Compliance Risk and Diligence
Complying with anti-money laundering and anti-bribery and corruption regulations.Compliance Risk and Diligence
In today’s globally connected world, companies no longer simply compete company-to-company, rather they compete supply chain-to-supply chain. Modern companies are discovering that third-party relationships are a cornerstone of most of their day-to-day operations, providing them with critical edge over their competitors. Whether you’re buying raw materials, outsourcing software development or hiring a consultancy service, third parties provide an effective means for enlisting necessary expertise and resources without making costly investments needed to bring those capabilities or services in-house.
However, working with external partners comes with potential risk. One area of concern is increased exposure to corruption carried out by third parties. As organizations increasingly rely upon third parties for a variety of reasons, the risk of running afoul of international anti-corruption and bribery regulations increases, and is often swiftly followed by reputational damages.
Proactively conducting third-party due diligence can help your company minimize its exposure to corruption risks. Furthermore, developing an objective, risk-based approach can also ensure that your firm minimizes its third-party risk in a cost-effective manner.
At its basic level, supply chain or third-party due diligence describes the efforts taken to investigate a potential business partner. Third parties in a modern supply chain are diverse. They can include anything from suppliers, distributors, agents, advisors and consultants, and even customers. Third-party due diligence applies both up and down the supply chain. Any external partner, be it entity or individual, that a firm works with is a third party and therefore a potential corruption risk.
The objective of third-party due diligence is to discover any corruption risks associated with the potential partner.1 Ultimately, an effective due diligence screening program allows a firm to make an informed decision about whether it is safe to proceed with a proposed business partnership. As such, proper due diligence should begin before engaging with a third party–such as through an onboarding questionnaire–and continue throughout the relationship through monitoring. The level of effort that a firm invests in conducting a due diligence investigation on a third party should correlate with the level of risk the third party potentially presents.
While each firm should tailor its due diligence program to its specific needs and resources, some common best practices exist to help guide your efforts:
Understand your firm’s third-party universe: Understanding your existing third parties is paramount to implementing an effective due diligence program. Failure to understand your firm’s various third-party relationships will undermine your efforts to establish a rigorous, risk-based due diligence program. Only with a good understanding can you begin to develop risk categories, the next step.
Assess your third-party risk: A one-size-fits-all due diligence program is neither effective nor efficient, as not all third parties are equally risky. Developing a risk assessment system allows you to segment your third parties according to their risk profiles and focus your limited resources on your riskiest relationships. When developing a risk assessment, use objective criteria relevant to your company that includes, at a minimum: the industry sector, jurisdiction and type of the third party; the nature of your relationship; and, especially, the third party’s relationship, if any, with government entities.
Establish an ongoing monitoring plan: Third-party risk unfortunately does not end with the onboarding process, as a third party’s risk profile is likely to change over time. Stay ahead of third-party risk by continually monitoring your existing third-party relationships to rapidly identify emerging risk-relevant developments.
Use a third-party management system: Third-party management systems help improve the efficiency of your staff, consequently reducing your firm’s operating costs. They also ensure objectivity and consistency of your due diligence efforts, thus reducing the likelihood of human misconduct or error. Furthermore, centralized control of all due diligence records will help your company in the event of an audit of your third-party management program.
Re-evaluate due diligence processes over time: As your business grows and changes, it may face new needs or challenges surrounding its third-party relationships. Risk profiles can also change, and your due diligence program needs to effectively address new points of concern. Conduct regular reviews of your third-party due diligence process to make sure you’re always focused on the risks that are most relevant to your business.
As business relationships with third parties increase, mitigating the inherent corruption risks in your supply chain will become more central to a successful business strategy. If your organization is looking to uncover or remediate supply chain risks, contact Kroll’s compliance experts to discuss how to implement or improve your third-party due diligence processes.
1 Although there are different types of due diligence, each with its own objective, the focus of this article is on anti-corruption and anti-bribery due diligence.