03/08/2020

5 ways to improve third party risk management

If a major compliance or reputational risk occurs with one of your close third party suppliers – for example a negative environmental impact, poor or compromised quality goods, or links to corruption – it’s also your problem.

It doesn’t matter that the third party isn’t a legal part of your organisation, your responsibility extends beyond your own company right up and down your supply chain, to your suppliers and distributors and to your suppliers’ suppliers, too. In fact, it can be difficult to determine where your responsibility ends.

The current global situation has created the perfect conditions in which organisations may be compelled to reduce due diligence and ethical standards and may become more susceptible to bribery and corruption. Therefore now, more than ever organisations must be acutely aware of what’s happening in their supply and delivery chains, and working with the organisations to ensure that processes and standards are being maintained.

To not do so risks your organisation falling foul of compliance breaches, with potentially significant reputational damage, loss of shareholder value as well as the inevitable fines.

So how can organisations use this time to strengthen their third party risk management and ensure that there’s no weak link in the chain?

1. Know your supply and distribution networks

Third parties can pose a significant risk for companies. Under current regulatory frameworks, organisations need to do third party due diligence not only on the firms – suppliers, distributers, retailers and their agents – that they deal with, but with their suppliers’ suppliers too, right across the supply chain. The media is awash with examples of major high street brands falling foul of poor supply chain due diligence, resulting in compromised quality and service all the way through to abuses of workers’ rights. And often, it’s nothing that couldn’t have been prevented with better third party due diligence checks carried out upfront and reviewed regularly.

2. Create a dialogue with your supply chain

Culture and ethics are important for the effective communications within any organisation – so treat your supply chain like an extension of your own organisation and open up more lines of communication with them. This is particularly important now, since the global pandemic could be affecting a link in your chain in unforeseen ways, increasing the risk of corruption or ethical and code of conduct failures. Transparency helps to drive third party risk management improvements and allows your stakeholders to monitor what’s going on up and down the chain, spot issues and even step in to offer assistance before it’s too late.

3. Keep your receipts

Regulators have consistently maintained, since the start of lockdown, that there will be no reduction in companies’ regulatory responsibilities in light of the crisis. But a constantly changing situation naturally leads to changes in the official guidance, so ‘keep your receipts’ is shorthand for: document everything! Keep a full audit trail of your compliance processes and decisions so, if required, you can evidence that any decision followed the regulator’s guidance as it stood at the time. While the line on weakening of regulations has been made universally clear, regulations in some places are being tightened – particularly around information security and data breach risks, so it’s important firms don’t get caught by the turning tide – keeping full record of actions, based on current regulatory advice should protect you.

4. Enhance your due diligence

How do you go about due diligence on your suppliers? Background checks on a third party prior to instigating the business relationship? In a fast-changing environment situations evolve quickly, so checks carried out on a third party months, or even years, ago could be meaningless. Ensure you have the most up to date information on your supply chain organisations. Use an array of data sources and be open to using premium data sources, to obtain a good balance of information. If you worry that your enquiries are too invasive, don’t – you have the right, in the interests of anti-bribery and corruption, to know what is happening across your supply chain.

5. Don’t take your foot off the pedal

Compliance professionals are naturally resilient and good at crisis communications. Make this your time to effect real change in third party risk management; throughout your organisation and supply chain, creating a connected culture with ethics and transparency at its core. This will stand your organisation in great stead as we emerge from the crisis. Above all, don’t let the crisis become an excuse for letting slip the enormous progress made in global standards of compliance and anti-bribery and corruption in recent years. Now is an opportunity for organisations to cement the effectiveness of their compliance processes by encouraging adoption of similarly robust processes for third party risk management – across the supply chain through mentoring, training and benchmarking to create a culture and trajectory of transparency and best practice as the economy starts to recover.

Charles Thomas, Director of Anti-Bribery and Corruption. LexisNexis Risk Solutions

Charles is a subject matter expert within the Anti-Bribery and Corruption (ABC) market. With over ten years of global experience, he provides a detailed view of the pressures and problems that the ever increasing enforcement and regulation of ABC poses to companies in all sectors. Charles is a frequent speaker at a wide range of events globally, covering a range of anti-corruption, risk management and due diligence topics including the UK Bribery Act, Foreign Corrupt Practices Act, and more.

Charles recently chaired a webinar ‘Managing third party risk: COVID 19 and beyond’ featuring Transparency International and Klaus Moosmayer, which is available to view now.