Herculean challenge in managing third-party risk

January 01, 1970

Earlier this month Kroll, the global leader in risk mitigation and response solutions, issued its 2015 Anti-Bribery and Corruption Benchmarking Report, created in conjunction with Compliance Week. The Report aims to give professionals insight into the risks their companies face and how to implement compliance programs to fight them.

The ongoing challenges in minimising third-party risks

Third-party relationships continue to be a serious risk and a heavy burden on compliance programs. Almost every survey respondent (92 percent) depends on outside vendors and other third parties to some extent. The average respondent reports more than 2,900 third-party relationships.

However, while 65 percent say their business will increase the number of their third-party relationships, 48 percent say they never train third parties on anti-bribery and corruption. This is a high figure given the number of enforcement actions regulators take that involve third parties.

"While there has been phenomenal progress in the extent to which anti-bribery and anti-corruption issues have now made it on the training agenda for most large organizations, that's still not really the case when it comes to training third parties," says Kevin Braine, Managing Director with Kroll's Compliance practice in EMEA.

The Report also includes the following findings:

  • More than 50% anticipate the bribery and corruption risks to their company will increase
  • 66% automate their anti-corruption program in some way
  • Most automated tasks are limited to training; only 26% automate the vetting of third parties
  • A majority (52%) are not confident in their financial controls to catch potential books-and-records violations of the FCPA

When it comes to monitoring automation is the answer

66% say that they automate their anti-corruption program in some way, yet most automated tasks are training-related - only 26% automate the vetting of third parties.

"It's a lot to ask of a company or a compliance department to tackle [vetting] manually," says Robert Huff, Managing Director at Kroll.  Explaining why this is the case Huff cites the herculean task of monitoring adverse media, watch lists, sanctions regimes and litigation, in all local languages anywhere a company does business. "That's an area where the tools that are out there right now allow for large volumes of third parties to be regularly screened — it can be continuous daily screening or something less frequent, such as quarterly or semi-annually."

The Justice Department has made clear in its guidance that monitoring of third parties is expected. However, any business that wants to better manage risk across their supply chain and be respected in their market should be doing this anyway.

Related Blogs

ps 3 ways you can apply this information right now to…

  1. Having a robust and consistent compliance process in place can help you mitigate your risk and protect your reputation. If you are looking to manage business risk, click here to find out how our solutions can help.
  2. Share this article on LinkedIn. Share our content with your existing contacts and groups to create debate.
  3. Leave a comment below. Let's start a conversation!