Case Study: Managing Third-Party Risks in the Energy Industry

The Problem

An oilfield service company required a comprehensive third-party solution to manage the risks associated with its current and prospective suppliers. The company was using labor-intensive paper-based processes to collect third-party intelligence and coordinate approvals between different stakeholders. 

The Solution

Kroll replaced the company’s laborious manual processes and procedures with an automated solution, optimizing expenses and time. Using its third-party risk management tool--the Kroll Compliance Portal--Kroll customized a workflow for the client, allowing its internal stakeholders to electronically submit justification questionnaires for review by the compliance team. Any third parties that passed a specific stakeholder intelligence threshold were automatically sent a customized onboarding questionnaire.

Kroll helped the client customize this questionnaire, which assigned each third party an initial risk score based on its anti-bribery and corruption policies and code of conduct. Third parties provided information on their businesses and geographical locations, beneficial owners, and other key personnel, and uploaded required documents. The risk scores generated by these questionnaires were immediately communicated to the client and the details were securely centralized and archived in the Kroll Compliance Portal.

Kroll used these risk assessments to calibrate its due diligence response, creating an efficient and effective mix of due diligence reports for the client’s third parties. Leveraging its expertise in global due diligence, Kroll guided the client in developing a risk-based approach to due diligence, depending on factors such as the risks identified, the characteristics of the third parties and the inherent risks of relevant jurisdictions. Depending on the assessed level of risk, appropriate due diligence reports were created, reviewed and approved by the client. This ensured the client had all the information necessary to confidently approve or decline relationships. 

The Result

The client, now armed with automated risk score questionnaires and risk-based due diligence, has greatly improved visibility into the regulatory and reputational risks associated with onboarding third parties. The Kroll Compliance Portal efficiently routes approval decisions to relevant stakeholders, like the client’s legal, compliance and finance departments. 

Kroll also helped the client implement a risk-based recertification and renewal process, keeping it nimble and well ahead of changes in the third-party risk environment. The Portal would resend the company´s anti-bribery and corruption policies and codes of conduct for the third party to review and execute. The client still orders additional due diligence reports from Kroll when needed. 

This process also allows the client to opt for ongoing monitoring of sanctions, enforcement actions and adverse news, which ensures the client is apprised of any changes in third parties’ risk profiles. The result is a streamlined, consistent and objective third-party risk management process that uncovers more third-party risk in a fraction of the resources and time required by legacy programs.