Skip to content
Compliance & Risk

UN Int’l Anti-Corruption Day: The peril of poorly done enhanced due diligence

Thomson Reuters Compliance Learning  

Thomson Reuters Compliance Learning  

With a shifting workforce, disrupted operations, and supply chain issues, many organizations may be compelled to do business with entities they would not previously have considered

With the United Nations’ International Anti-Corruption Day on the horizon, we feature a two-part blog series on the critical issues around enhanced due diligence protocols.


If the world has learned anything during the global pandemic crisis, it’s that the best-laid plans often go awry. We can have high-level people put together well-considered proposals on quarantining, social distancing, mask wearing, and vaccination, but that doesn’t mean the subjects of those plans will willingly adhere to them even if they are for the common good.

The same holds true for organizations undertaking enhanced due diligence (EDD). Well-considered policies and procedures aren’t particularly valuable if they are not executed well or revised when needed in a timely fashion.

Why Is enhanced due diligence harder?

Customer due diligence, generally speaking, is a know your customer (KYC) process undertaken by organizations that helps them verify who their customers are, understand their behaviors, and, ideally, glean risk factors associated with an individual or entity. Enhanced due diligence, as its name suggests, tends to be more involved. Essentially, it means providing extra scrutiny of high-risk customers in an effort to minimize the possibility that an organization could be used by a customer for inappropriate activities such as money laundering, bribery, corruption, or financing terrorism.

While laws like the USA PATRIOT Act, passed in the wake of the 9/11 attacks in 2001, mandated enhanced due diligence by financial institutions, the need for enhanced due diligence protocols is not limited to the banking world. It also tends to surface in mergers and acquisitions, particularly in cross-border transactions where regulatory and compliance risks (and liability for actions that took place before a deal was concluded) can be heightened.

Scrutinizing politically exposed persons

Particularly vexing to organizations are politically exposed persons (PEPs), who are individuals who have a prominent public function, as well as their families and close associates. PEPs also can include both the prestigious individuals that with whom an organization would want to do business as well as those who may be tempted — or whose inner circle may be tempted — to engage in activities that exceed legal limitations.

In addition to evaluating PEPs as customers, corporations may need to consider PEPs who happen to be third parties, such as vendors, long-time business partners, and suppliers. Understandably, in recent months, some compromises may have been made as entities scramble to keep supply chains flowing, workers on the line, and products being produced. An organization unlikely to do business with a certain entity in the “before” times may be compelled by business exigencies to become involved with that entity now.

That adaptability and resilience, however, needs to find its way into EDD processes, too. Work responsibilities and relationships have shifted considerably since global shutdowns began in March 2020. Does your organization’s PEP monitoring reflect the way it currently must conduct business? Is your current workforce sufficiently knowledgeable about your EDD policies and procedures? Are those protocols sufficient given current business conditions and your organization’s present risk appetite?

Even the best trip up

It’s tempting to assume that a reasonably flush organization operating within a highly regulated atmosphere — you know, such as a bank — undoubtedly has solid EDD policies and procedures in place. It may also be worth noting that in June 2020, during what may have been the height of the pandemic, the Federal Deposit Insurance Corporation ordered a bank to revise its customer due diligence program, perform ongoing monitoring of customer relationships, and, on a risk-focused basis, maintain and update EDD customer information. The bank also was directed to step up its suspicious activity monitoring and reporting. At around the same time, another financial institution also was directed to improve its customer due diligence program.

These are noteworthy examples no matter your business. If somehow a bank can get into regulatory hot water for seemingly slacking on its EDD program even in amid a global crisis, other organizations probably can, too. Indeed, the fact that regulators are not necessarily cutting the regulated community any slack because of the general turmoil of the world right now is a point worth remembering as well.

The fallout can be ferocious

All businesses really want to do is get back to work, ideally with some semblance of a pre-pandemic normal. The distraction and expense that could be triggered by even an internal investigation of corruption, bribery, money laundering, or anything like that are weights no executive or corporate board wants to bear right now. Of course, negative fallout and business disruption escalates exponentially should a government inquiry ensue.

Paying attention now to perils posed by out-of-date approaches to enhanced due diligence can thwart the fines, the headaches, the business shake-up, and the reputational blows that could result from a government enforcement action, related lawsuits, and negative media coverage.


This is the first article in a two-part series. Next: The challenge with EDD is how it’s implemented.