Articles

Third Party Vetting

Four ways to mitigate third-party risks

Lower operational costs, enhanced supply chain stability, smoother entry into new
markets—the benefits of outsourcing business functions to third parties are undeniable. As
the third-party networks that organisations rely on grow larger and more complex,
however, identifying and mitigating the associated regulatory, financial, reputational and
strategic risks becomes more challenging. How do you achieve the needed transparency to
build trust, safeguard against third-party risk and demonstrate a commitment to ethical
business practices?

Strategies for addressing third-party risk

No risk mitigation programme is infallible, but organisations can reduce their third-party risk
exposure and improve their ability to respond proactively in the face of a risk event. Here
are five key components of an effective programme.

Establish a culture of integrity — Regulators around the world have stressed the importance
of corporate leaders setting expectations for ethical business conduct. This requires more
than an inspiring speech by the CEO. Make sure that the employees who engage with third
parties on a day-to- day basis have periodic training on corporate anti-bribery and corruption
policies, regulatory expectations, and the reporting process for suspected violations. In the
event of a compliance violation, reporting is particularly crucial. Thanks to regulators'
carrot-or- stick programmes that incentivise self-disclosure of violations—such as the FCPA
Pilot Programme and the French and British governments' Deferred Prosecution
Agreements—a company that self-discloses a suspected violation and cooperates with the
subsequent investigation can substantially reduce the financial and reputational costs of
prosecution.

Follow best compliance practices – While there are other areas of risk to consider,
regulatory compliance is one of the most challenging to address for several reasons. Global
third-party networks span many borders, and as such, are accountable to regulatory
requirements of each country. In addition, organisations must deal with a constantly
evolving array of sanctions, watch lists and PEPs. Adopting best practices, such as the ISO
37001 anti-bribery and corruption certification introduced by the International Standards
Organisation last year, can help you build out and independently certify your compliance
processes.

Invest in due diligence and ongoing monitoring — Faced with budget pressures and staffing
shortages, a one-size- fits-all approach to vetting third parties either exposes your
organisation to greater risk or over-taxes your resources. The end result, either way, is
higher costs. Instead, you should tailor due diligence based on risk to optimize the efficiency
and effectiveness of your investigations. In addition, organisations should implement
ongoing, risk monitoring using a PESTLE framework to help surface risks related to Political,
Economic, Socio-Cultural, Technological, Legal, or Environmental factors. By monitoring for
risk warning signs in near real time, you can manage your supply chain or third-party risk
more proactively.

Use technology — It's not unusual for organisations to rely on hundreds or even thousands
of suppliers and other third parties. With the right technology and data sources—including
legal cases, sanctions, watch lists, and negative news coverage— organisations can
automate third-party screening. When screening identifies risk red flags—such as third
parties operating in sectors or countries with reputations for corruption—organisations can
target those specific entities or individuals for deeper due diligence. Allowing more time-
and cost-effective to use of resources. Look for technology solutions that support
documenting the screening, due diligence, or monitoring process to address regulators'
expectations.

Increased transparency in third-party relationships helps organisations reduce risk and
foster trusted relationships—and not just with third parties. Demonstrating corporate social
responsibility in how you choose and manage third parties—and avoiding negative
headlines related to a bribery scandal, forced labor in the supply chain or a defective
product—helps you develop stronger relationships with shareholders and consumers.
Ultimately, increased third-party transparency and trust can open doors to new supply
sources, lucrative markets, sustainable business growth and higher profits.

Share this article

Share Tweet Pin it +1 Linkedin