Four ways to mitigate third-party risks
October 02, 2019 by Mark Dunn
Lower operational costs, enhanced supply chain stability, smoother entry into new markets—the benefits of outsourcing business functions to third parties are undeniable. As the third-party networks that organisations rely on grow larger and more complex, however, identifying and mitigating the associated regulatory, financial, reputational and strategic risks becomes more challenging. How do you achieve the needed transparency to build trust, safeguard against third-party risk and demonstrate a commitment to ethical business practices?
Strategies for addressing third-party risk
No risk mitigation programme is infallible, but organisations can reduce their third-party risk exposure and improve their ability to respond proactively in the face of a risk event. Here are five key components of an effective programme.
1) Establish a culture of integrity—Regulators around the world have stressed the importance of corporate leaders setting expectations for ethical business conduct. This requires more than an inspiring speech by the CEO. Make sure that the employees who engage with third parties on a day-to-day basis have periodic training on corporate anti-bribery and corruption policies, regulatory expectations, and the reporting process for suspected violations. In the event of a compliance violation, reporting is particularly crucial. Thanks to regulators' carrot-or-stick programmes that incentivise self-disclosure of violations—such as the FCPA Pilot Programme and the French and British governments' Deferred Prosecution Agreements—a company that self-discloses a suspected violation and cooperates with the subsequent investigation can substantially reduce the financial and reputational costs of prosecution.
2) Follow best compliance practices – While there are other areas of risk to consider, regulatory compliance is one of the most challenging to address for several reasons. Global third-party networks span many borders, and as such, are accountable to regulatory requirements of each country. In addition, organisations must deal with a constantly evolving array of sanctions, watch lists and PEPs. Adopting best practices, such as the ISO 37001 anti-bribery and corruption certification introduced by the International Standards Organisation last year, can help you build out and independently certify your compliance processes.
3) Invest in due diligence and ongoing monitoring—Faced with budget pressures and staffing shortages, a one-size-fits-all approach to vetting third parties either exposes your organisation to greater risk or over-taxes your resources. The end result, either way, is higher costs. Instead, you should tailor due diligence based on risk to optimise the efficiency and effectiveness of your investigations. In addition, organisations should implement ongoing, risk monitoring using a PESTLE framework to help surface risks related to Political, Economic, Socio-Cultural, Technological, Legal, or Environmental factors. By monitoring for risk warning signs in near real time, you can manage your supply chain or third-party risk more proactively.
4) Use technology—It's not unusual for organisations to rely on hundreds or even thousands of suppliers and other third parties. With the right technology and data sources—including legal cases, sanctions, watch lists, and negative news coverage— organisations can automate third-party screening. When screening identifies risk red flags—such as third parties operating in sectors or countries with reputations for corruption—organisations can target those specific entities or individuals for deeper due diligence. Allowing more time- and cost-effective to use of resources. Look for technology solutions that support documenting the screening, due diligence, or monitoring process to address regulators' expectations.
Increased transparency in third-party relationships helps organisations reduce risk and foster trusted relationships—and not just with third parties. Demonstrating corporate social responsibility in how you choose and manage third parties—and avoiding negative headlines related to a bribery scandal, forced labor in the supply chain or a defective product—helps you develop stronger relationships with shareholders and consumers. Ultimately, increased third-party transparency and trust can open doors to new supply sources, lucrative markets, sustainable business growth and higher profits.