Scott Shaffer: Due diligence still needs the human element
Wednesday, May 3, 2017 at 7:28AM
Scott Shaffer in Artificial Intelligence, Due Diligence

Over the past 10 years, I’ve seen many new firms enter the FCPA due diligence space. They're often big data companies commoditizing the investigative field.

These firms use technology to expand outside of their niche, into the domain of investigations and licensed private investigative agencies, whose entire business model focuses on investigative analyst-led research.

I'm the Managing Director of a firm in the last-mentioned category, and I am biased.

I believed 20 years ago and I still believe that no amount of automation can or should replace the human element, especially when it comes to investigative due diligence.

The availability of information at our fingertips today is overwhelming. But if you don't have the skill set (and believe me, research is a highly technical skill) or the time to sift through the extraordinary amount of information, how can you possibly make a credible decision based on it?

Raw data has limited value if it is not presented in an easy to digest, logical manner following a thorough analysis. A trained investigator has the experience necessary to process and categorize the information they are reviewing and they know which rabbit holes are worth pursuing.

As a result, their review may uncover red flags which require research beyond the original scope of work. Red flags which would not have been uncovered through automated processes. 

Further, to thoroughly research an international partner, local investigative sources must be utilized. Only a handful of locales around the world have database access to corporate registration, criminal/civil court filings, and regulatory agencies. Therefore, in order to conduct research of official and up-to-date records, you need to conduct on-the-ground research using trusted and knowledgeable local sources.

Database records often contain inaccurate, incomplete, out-of-date or self-reported information. This is not to say that database information has no value. Many third-party transactions fall into the low risk category and, for low risk engagements, it is a cost-effective source of information. However, for high risk engagements, it is not prudent to rely solely on such sources.

We recently completed a series of “test” cases using subscription-based database services only, without the assistance of a human analyst. We compared the results of the test cases with our manual (human-led) research.

Although some of the cases were fairly similar, others were drastically different. Adverse media items were missed, political exposure was not addressed, and countless legal filings were not found. 

You could argue the significance of these findings. If one additional adverse media article or litigation record was found, would that change the risk profile of a given third party? Well, the answer is that it depends entirely on what is found. It could be significant if the media article or litigation record relates to fraud, corruption, or government exposure, etc.

I have reviewed many adjudicated FCPA cases. More often than not, had thorough due diligence been conducted on the parties involved, serious red flags would have surfaced. And although having this knowledge does not guarantee that a given company will, or even should necessarily, disengage from the situation, it allows them to consider the challenges and possible consequences of the engagement. It gives them the opportunity to consider their options and potentially mitigate the risks; it gives them the opportunity to protect themselves and the company.

If the day comes when a database solution is able to replicate an analyst-led investigation at the push of a button, I will need to find my second career. But I’m not concerned. There are enough corporations that still consider well-written, expertly produced, specifically sourced and critically reviewed reports a mandatory component of their compliance program. And there's plenty of regulation and enforcement to justify the consideration.


Scott Shaffer is the Managing Director for the Kreller Group in Cincinnati, Ohio. For the past 22 years he has consulted with clients to address due diligence objectives, customizing due diligence programs for new clients, and analyzing current trends regarding regulatory compliance.

Article originally appeared on The FCPA Blog (
See website for complete article licensing information.