Third-party due diligence systems are receiving renewed interest in Turkey. An increasing number of companies are adopting compliance programs to create an ecosystem of compliance for both antitrust and anticorruption issues. The companies are opting to invest in these systems due to active local authorities, increasing digitalisation, and to have an adequate control on compliance risk management. A successful compliance program creates an ecosystem of control and scrutiny that inspires a company’s corporate culture. It forms notions of compliance and ethics and affects employees’ behaviours. The compliance program itself consists of a number of tools, one of which is third party due diligence.
The third-party due diligence process is vital in ensuring that the particular distributor, agent, contractor, supplier or service provider is cognisant of the company’s code of business conduct and the potential consequences for violating this code. It is a must-have tool in limiting a company’s risk exposure in observing ordinances such as the US Foreign Corrupt Practices Act and the UK Bribery Act. Third-party due diligence has become an increasingly popular tool in Turkey among companies not even subject to either piece of legislation.
The rise of the third-party due diligence process in Turkey is based on certain incentives. Firstly, there is a commercial case for investing in compliance and third-party due diligence. Robust compliance programs reduce direct costs while increasing a company’s efficiency and transparency. Further, a successful third-party due diligence program is important in preserving a company’s reputation. Studies suggest investing in compliance yields strong returns, and Turkish companies are becoming increasingly compliance-aware to take advantage of this boon to their income.
Secondly, Turkish culture exhibits strong signs of centralised power distribution and collectivism according to the Hofstede model of national culture. This cultural setup permits companies to operate flexibly with significant leadership penetration that result in considerable competitiveness. When used properly, this cultural disposition leads to impressive adherence to compliance programs that come with a clear tone from the top. Turkish companies are particularly responsive to the tone from the top principle. On the other hand, Turkey’s low rankings in the Corruption Perception Index and Human Development Index can increase compliance risks. This likely materialises in employees turning a blind eye to senior managements’ misconduct or refusing to escalate conflicts of interest. Thus, it is vital for Turkish companies to deploy a culture of transparency and escalation to identify compliance issues and retain a competitive edge. Third-party due diligence is crucial to limit and catalogue compliance risks arising out of third parties.
Third-party due diligence is carried out by first ascertaining the potential scope and risks relevant to the third party. The entity’s area of work, known compliance risks in the country, previous reputation, present compliance issues, existing code of business conduct and previous certificates all come into play in assessing whether or not it is safe to work with the third party. While the procedure can vary, general rules exist. The first step of due diligence is to asses the level of corruption risk by considering key risk indicators. These key risk indicators can be identified according to the third party’s business and particular characteristics. To illustrate, a company should consider a contractor’s geographic location before entering into a contractual relationship. To this effect, databanks of Transparency International provide significant added value in determining whether it is safe to conduct business in a particular location. A business partner’s affairs and close relationships with governmental organisations may also be a significant indicator of a corruption risk. Once these factors are reviewed, the third party’s risk is assessed as high, medium or low.
The level of corruption risk is an important part of defining the level of due diligence, as it shows organisations the necessary depth and detail of the process for their particular company. Due diligence begins with the collection of data. Third parties must supply ownership, business, and structure details; financial status; certifications; associated business units; relations with public officials; and other relevant information. After data is collected, it is verified and validated. Companies or third parties can receive help from subject matter experts, if needed.
After the data collection, findings are evaluated and red flags are identified. Red flags do not necessarily indicate obstacles for building a business relationship with a third party. Organisations can protect themselves against corruption risks by taking certain measures. The critical part is ensuring that third-party risks are managed and the expected economic gain is achieved in a sustainable business model with the optimal number of safeguards. At the approval stage, a company decides whether to move forward depending on the business decision they make along with security measures to implement to pre-emptively address any compliance concerns at the onset. These pre-emptive measures include contract clauses granting the principal company the right to audit or commitments executed by the third party to comply with anti-corruption regulations. Regardless of the third party’s initial compliance risk, it is advisable to conduct due diligence procedures at regular intervals to monitor the company’s compliance health. It is imperative to consider that resources spent on compliance programs and third-party due diligence studies return in reduced costs, increased efficiency and reputation. It provides a safety net for both the company and the employee.