The difference between database checks and due diligence reports may not be obvious. Both can provide a wide variety of information for compliance professionals during the vetting process, such as a third party’s litigations, political associations and associated corruption cases. Due diligence reports themselves often draw much of their information from databases.
Upon closer inspection, however, the differences in scope and methodology between them becomes readily apparent, resulting in two drastically different products. Database checks are conducted by entering search queries into a database like a government sanctions list and compiling the automatic results. By contrast, due diligence reports are created by research analysts and consist of multiple sources which may include multiple databases, local language media and internet searches and additional research on the third party’s related entities.
While both have their uses, database checks cannot be compared to formal a due diligence report on a third party, as differences in researcher training, research methodology, scope and language capabilities cannot properly account for all FCPA and ABAC risks.
Training: Before information is even gathered for the vetting process, the expertise of the person compiling results from a database check or due diligence report should be carefully considered. Research analysts who have been professionally trained to conduct due diligence reports understand what information is legally obtainable for the purposes of due diligence and know how to comply with international and regional data privacy laws.
Differences in Information Sources & Scope: Although databases contain a vast amount of information, relying solely on them to provide a comprehensive profile of your third parties is ill-advised. If database information is missing or outdated, this will lead to an inaccurate, fragmented risk assessment of your third parties.
By contrast, quality due diligence reports, which use multiple, diverse sources, will cross-reference any past records with current records and account for any missing information by using other, non-database information like court bulletins and media sources. Due diligence reports thus cover a greater scope of risk and can uncover FCPA or ABAC-related risks that have not been included in databases. Additionally, due diligence reports consolidate a large amount of data in context into a single file, allowing compliance professionals to review their third party’s risk profiles holistically and with sufficient context, which is especially crucial for higher risk, international third parties with a greater propensity to violate FCPA or ABAC standards.
Language Issues: Although due diligence reports cannot be substituted with database checks, database checks do have their own benefits and are certainly valuable in the vetting process. They provide almost instantaneous results and are less expensive, which makes them appropriate to provide a quick overview of low risk third parties. Similarly, you may run an initial database check on a lower risk third party as a preliminary measure, and decide whether or not you want to order a due diligence report based on the results returned. After a third party is vetted, database checks are also suitable for the ongoing monitoring of third parties, so you are aware of any risks that arise later for your third parties.
Database checks are therefore useful for the purposes of ongoing monitoring and may provide a good baseline for a preliminary review of some low-risk, domestic third parties. However, for the purposes of mitigating FCPA or ABAC-related risks, due diligence reports are much more appropriate given their scope and methodology.