Supplier and Third-Party Due Diligence

6 Янв

When a company hasn’t performed effective due diligence on the suppliers or third parties they engage with, a number of risks could go unidentified. This article discusses three of the most significant.

Authors: Neal Ysart & John Keough, Clyde&Co


The importance of companies understanding who they are doing business with cannot be understated and whilst it is fair to say that many companies do perform some degree of customer due diligence, what is less clear is the extent to which companies conduct due diligence on the third parties they engage with during the course of operating their business. Examples of third parties include suppliers, agents, distributors, merchandisers, introducers or service providers.

In the Middle East for example, due diligence isn’t always performed when onboarding suppliers or third parties and even when it is, it’s typically uncommon for that due diligence to be periodically refreshed or subject to ongoing monitoring to help detect any new risk issues that may surface during the lifecycle of the relationship. A failure to detect such risks is likely to mean that the risks are unmanaged which could cause significant problems.

Three risk areas where due diligence can really help

1. Economic and trade sanctions may be issued against individuals or companies, whole countries or even particular industries. The bodies and Regulators responsible for enforcing sanctions compliance have a long cross-jurisdictional reach, together with equally expansive investigatory powers. Financial penalties can run into billions, and the organisational disruption together with the effort required to complete remediation activities, is unlikely to be a minor matter.

It’s therefore no surprise that well managed companies want to know for example if a supplier has changed ownership and if the new beneficial owner is subject to sanctions, or would take interest if a supplier was under investigation by The Office of Foreign Assets Control (OFAC) because it was suspected they had collaborated with an individual residing in a sanctioned jurisdiction.

Understanding if your suppliers or third parties expose you to the risk of being caught up in a sanctions investigation or even worse, involve you in a violation, is critical.

Sanctions change frequently and often overnight and the circumstances of suppliers or other third parties can change equally quickly. It is essential that companies refresh the due diligence they perform and monitor for changes on an ongoing basis if they are to effectively manage sanction risk.

2. Conflicts of interest, particularly in the supply chain and procurement areas, also need to be managed. A failure to do so can expose a company to the risk of being implicated in a range of serious issues, including corruption, bribery, fraud and kickbacks.

Performing due diligence on suppliers, other third parties and the employees involved in the relationship can help identify any undeclared connections or provide indicators of potential conflicts of interest.

This is important particularly as in the Middle East, trading relationships can stretch back generations and the parties involved have often become close personal friends, creating tensions when transparent and open procurement rules need to be complied with.

Conflicts of interest are bad for compliance and bad for companies that fail to detect and manage them. Performing due diligence, refreshing it, and monitoring on an ongoing basis can help.

3. Meeting environmental, social, and governance (ESG) objectives is increasingly on the agenda of most Boards and being able to demonstrate that a company operates in a way that is ethical and does not harm the environment is an important component of that.

However, by failing to perform adequate due diligence, a company may not know that it’s supplier sources raw materials from an area where the environmental protections aren’t enforced or when  products are produced in less compliant jurisdictions using forced  or even child labour and breaching Modern Slavery requirements.

Ongoing due diligence, when combined with adverse media monitoring, can help identify issues in a company’s supply chain that may not come to light otherwise as well as give companies an early warning of threats to their ESG status.


For companies that want to reinforce their controls around the suppliers and third parties they engage with, the following three actions will be a sensible start and can help manage some very significant risks.

  1. Review all suppliers and third parties by performing a comprehensive due diligence exercise, and remediate any issues identified.
  2. Periodically refresh that due diligence and put in place ongoing monitoring, which should include adverse media monitoring.
  3. Where possible, consider deploying an appropriate technology solution to help make the process more efficient. This is particularly important for ongoing monitoring and alerting.

If you would like some further help in this area, please contact Neal Ysart, Lead Regulatory & Investigations Advisor at +971 55 138 9250, or your usual Clyde & Co point of contact.

US view

John Keough of our New York office notes that from the U.S. sanctions perspective, Neal’s comments highlight the importance of due diligence in the supply chain.  In considering enforcement or penalties for sanctions violations, OFAC will look to the sufficiency of program of due diligence maintained by the company under review. OFAC has published a number of advisories and guidelines for establishing and maintaining a cost-effective program of due diligence to manage compliance with U.S. sanctions.  Indeed, the OFAC authorities have often stressed that OFAC expects companies not just to perform due diligence for the company’s customer (“KYC”), but to “Know Your Customer’s Customer” (“KYCC”).