NNPCL GRC_Due Diligence Processes_Risk Categorisation.pdf

Full Transcript

NNPC Limited Due Diligence Processes and Procedures

relationship, or where applicable, request for further information from the
employee, customer, or third Party.
Please refer to the Guide on Due Diligence Competencies on page 24.

2.0 Risk Categorisation and Scope of Evaluation

All due diligence should be conducted based on the risk classifications. The
subsequent level of research and due diligence to be conducted shall be
proportionate to the risk presented by the business relationship.

2.1

Risk Classification
The initial and final risk categorization based on the General IDD (Integrity
Due Diligence) and EDD (Enhanced Due Diligence) shall be performed by
LOD 1 and GRC respectively. The risk categories shall be rated as High,
Medium, or Low. The rating of the risk is a careful judgement call based on
research due diligence performed, type of risk identified, prospective
business relationship, possible mitigation measures, context, amongst
Page 116 of 347

NNPC Limited Due Diligence Processes and Procedures

others. The factors to consider while exercising the intuition in arriving at a
particular risk rating includes, but is not limited to:


the sensitivity of the job role, occupied (to be occupied) by the employee
or prospect, may lead to a high risk rating, as employment into high-risk
positions such as management roles or roles involving dealing with
finances, payments and collections, might open up the employee to
being an easy target for collusion, fraud or coercion. Thus, the sensitivity
of the role determines whether the initial risk categorization is high,
medium or low.



For counterparties or other third parties (see section 3.4.1 on third party
review criteria) which details the factors to consider in evaluating the
risks arising from NNPC Limited’s relationship with any third Party

The risk rating will determine the subsequent steps to be taken as set out
below:
Risk Classification
S/N
1.

Description
High Risk
Unless there are special reasons, NNPC Limited shall not proceed
with project preparatory activities if there is an initial high-risk
classification, as this risk category falls outside NNPC Limited’s risk
tolerance. High risk ratings shall require weighty reasons and the
conduct of an extensive EDD proportionate to the risk. If the final
risk rating is determined as High after EDD, NNPC Limited may not
move forward with the proposed activity except there exists
substantial reasons for continuing with the project. Such decisions

Page 117 of 347

NNPC Limited Due Diligence Processes and Procedures

Risk Classification
shall require Level 1 Committee approval after which the Mitigating
Measures under section 3.1.2 of this policy must be strictly followed.
The non-exhaustive indicators set out below indicates a High Risk:


Unidentifiable beneficial owners or a corporate structure that
favours anonymity, nominee shareholders.



Potential Business Partners and Investors



The presence of Politically Exposed Persons.



Beneficial Owners with a substantial amount of unexplained
wealth.



The Counterparty or a Beneficial Owner is listed on a Sanctions
List.



The

Counterparty

is/has

been

a

subject

of

criminal

investigations, charges, or convictions for serious wrong doings.


The Counterparty is a business incorporated in a high-risk
country or jurisdiction.

2.

Medium Risk
A number of circumstances and risk indicators may result in a
Medium Risk rating, including the non-exhaustive list of risk
indicators below:


Past or ongoing investigations for serious wrongdoings.



The presence of Politically Exposed Persons.



Unduly complex ownership structures.

Page 118 of 347

NNPC Limited Due Diligence Processes and Procedures

Risk Classification


A member of the board of directors or Senior Management is
included on a Sanctions List or



AML/CFT risks relating to, e.g., jurisdictional risks or weak internal
controls or regulations.

If a counterparty is rated as Medium Risk, an EDD shall be
conducted. The existence of risk indicators denoting Medium Risk
after EDD does not in itself prevent NNPC Limited from engaging
with a Counterparty if mitigating factors are identified and
mitigating measures recommended. or required to maintain the
risk within NNPC Limited’s risk tolerance.
3.

Low Risk
If no risk indicators are identified or risk indicators only pose a low
risk to NNPC Limited, no further action or measures are required,
apart from regular monitoring in accordance with relevant policies
and guidelines.

2.2

Type of Due diligence
The following are the defined types of DD review to be performed to meet
the requirements of the respective counterparty evaluation activities. This
should be conducted on a risk-based basis, with the level of research
conducted being proportionate to the risk presented by the relationship.

Page 119 of 347

NNPC Limited Due Diligence Processes and Procedures

Type of Due Diligence
Description

Responsibility


Level A
This is research conducted on third parties
providing services which are classified as low risk,
and it includes, but is not limited to the following
the following:

The

relevant

business Units.


The

GRC

Division/
External
Provider.



Corporate/Organizational information.



Reputational and regulatory checks.



Quick search for negative findings, litigation,
sanctions, adverse media, and identification of
Politically

Exposed

Persons

(PEPs)

and

Government Officials (GOs).
Level B
The focus of Level B is on medium or high risk third
parties. It involves carrying out research on the
following non-exhaustive areas below:


Corporate/Organizational information.



Reputational and regulatory checks.



Negative findings, litigation, sanctions, adverse

The GRC Division /
External Provider
and other relevant
units.

media, and identification of Politically Exposed
Persons (PEPs) and Government Officials (GOs).


Membership of relevant associations



Financial capacity and history which shall entail:
Page 120 of 347

NNPC Limited Due Diligence Processes and Procedures

Type of Due Diligence
 3 years audited Financial statements and
supporting documents
 Key financial ratios, Assets, Revenue, financial
stability of the company amongst others.
Level C
Level C search would be applicable where NNPC
Limited requires a deeper insight into third parties
(such as a JV Partner) that may not be sufficiently
addressed by publicly available records alone i.e.,
high risk third parties. It requires more in-depth
analysis of all searches conducted under Level B,
and elicits additional information as listed nonexhaustively below:


Advanced Corporate/Organizational
information such as comprehensive credit
report, filing history etc.



Comprehensive reputational and regulatory

The GRC Division /
External Provider
and other relevant
units.

checks


Negative findings, litigation, sanctions, adverse
media and identification of Politically Exposed
Persons (PEPs) and Government Officials (GOs).



Financial analysis and history, including but not
limited to the prospective partner’s leverage,
profitability, liquidity ratios, to determine actual
financial strength.
Page 121 of 347

NNPC Limited Due Diligence Processes and Procedures

Type of Due Diligence


Financial capacity – Funding capacity and
support.



Operational capacity and competencies –
Business alliances, extent of technological
compliance and track record.



Possible conflict of business interest.



Internal controls, management style,
bureaucratic affiliations etc.



Where available, perceptions from the
prospect’s banking sources, competitors, JV
associates and other industry sources including
market analysts, journalists etc.

Page 122 of 347