A special report published this month by Fairfax Media and The Huffington Post, uncovering a vast trove of leaked e-mails and confidential documents, reads more like a Tom Clancy novel than true-to-life business dealings, rich in international plots, secret meetings, late-night phone calls, code names, and much more. A six-month investigation by these media outlets exposed an extensive global web of bribery and corruption, in which high-ranking bureaucrats and politicians awarded billions of dollars in government contracts in exchange for bribes paid on behalf of some of the world’s largest companies.

The heart of the Fairfax Media and The Huffington Post investigation, “The Bribe Factory,” focuses on Unaoil. Owned by the wealthy Ahsani family, the company describes itself as “providing industrial solutions to the energy sector in the Middle East, Central Asia, and Africa.” Namely, to oil-rich countries ranked by Transparency International’s Corruption Perception Index as some of the most corrupt geographic locations in the world.

Companies that engaged Unaoil’s services include Siemens, Rolls-Royce, Petrofac, Halliburton, Weatherford, Eni, Samsung, Hyundai, Honeywell, FMC Technologies, SBM Offshore, and many more. According to the investigation, some of these companies believed they were hiring a reputable lobbyist who would get contracts on their behalf, while others knew or suspected bribery activity was occurring and turned a blind eye.

In a statement, Unaoil refuted the “grave allegations” made against it and said it was “confident” it would be cleared of wrongdoing by the relevant authorities. “At this point we are engaging with authorities and are considering what actions we will take,” the company said.

At least one company caught up in the bribery scandal—Petrofac—has confirmed that an internal investigation is underway. “We take any allegations of activities that may contravene our strict anti-bribery and corruption standards very seriously,” the company said. “We aspire to the highest standards of ethical behavior, and we are determined to investigate these allegations to the fullest extent possible.”

Poor due diligence

For compliance officers, the massive bribery scandal surrounding Unaoil is a stark reminder about the importance—and shortcomings—of due diligence, especially when it concerns third parties with a low public profile and no discernible evidence of wrongdoing.

For example, TRACE International, a reputable non-profit business association, which completed TRACEcertified due diligence reports on two of the Unaoil companies, says Unaoil was cooperative throughout several due diligence reviews.  

“Unaoil’s due diligence reports contained a number of items that increased their risk level substantially, but there was no credible evidence of bribery or other misconduct,” says Alexandra Wrage, president of TRACE. “Unaoil is headquartered in a tax haven, and while this is certainly a red flag, it’s not illegal.”

“Unaoil’s due diligence reports contained a number of items that increased their risk level substantially, but there was no credible evidence of bribery or other misconduct.”
Alexandra Wrage, President, TRACE International

“Reputational screenings resulted in negative media hits, but we addressed these,” Wrage adds. Negative media hits were offset by a London High Court ruling, which Wrage says found that evidence of corrupt payments was at best, tenuous.

“Their TRACE certification report included four red flags,” Wrage says. “None precluded certification, as risk factors vary by company, but that might call for further investigation depending on the specifics, scope, and structure of the deal the company was looking at.”

While it’s easy to blame the messenger, the Unaoil bribery scandal is a scathing example of failed risk management and poor due diligence that occurred within a number of companies. The Red Flag Group, an integrity risk and compliance firm, “acted for several of the companies mentioned in the Unaoil scandal, but only one company—on one occasion—asked us to do due diligence on Unaoil,” Scott Lane, executive chairman of The Red Flag Group, wrote in a blog post.

Lane added that too many companies are “simply collecting information about third parties—registration documents, ownership, and certificates—and not reading them. They are not piecing the story together,” he wrote. “Rather, they are just seeing this as a process and are collecting the data required with the aim of moving through the process as quickly as possible.”

One important compliance lesson here is that relying on an industry certification and questionnaires does not constitute adequate due diligence. Wrage says the process begins with documenting the business justification for retaining a third party in the first place.


Below is a statement from Unaoil in response to bribery and corruption allegations made against it.
Over the last weeks, a number of unfounded allegations have been made against Unaoil and its management causing serious harm to our business, our employees and our reputation. We take these extremely seriously, and we will defend ourselves vigorously.
We are shocked by how these allegations have, without any due process, so rapidly spread and have had such a detrimental impact on our projects and partners around the world. As a result of the allegations having been treated as fact by third parties we have faced threatening behavior, refusal to meet contractual obligations and the potential mothballing of projects and downsizing. All of this has resulted in many of our local workforces potentially suffering serious financial hardship.
Recent press articles have reported inaccurately upon the services which we offer our clients. We have two fundamental business lines, turn-key engineering, procurement and construction (EPC) as well as maintenance, repair and operations work (MRO).
Both business activities are focused on brown-field operations such as revamping, refurbishing and repairing existing infrastructure. For both activities to be effective for clients, Unaoil invests in local facilities and personnel to ensure that it has the necessary local knowledge and ‘boots on the ground’ to be able to complete projects which are critical to the continued production of oil and gas in these frontier markets.
Over the last three decades, Unaoil has worked with its clients to deliver projects relating to oil and gas infrastructure in some of the poorest countries in the world. We take great pride in our track record of achievement which has been widely recognized by clients and competitors alike.
We are committed to serve the communities where we work, investing in local communities, employing a local work force where possible, and providing not only employment but also training and education, fostering skills and learning that can be used time and again.
Unaoil has a strong sense of social responsibility to these communities and our children’s charity UnaKids is an extension of this commitment, helping single-parent children in war-torn countries. We have ridiculously been accused in recent press reports of “contributing to the Arab Spring” and profiting from political instability. On the contrary, we have played a significant role in rebuilding key infrastructure in countries after they have been riven by war or civil conflict.
We will be doing all we can to ensure that existing and ongoing activities of the company, its many employees, and business partners who we bear a moral responsibility to are not unduly disrupted by these allegations.
Source: Unaoil

Compliance officers should then address any red flags raised during the due diligence review and then decide, based on the company individual risk profile, if it wants to do business with that third party. Red flags that require careful consideration include, for example, third parties that do business in high-risk regions of the world, have ties to foreign government officials, or that have a low or shady profile.

More severe red flags that indicate you probably don’t want to do business with the third party include:

Refusal to provide requested information;

Refusal to disclose beneficial owners;

Credible, corroborated, negative media reports;

Inclusion on a sanctions list or Politically Exposed Person (PEP) list;

Material misrepresentations during the due diligence process;

A history of bribery and corruption; or

An ongoing criminal investigation.

Another red flag is if the service the third party provides is unclear, “which would deserve extra scrutiny,” says Anne Minogue, director in the global investigations and compliance practice at Navigant. That may entail actually visiting the business and “seeing if it looks and feels the way that it should,” she says.

If the sales team holds the decision-making power on whether to do business with a particular third party, then sales needs to be trained on bribery and corruption, and understand why due diligence needs to be performed, says Minogue. Even if the ultimate decision is made by the business, compliance should, at least, be involved in the decision-making process. “It should really be a joint effort,” says Minogue.

“Contractual agreements with third parties should include a right to audit upon suspicion of wrongdoing and the right to terminate the agreement,” says Wrage.


Once you’ve on-boarded a third party, high-risk third parties require especially extensive reviews. “With respect to Unaoil, it appears that at least one company with access to the TRACEcertified due diligence report, including the executive summary describing the red flags, escalated to an on-the-ground due diligence provider for a far more extensive review,” says Wrage. “That’s a reasonable and defensible response—to bump a third party with significant red flags up to a more extensive review process.”

Additionally, many companies require annual certifications from their third parties, as well as from business people working with the agents, attesting that no inappropriate payments have been made. “These certifications remove the opportunity for the third party to say later that it didn’t know bribery wasn’t permitted,” says Wrage.

Due diligence doesn’t stop with on-boarding a third party. Ongoing monitoring of third-party relationships is just as important.

It’s a good idea, for example, to monitor expenses, such as fees and payments for services being made on your behalf. “You should have the ability to look at documents behind those expenses,” says Minogue. You want to be looking into any payments that don’t make sense.

“Context is critically important, and judgment calls cannot be outsourced,” says Wrage. “Due diligence is an ongoing process and requires constant, ongoing communication; it’s a tool, not an end in itself. Compliance officers need to manage their current programs, while constantly reevaluating and improving their processes and how they manage risk.”