + 91 79 6608 3900 Bengaluru

9th Floor, ABAD Nucleus

12th & 13th floor

NH-49, Maradu PO

UB City, Canberra Block

Kochi - 682304

No.24 Vittal Mallya Road

Tel: + 91 484 304 4000

Bengaluru - 560 001

Fax: + 91 484 270 5393

Tel: + 91 80 4027 5000

+ 91 80 6727 5000

Fax: + 91 80 2210 6000 (12th floor) Fax: + 91 80 2224 0695 (13th floor) 1st Floor, Prestige Emerald


Gautam Budh Nagar, U.P. India Tel: + 91 120 671 7000 Fax: + 91 120 671 7171 Pune

22 Camac Street

C-401, 4th floor

3rd floor, Block C

Panchshil Tech Park

Kolkata - 700 016 Tel: + 91 33 6615 3400 Fax: + 91 33 2281 7750

No. 4, Madras Bank Road

Yerwada (Near Don Bosco School) Pune - 411 006 Tel: + 91 20 6603 6000

Lavelle Road Junction


Bengaluru - 560 001

14th Floor, The Ruby

Tel: + 91 80 6727 5000

29 Senapati Bapat Marg

Fax: + 91 80 2222 4112

Dadar (W), Mumbai - 400028

Fax: + 91 20 6601 5900

Chandigarh - 160 009 Tel: + 91 172 671 7800

Nirlon Knowledge Park

Fax: + 91 172 671 7888

Goregaon (E)

Off Western Express Highway Mumbai - 400 063


Tel: + 91 22 6192 0000

Tidel Park, 6th & 7th Floor A Block (Module 601,701702)

Fax: + 91 22 6192 3000

No.4, Rajiv Gandhi Salai, Taramani Chennai - 600113 Tel: + 91 44 6654 8100 Fax: + 91 44 2254 0120

NCR Golf View Corporate Tower B Near DLF Golf Course

EY refers to the global organization, and/or one or more of the independent member firms of Ernst & Young Global Limited

Sector 42 Gurgaon - 122002 Tel: + 91 124 464 4000 Fax: + 91 124 464 4050


Partner and Head – India and Emerging Markets Arpinder Singh

+ 91 12 4443 0330

+ 91 22 6192 0584

Partner Dinesh Moudgil

Ernst & Young LLP is a Limited Liability Partnership, registered under the Limited Liability Partnership Act, 2008 in India, having its registered office at 22 Camac Street, 3rd Floor, Block C, Kolkata - 700016

This publication contains information in summary form and is therefore intended for general guidance only. It is not intended to be a substitute for detailed research or the exercise of professional judgment. Neither Ernst & Young LLP nor any other member of the global Ernst & Young organization can accept any responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication. On any specific matter, reference should be made to the appropriate advisor.

1st Floor, SCO: 166-167 5th Floor, Block B-2

Ernst & Young LLP is one of the Indian client serving member firms of EYGM Limited. For more information about our organization, please visit

EYIN1502-010 ED NONE

Fax: + 91 22 6192 1000

Sector 9-C, Madhya Marg

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit

Š 2015 Ernst & Young LLP. Published in India. All Rights Reserved.

Tel: + 91 22 6192 0000 Chandigarh

About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

Simplifying third-party due diligence in a complex world

Simplifying Third-Party Due Diligence in a Complex World - EY India  

EY India's third party due diligence team help clients design, implement and maintain effective third-party diligence systems around the wor...

Simplifying Third-Party Due Diligence in a Complex World - EY India  

EY India's third party due diligence team help clients design, implement and maintain effective third-party diligence systems around the wor...