Many companies moved to centralized operating models in response economic challenges. Ongoing financial pressures led companies to focus on achieving maximum value at minimum cost in back-office operations. The trend - which started in HR and IT departments - eventually grew to encompass procurement and risk management functions as companies grappled with complex, global supply chains and the evolving - and expanding - burden of regulatory compliance. But is centralized due diligence the best approach to mitigating third-party risk?
What Centralization Brings to the Table - and What It Leaves Off
In addition to potentially reducing operational costs, centralized due diligence offers several advantages. With a centralized approach, companies develop a clear, well-documented catalogue of the strategic, financial, regulatory and reputational risks that must be managed. This is particularly helpful given that compliance requirements are always changing. It also allows companies to level-set expectations surrounding acceptable risk across their global organization.
In addition, centralizing risk assessment, due diligence and monitoring at a single location - most likely corporate headquarters - often means a higher concentration of staff members with expertise in the regulatory landscape, as well as in risk assessment and identifying red flags in due diligence research. It also means that senior level executives are closer to the front line, which improves transparency, heightens awareness of risk, and facilitates budgetary support when risk red flags indicate the need to add internal compliance staff or contract for outside resources.
But keeping everyone on the same page - when a company's operations take place around the globe - can be difficult. Different divisions of a global organization often need to execute their own third-party agreements for efficient operations. A centralized team may lack the cultural awareness, face language barriers or be unable to conduct due diligence quickly enough to meet local needs. In a decentralized approach, local due diligence staff are ideally situated to assess the demeanor of a third-party interviewee; they understand the local market and common practices. Ignoring such on-the-ground expertise in favor of a centralized process can lead to missed opportunities.
Yet a decentralized approach is not without its own problems. Companies moved to a centralized approach to reduce operational costs; a widely distributed, decentralized approach can be a costly proposition. In addition, the issue of accountability represents a potential problem. Decisions that take place downstream from the chain of command can come back to haunt you. Several years ago, Alcatel-Lucent paid $137 million in FCPA settlements after the SEC and DOJ found the company lacked oversight into personnel who were "more interested in obtaining business than ensuring that business was won ethically and legally. (US v. Alcatel-Lucent, S.A., Case No. 10-20907 (S.D. Fla. Dec. 27, 2010) at Paragraph 29)
And even if a company doesn't get caught up in an enforcement action, the C-suite and board members can still find their feet held to the fire over reputational damage that takes place when the supply chain breaks down or allegations third-party use of forced labor surface.
A Hybrid Due Diligence Strategy Offers the Best of Both Worlds
It may help companies to think about due diligence in terms of constructing a building. You can't add siding to a house before first building a framework. In terms of due diligence, the framework is the centralized part of the structure. Centralized due diligence allows companies to create defensible programs based on an objective, thoroughly-documented strategy that sets forth standards for ethical conduct, regulatory compliance and risk-based due diligence and monitoring. By having this top-down vision in place, employees around the globe understand that the commitment starts at and is supported by corporate leaders.
A framework alone, however, can't provide the needed protection - whether it's a building or a due diligence program. That's where decentralized due diligence steps in. Regional employees must be a part of the process to ensure due diligence takes place with greater efficiency and insight into local needs. This type of 'coverage' over a robust framework education, training and detailed expectations optimizes due diligence and monitoring efforts. When this takes place in combination with centralized oversight, companies are better able to mitigate risk in a timely, cost-effective manner. Is your current due diligence strategy built for success?
Karen E. Gray is a 22 year LexisNexis veteran, Karen is a Sr. EDDM Specialist. Karen serves as LexisNexis' expert and central point person for all due diligence and third-party monitoring solutions. She is a resource for Benchmarking, Market Intelligence, Strategic Category Management, and Vendor Selection, and focuses on efforts to improve profitability and cash flow, risk mitigation and operational efficiencies with regard to vendor selection and monitoring.