Skip to content


Harry Cassin
Publisher and Editor

Andy Spalding
Senior Editor

Jessica Tillipman
Senior Editor

Bill Steinman
Senior Editor

Richard L. Cassin
Editor at Large

Elizabeth K. Spahn
Editor Emeritus

Cody Worthington
Contributing Editor

Julie DiMauro
Contributing Editor

Thomas Fox
Contributing Editor

Marc Alain Bohn
Contributing Editor

Bill Waite
Contributing Editor

Shruti J. Shah
Contributing Editor

Russell A. Stamets
Contributing Editor

Richard Bistrong
Contributing Editor

Eric Carlson
Contributing Editor

Scott Shaffer: Due diligence will always be a human skill

In the recent Kinross FCPA case, the Securities and Exchange Commission stated that: “Kinross contracted with a politically-well-connected third-party consultant to facilitate contacts with high-level government officials without conducting the heightened due diligence required by the company’s policies and procedures…”

As I have stated in several posts over the years, the need for enhanced due diligence is still critical when engaging high-risk intermediaries. In a time where artificial intelligence and database driven results are capturing the spotlight, there still lies an essential level of due diligence only accessible outside the automation that is being offered by companies who did not know what FCPA stood for ten years ago. 

I will concede that these systems offer a quick and relatively cost effective means of instant access to basic information, but what are you really learning through a cursory review of limited, dated and often self-reported information?

Due diligence, specifically related to investigations, is, and will always be, a skill. Over the past 23 years, I have had the pleasure of working alongside some of the best analysts in the industry, whose ability to sift through an extraordinary amount of information to gather the one nugget of information that leads to relevant secondary discoveries is remarkable. This cannot be replicated by an automated system.

The more difficult challenge is determining when to get investigators involved and what constitutes high risk vs. low risk? You will need to develop a specific risk matrix for your company and your third parties, taking into account government exposure, country risk, political connectivity, and size of the engagement, among other factors. In the above mentioned scenario in Mauritania, you would be hard-pressed to find any risk rating guidance that would recommend any level of risk less than high.

I have reviewed numerous adjudicated FCPA cases over the years, many of which could have been avoided had thorough due diligence been conducted before the engagement. However, we do not live in a vacuum. Often times, the business decision, opportunity, and/or profitability of the potential deal creates a challenging conundrum. When does the risk outweigh the reward?

From an investigative standpoint, our analysis is fairly straight forward. We present the “red flags,” but the challenge falls primarily to our clients to make the real life decision of either moving forward or terminating a potentially lucrative engagement.

Due diligence, done properly, can be a costly, time consuming endeavor. However, the downside of not conducting proper risk-based due diligence far outweighs the time and cost involved.


Scott Shaffer, pictured above, is the Managing Director for the Kreller Group in Cincinnati, Ohio. For the past 23 years he has consulted with clients to address due diligence objectives, customizing due diligence programs for new clients, and analyzing current trends regarding regulatory compliance.

Share this post


1 Comment

  1. Its very much true Scott; specifically in the Middle East and Asian regions there are name variations and thousands of similar names, no centralized databases and this is always manual research with local public record resources. Just desktop and "press-clipping" based due diligence is not an adequate approach and helped to make an informed decision.

Comments are closed for this article!