Due diligence turns up a lot of ugly stuff. Sometimes compliance professionals learn too much. In those cases, what should they do? When does a bad fact or tainted deal become a police matter?
The scenario I’m thinking of is quite common and comes in various versions. Here’s one that’s purely fictionalized.
Acme Bricks (an NYSE company that does business in 50 countries) was about to invest in Mozambique, in a private company known as Tijolos de Qualidade (Quality Bricks).
During Acme’s due diligence, it requested and received five years of financial statements signed by Oliver Santos. He was listed on Quality Bricks’ website as a finance officer.
A few days before the deal was scheduled to close, an Acme compliance officer in the U.S. thought it would be prudent to talk with Oliver Santos. She called Quality Bricks and asked to speak with him. After several minutes, she was told, “He is at home due to illness.”
The compliance officer quickly dug deeper. There was no actual “Oliver Santos” at Quality Bricks. With more checking, Acme determined the financial statements “Oliver Santos” signed were fraudulent.
The deal was dead.
Inside Acme Bricks, there was lots of debate. Should the compliance team report the near miss to U.S. authorities and police in Mozambique? After all, the next company might not be so lucky. Speaking up must be the right thing to do.
Or was it?
Could Quality Bricks have links to a criminal gang? What if the gang decided to take revenge on Acme? Would they sabotage its property in other countries, harass its suppliers and customers, or even threaten Acme employees?
There were stories about moles among the police in Mozambique. What details might leak about Acme and its complaints? And, well, Acme wasn’t actually hurt, was it? The compliance department sniffed out the fraud and stopped the deal.
Acme’s final decision? Walking away quietly was the smart move.
Everyone likes to see themselves as strong and courageous. The hero’s journey is in our bones. But sometimes acting heroically — in this scenario, trying to hold fraudsters at Quality Bricks accountable — comes with alarming risks.
In most cases I’ve seen up close, companies that learned “too much” just walked away like Acme did. After a near miss, they moved on, glad to live and fight another day. But companies victimized by fraud or threatened with extortion or other harm sought outside help and protection.
So, maybe the bright line comes when there are actual damages, or credible threats to people or property. Otherwise, say nothing and let the next company fend for itself.
That decision matrix falls short of heroism. So it’s disappointing. But it sounds like good governance and stewardship over corporate property and people.
Still, is walking away from a near miss good corporate citizenship? Is leaving the next company in harm’s way the right thing to do?
Here in the real world, that’s a much harder question.