Preventing fraud through due diligence

In March 2019, former New York Lt. Gov. Brian Benjamin, at the time a state senator, asked a real estate developer to help procure a number of small-dollar contributions for his latest political campaign. Benjamin’s unnamed contact, who also led a nonprofit organization, later told investigators from the U.S. Department of Justice (DOJ) that he initially rebuffed Benjamin’s request for several reasons: He didn’t have experience “bundling political contributions” in that manner; he was focused on fundraising for his own nonprofit; and any potential donors he could target were the same ones from whom he intended to solicit contributions for the nonprofit. (See “New York Lieutenant Governor Brian Benjamin Charged With Bribery And Related Offenses,” DOJ press release, April 12, 2022.)

Benjamin was undeterred, telling the developer, “Let me see what I can do,” according to the DOJ. About three months later, New York awarded a $50,000 grant to the developer’s nonprofit, a windfall that the DOJ alleges Benjamin facilitated — with the expectation that the developer acquiesced to his request for campaign donations. The developer did just that in an alleged bribery scheme that disguised his illicit payments to Benjamin’s campaign as “donations” made in the names of unaware family members, as well as from an LLC under his control. The alleged scheme was finally exposed, according to the DOJ, when Benjamin failed to meet disclosure requirements for the LLC, the New York City Campaign Finance Board deemed some of the donations as ineligible, and a media outlet published an article questioning the legitimacy of various contributions to Benjamin’s campaign. In the fallout, Benjamin was indicted by the DOJ for bribery and related offenses and resigned his office, and we can presume that taxpayers are on the hook for the tab in Benjamin’s investigation and prosecution. (See “New York’s lieutenant governor resigns after being charged with bribery and fraud,” NPR, April 13, 2022.)

Benjamin’s case isn’t an outlier. A string of recent fraud investigations illustrates the importance of conducting due diligence and the repercussions of failing to do so. These range from the well-publicized fraud trial of Trevor Milton, the founder of electric truck company Nikola; to the lesser-known case of the buyer of a laundry service who failed to dig deep into the business’s financials. (See “Nikola founder Trevor Milton found guilty of fraud over statements he made while CEO of the EV company,” by John Rosevear, CNBC, Autos, updated Oct. 14, 2022 and “Buyer’s failure to conduct due diligence defeats claim for misrepresentation against seller of laundry business,” by James R.G. Cook, Gardiner Roberts, Aug. 20, 2021.)

The latter is a good case in point. In 2019, Chirag Patel agreed to buy a coin laundry business in Ontario, Canada, for C$290,000 — C$100,000 upfront and the rest over time through a promissory note — after the seller told him that the business generated a gross income of C$12,000 a month. The agreement allowed Patel to cancel the transaction if he found this to be false after conducting due diligence within a certain period of time. Patel conducted some due diligence, but not enough and eventually found that the business brought in much less money than he was told. He defaulted on the promissory note and accused the seller of fraudulent misrepresentation. The courts, however, ruled in favor of the seller, rejecting Patel’s requests for further financial records as he had not sought them during the time stipulated in the contract. Lesson learned. (See “Canada Inc. v. Ontario Inc. - court file no.: CV-19-00630443,” Ontario Superior Court of Justice, June 25, 2021.)

Due diligence is an essential preemptive measure against fraud, and failing to apply it can be detrimental. Read on to learn how proper due diligence can go a long way toward preventing fraud, irrespective of the nature of a contract and whether it’s related to a mergers and acquisitions (M&A) transaction, vetting of political appointees, preemployment background or vendor screening.

Levels of due diligence

The nature and extent of due diligence processes organizations employ to mitigate fraud vary depending on their assessment of perceived risks. Organizations commit a common mistake when they apply the same level of diligence to each engagement without taking into consideration the level of risk, type of investment or purpose of the contract.

For instance, when recruiting new employees, the level of diligence should not be the same for an executive position and that of an entry-level position. Likewise, the level of diligence should be greater for a multimillion-dollar investment or acquisition than a smaller one. The following are the most common levels of due diligence:

• Simplified/basic.
• Standard.
• Comprehensive/enhanced.

The checklist dilemma

Due diligence investigations often include accessing and reviewing a number of legal, regulatory, financial, licensing and disciplinary records, as well as various additional government, proprietary and public records. A common mistake organizations make is accessing and reviewing records based on a checklist approach without considering the nature of the industry, or profile of the target personnel (to name a few factors).

Just as an organization shouldn’t conduct the same due diligence investigation on a publicly traded entity as a privately held company, due diligence strategies should be different based on various industry sectors. For example, due diligence on a political candidate should differ from an individual within the investment sector or the cybersecurity industry. Following a checklist of items will limit the due diligence process and could fail to uncover significant findings that could later cause harm to the organization.

Due diligence isn’t simply a checklist or a box-ticking exercise, but rather a process dependent on a number of factors that must be assessed throughout the investigation.

Myopic approach

Due diligence investigations often fail when they take a myopic (i.e., nearsighted, or narrow) approach, focusing on the analysis of partial legal and financial records — and failing to include a number of additional crucial records. Further, a myopic approach often only targets a specific timeline (usually 10 years) and is mainly focused on a certain jurisdiction.

Organizations must take a holistic view and thoroughly assess all areas of risks such as all available legal, regulatory, financial, licensing, disciplinary, political, corporate, strategic, cultural and operational records, just to name a few. Rather than focusing on a specific jurisdiction, your investigation should cover relevant records from all jurisdictions where the target personnel has resided and worked. In the case of a corporate entity, the investigation should include all jurisdictions where the entity operates. Don’t limit your investigation to a specific period — cover all available records dating as far back as permitted.

Many organizations operate under the assumption that public records and traditional media sources include all that’s needed for a due diligence investigation. But reputational source inquiries are crucial. Third-party source inquiries not only verify known facts but often also reveal information that’s not publicly available.

In the case of preemployment background checks, organizations often fail to contact references, assuming they’ll only provide a positive reference. However, some candidates will list important-sounding individuals as references with the hope that the recruiting organizations won’t contact them. Further, references often disclose information that’s not necessarily favorable. In addition to checking references, organizations should, to the extent permitted by law, contact independent references such as industry associates, litigation adversaries and others. These references can provide further insight and information that’s likely unattainable through other resources.

Know your vendor

Perhaps the most critical aspect when conducting due diligence is partnering with the appropriate expert. We’ve seen cases where organizations have partnered with the wrong vendors after failing to uncover obvious red flags. Third-party vendors play a key role in due diligence investigations as they provide the necessary expertise to obtain and interpret information and identify potential adverse records such as prior criminal offenses, litigation disputes or poor credit reports. The reliance on third-party vendors is greater when the investigation requires an international component.

Relying on third-party vendors presents many risks, and they’re higher among organizations that use international third-party vendors and lack access to, or knowledge about, foreign records.

Organizations can mitigate these risks by conducting their own due diligence into new third-party vendors prior to partnering with them. Additionally, evaluate the relationship of existing vendors regularly to assesses their performance and reliability. Prior to engaging a third-party vendor, consider the following measures:

• Inquire about the vendor’s reputations, both locally and globally.
• Ensure that the vendor has an existing ethics and compliance program as well as privacy regulations and policies.
• Ask about the vendor’s anti-bribery and anti-corruption policies.
• Assess how the vendor conducts internal audits.
• Ensure that the vendor agrees in writing to abide by the organization’s code of conduct.
• Carry out a background check on the vendor’s business, ownership structure, executive team and particularly on the employees who will perform the investigation on your organization’s behalf. The vendor may be reputable, but some employees may lack the necessary skills for the job. This is especially problematic when the investigation has been delegated to junior employees with no oversight from management.
• Interview the vendor and inquire about its industry knowledge, and independently verify its credentials. Don’t simply trust all information found on the vendor’s website.
• Request a proposal prior to engaging the vendor. The first red flag is when the vendor immediately accepts a client’s proposed request without providing any recommendations, additional areas of inquiry, or delivering its own proposal.
• Ensure that the vendor is trained to use databases and remains up to date with the changes and security features. This is extremely important, especially for databases that feature several sections. For instance, Canadian Securities Commission databases vary across all provinces and territories; some of these databases contain over 20 sections with specified search criteria.
• Become familiar with foreign records and ensure that the vendor provides clarification on the purpose of each search.
• Request sample reports from multiple vendors for comparison.
• Consider retaining a second vendor for further verification and comparison. This is highly recommended when selecting a new vendor. It ensures that old vendors are providing accurate results.
• Don’t assume that the vendor’s reports are always free of error.
• Don’t accept “no record” for an answer and request a copy of the actual document to ensure the search was conducted properly.

Knowing exactly with whom you’re partnering is not only a good business practice, but also a legal and ethical necessity.

Fraud prevention starts with adequate due diligence procedures and strategies. Regardless of the jurisdiction, it’s best to conduct rigorous due diligence on third-party associates to ascertain their integrity, financial viability, and legal and ethical compliance. Knowing that fraud can take many forms and cause extensive damage, it’s easier, and less costly, to prevent and mitigate the risks of fraud than it is to detect it.

Mandy Yousif, CFE, is COO and partner at consultant Specialty Risk & Intelligence Services (SRIS). Contact her at Mandy.Yousif@sris.ca.