We continue our celebration of all things Star Wars; at least as they pertain to the original trilogy, as today we honor Episode V – The Empire Strikes Back, which is my personal favorite of the original three movies. The film begins with a cool battle on the ice planet of Hoth and has some great HR lessons as Darth Vader executes officers for work place failures; demonstrates some dangers involving ineffective training for Luke Skywalker on the tropical plant of Dagobah, where he travels to learn under the Jedi master Yoda who utters the immortal line “Try not! Do, or do not. There is no try”; and ends in Cloud City, a floating gas mining colony in the skies of the planet Bespin run by Han Solo’s old buddy, Lando Calrissian. It also has one of the greatest movie lines of all-time, thundered by Darth Vader to Luke Skywalker, near the end of the film. Today, we consider it for the continued issue of due diligence.

Solo and Calrissian go way back and Solo trusts him. Of course, Solo won his starship, the Millennium Falcon, in a card game from Calrrisian but it was never clear just how legit the card had been. Unfortunately for Solo, he was followed to the Cloud City by bounty hunter Boba Fett who alerts the Empire to Solo’s location. Solo’s friendship with Calrrisian is sorely tested when Vader and his Imperial Troops arrive, take Solo, Chewbacca and Princess Leia prisoner and torture them to entice Luke to come to save his friends. During the climactic battle between Luke Skywalker and Darth Vader, there is the BIG REVEAL where Vadar utters the immortal line, “I AM YOUR FATHER”.

I thought about these last two points, in the context of knowing who you are doing business with under the Foreign Corrupt Practices Act (FCPA) or UK Bribery Act. I once heard a company President say he did not need to perform due diligence because he looked a man in the eyes and that was enough to know if he was honest. (I should add, this President also evaluated the strength of a handshake as an additional level of due diligence.) Hopefully we have moved past this level of sophistication for due diligence and its evaluation thereof.

One of the areas I still receive questions about are the different levels of due diligence. I break due diligence down into three stages: Level I, Level II and Level III. Candice Tal, Founder and Chief Executive Officer (CEO) of Infortal Worldwide, in an article entitled “Deep Level Due Diligence: What You Need to Know”, laid out some of these concepts.

Level I

First level due diligence typically consists of checking individual names and company names through several hundred Global Watch lists comprised of anti-money laundering (AML), anti-bribery, sanctions lists, coupled with other financial corruption and criminal databases. These global lists create a useful first-level screening tool to detect potential red flags for corrupt activities. It is also a very inexpensive first step in compliance from an investigative viewpoint. This basic Level I due diligence is extremely important for companies to complement their compliance policies and procedures; demonstrating a broad intent to actively comply with international regulatory requirements.

Level I due diligence addresses such basic issues as whether the third party actually exists, the identities of management, officers, directors and shareholders and whether such persons are on regulators’ watch lists. It can also provide some basic information on whether there are politically exposed persons (PEPs) involved in the third party. Finally, if there are any media reports linking the company to corruption.

Level II

Level II due diligence encompasses supplementing Level I due diligence with a deeper screening of international media, typically the major newspapers and periodicals from all countries plus detailed Internet searches. Such inquiries will often reveal other forms of corruption-related information and may expose undisclosed or hidden information about the company, the third party’s key executives and associated parties. I believe that Level II should also include an in-country database search regarding the third party. Some of the other types of information that you should consider obtaining are country of domicile and international government records; use of in-country sources to provide assessments of the third party; a check for international derogatory electronic and physical media searches, you should perform both English and foreign-language repositories searches on the third party, in its country of domicile, if you are in a specific industry, using technical specialists you should also obtain information from sector specific sources.

Level II can give you information on adverse litigation, any bankruptcy proceedings, overt signs of financial difficulty. More generally it will also provide local online information such as corporate filings, regulatory filings, lawsuits and locally archived materials. You also be able to determine if there were any in-country investigations or sanctions from regulatory entities. 

Level III

This level is the deep dive. It will require an in-country ‘boots-on-the-ground’ investigation and is designed to supply your company “with a comprehensive analysis of all available public records data supplemented with detailed field intelligence to identify known and more importantly unknown conditions. Seasoned investigators who know the local language and are familiar with local politics bring an extra layer of depth assessment to an in country investigation.” Further, the “Direction of the work and analyzing the resulting data is often critical to a successful outcome; and key to understanding the results both from a technical perspective and understanding what the results mean in plain English. Investigative reports should include actionable recommendations based on clearly defined assumptions or preferably well-developed factual data points.”

But more than simply an investigation of the company, critically including a site visit and coupled with onsite interviews, Tal says that some other things to investigate include “an in-depth background check of key executives or principal players. These are not routine employment-type background checks, which are simply designed to confirm existing information; but rather executive due diligence checks designed to investigate hidden, secret or undisclosed information about that individual.” Tal believes that such “Reputational information, involvement in other businesses, direct or indirect involvement in other law suits, history of litigious and other lifestyle behaviors which can adversely affect your business, and public perceptions of impropriety, should they be disclosed publically.”

Further, you may need to engage a foreign law firm to investigate the third party in its home country to determine the third party’s compliance with its home country’s laws, licensing requirements and regulations. Lastly, and perhaps most importantly, you should use a Level III to look the proposed third party in the eye and get a firm idea of his or her cooperation and attitude towards compliance as one of the most important inquiries is not legal but based upon the response and cooperation of the third party. More than simply trying to determine if the third party objected to any portion of the due diligence process or did they object to the scope, coverage or purpose of the FCPA; you can use a Level III to determine if the third party is willing to stand up under the FCPA and are you willing to partner with the third party.

Now imagine if Luke had performed a more robust level of due diligence on Darth Vadar? Would he have been able to find out Darth Vadar was his father? Perhaps not but then again, we might not have heard that seminal line “I AM YOUR FATHER”.

May the Force be with you.

My good friend Doug Cornelius is also running a week of Star Wars/compliance themed blog posts on his site Compliance Building. Check them out for his take on a more well-rounded Star Wars oeuvre.


This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017