Printer Friendly, PDF & Email

Third-party due diligence red flags: Now what?

Mariette Cutler ( is Managing Director of Risk Navigation Group Inc. in Chicago Illinois, USA.

Well-designed compliance programs should apply risk-based due diligence to their third-party relationships. The main takeaway from the DOJ guidance[1] is the word “risk-based.” Risk is part of doing business, and eliminating too much of it can hamper company growth. Even if you invest an unlimited amount of money, time, and energy into a due diligence program, you can never eliminate all risks, including third-party risk. There is no one-size-fits-all approach to mitigating this specific type of risk, but there are some things to keep in mind when a red flag does show up in the due diligence process. A red flag does not mean per se that a company cannot do business with the third party; it means does the company want to do business with this third party, given the red flag?

This document is only available to members. Please log in or become a member.