D is for Due Diligence

Due Diligence. It sounds so professional. So significant. It always made me feel that I could just toss it into a sentence and everyone would think I was smart and experienced in such weighty matters. Occasionally, I hear people much less knowledgeable and sophisticated than I am (you can laugh here. I just did.) say “You know before we do that we have to do diligence.” Well they’re not all wrong. Let’s take a close look at what it means. There was a time when I would consult my Oxford English Dictionary. Now it’s pretty much Wikipedia. So here goes: “Due diligence is an investigation of a business or person prior to signing a contract, or an act with a certain standard of care. It can be a legal obligation, but the term will more commonly apply to voluntary investigations. A common example of due diligence in various industries is the process through which a potential acquirer evaluates a target company or its assets for an acquisition. The theory behind due diligence holds that performing this type of investigation contributes significantly to informed decision making by enhancing the amount and quality of information available to decision-makers and by ensuring that this information is systematically used to deliberate in a reflexive manner on the decision at hand and all its costs, benefits, and risks.” Pretty good, right. We DO due diligence to look before we leap. We might taste a food or drink before we order it in a restaurant. Or test drive a car. Or do a background check before we hire someone, especially if it’s for an executive role in the business. In our anti-corruption programs we CONDUCT due diligence on intermediaries and potential business partners to avoid bribery, money laundering and other associated bad acts. We think of it as an insurance policy. But checking out people in advance may have gotten considerable harder in the European Union. The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. At the time of this writing, GDPR is scheduled to become enforceable on May 25, 2018. It does not require national governments to pass any enabling legislation, and is thus directly binding and applicable. Because we are all in this together, I can tell you that I had not until recently considered that GDPR, as currently written, might make it much harder to process criminal background information for purposes of anti-bribery due diligence. So however you DO diligence, this is an area where it has to be done right. Severe fines and penalties await those who fail to give diligence its due! And one more thought. Why wait until an event is on the horizon? Consider building due diligence into the everyday workings of your business. It’s not that hard. Add “ethics” as an agenda topic for meetings and reviews. Even if nothing comes to mind at the moment, it’s a perfect place holder to encourage people to consider the risks. After all, we have chosen to conduct our business the right way – ethically and diligently.