A search on the internet for "Foreign Corrupt Practices Act," "U.K. Bribery Act," or "anti-corruption" returns an overwhelming range of products that ("off the shelf") promise to manage third-party due diligence and protect corporations. It should be simple; just pick one and go, right?

The reality is not so easy. Some products offer expensive hands-on research, others provide access to a portal to search databases yourself, and yet more offer complex software to register your counter-parties and have them answer long questionnaires. Some even offer reports at no charge to you, with your third parties paying a fee to be verified and included in a database of vetted suppliers. With so many options, what is the right answer?

There are trade-offs involved in a spectrum of products. Choosing the most rigorous approach may seem the safest way, but will most likely not be financially and operationally scalable. Choosing too simplistic a process will not expose bad actors and poor business partner choices, opening the door for wrongdoing and leaving your enterprise vulnerable. What is required is a thoughtfully designed program that is effective, scalable, and proportionate to the unique risks facing your enterprise.