By Sylwia Wolos, Chief Strategy Officer, Ground Truth Intelligence
As we step into 2024, we contemplate three major themes for due diligence that will have an impact for compliance professionals in the coming year.
1) Growing regulatory pressure on supply chain due diligence
Last year the US passed the Uyghur Forced Labor Prevention Act with the New York State Fashion Sustainability and Social Accountability Act on the horizon. In Europe, the EU Corporate Sustainability and Due Diligence Directive (CSDDD) will impose heightened obligations on companies to conduct thorough due diligence, aiming to prevent adverse environmental and human rights impacts across their value chains. Non-compliance is anticipated to lead to substantial penalties for businesses lacking robust and justifiable due diligence programs. But what will an effective due diligence programme entail under the CSDDD or similar legislation, and how will this affect due diligence in 2024?
Questionnaire-based due diligence has already undergone an overhaul. Traditionally, the bulk of supply chain due diligence has focused on standard questionnaires sent to suppliers requiring them to confirm their working conditions, policies and other aspects of their operations. Instead, implementing a risk-based approach is now the preferred option and will also ensure compliance in the context of ESG legislation. Identifying and categorising higher-risk partners or those that operate in regions with identifiable issues with respect to human rights and the environment and following up with an enhanced due diligence process for those who warrant it is a necessary and robust approach.
The CSDDD also places a responsibility on companies to prevent or minimise adverse environmental and human rights outcomes caused by partners or members of their value chains. In cases where a partner in the value chain is identified as causing a negative impact, the directive encourages continued engagement and remediation efforts rather than terminating the business relationship.
To address these issues effectively, strong communication and a well-defined plan are necessary. Further targeted, ongoing due diligence is required to monitor compliance with the plan and evaluate the effectiveness of measures taken. Public disclosures and attestations submitted by partners should be carefully monitored, but on-the-ground research is likely to be a crucial part of the confirmation process, protecting businesses against false claims.
2) Streamlining cross-functional teams for maximum efficiency in 2024
For many years due diligence programs have focused predominantly on anti-corruption risks, a task not without its challenges. With regulators now requiring due diligence on additional upstream business risks–cybersecurity, sanctions, and human rights, to name just a few–compliance teams will need to deliver better-quality due diligence information, in the most efficient way possible. Consolidating risk management between upstream operational risk (e.g., a focus on suppliers) and downstream distribution risk (e.g., a focus on corruption) will be necessary.
To achieve this at the scale required, businesses must consider how to aggregate cross-functional teams for maximum efficiency in 2024. More mature businesses will not set up separate functions for the different types of due diligence but will increase the responsibility and scope of existing compliance or third-party risk management teams.
To support this evolution, an enterprise due diligence solution will need to be enhanced to incorporate capabilities that include:
- An ability to integrate data from multiple sources and in multiple formats
- Strong data analytics and risk scoring, so you can identify high-risk third parties quickly
- Due diligence and monitoring procedures that fit seamlessly with other parts of your business
- Rules-based automated due diligence workflows
- Holistic reporting capabilities
3) Using AI as part of the due diligence process
It’s likely 2024 will be the year we see the AI co-pilot emerge in GRC platforms, and rightly so. The routine nature of many due diligence tasks makes them an excellent candidate for the advantages that AI can bring. But before the true benefits can be realised, there are some factors to consider.
Privacy emerges as a primary concern given the extensive data available for collection in due diligence. While human intelligence analysts grapple with cognitive limitations in analysing the vast information landscape, AI offers a promising avenue for automating processes including data collection and noise filtration. However, the prospect of automation raises privacy concerns, particularly the risk of indiscriminate data harvesting. Striking a balance between harnessing AI for efficiency and protecting individual privacy becomes a pressing conundrum. Addressing this dilemma requires the establishment of well-considered and robust regulatory frameworks, which are expected in the foreseeable future.
The presence of misinformation introduces an additional level of intricacy when considering the use of AI. Whether within corporate intelligence or broader informational realms, the task at hand is distinguishing reality from fabrication. Disinformation not only impacts political scenarios but also poses a threat in business investigations, where inaccurate details can lead analysts astray. Unlike an analyst capable of grasping the subtleties of a text, artificial intelligence may not easily differentiate between trustworthy and unreliable sources.
So while 2024 will see great steps forward in the incorporation of the AI compliance co-pilot in many processes, the role of the human at the helm has never been more critical, especially when it comes to due diligence.