20 September 2017
How well do you really know your clients, vendors, distributors or local representatives? Many companies underestimate the risks and overestimate the quality of their third-party risk assessment. It’s time to reassess the risks and invest in Third Party Risk Management before the damage is done.
Businesses are under intense scrutiny as government and modern society’s expectation for impeccable business integrity continues to grow. Extending to the choice of Third-Party Intermediaries (TPIs), such expectations demand a high standard of ethical behavior. It’s crucial to have the right information before engaging in a new relationship with financial intermediaries, wealth management customers, vendors, sales agents or local representatives or any other third party you work with.
Performing an effective due diligence for your TPIs can be tough. KPMG’s latest Global Anti-Bribery and Corruption Survey found this holds true especially for cross-border relationships. Global businesses struggle with great variability in the:
Such difficulties may arise when considering foreign candidates or entities. But considering domestic residents with a professional or educational past abroad or local entities that are active in other jurisdictions can also cause problems. Moreover, the sheer volume of public information complicates the collection of comprehensive intelligence and can exhaust resources if you don’t take a systematic approach.
It’s essential to invest in prevention and detection and to set up an appropriate, systematic approach. Ignorance isn’t an accepted excuse, so your selection of TPIs must be based on complete information. When shortfalls are detected by regulators, penalties range from fines to being barred from government contracts. The company may also suffer a hit to its reputation and/or waste management time and valuable resources to address the deficits after the fact.
Start by assessing your current universe of TPIs. Keep in mind, the complete global pool of TPIs may be unknown for some companies because they use multiple local procedures that are misaligned. A disorganized approach complicates the accurate identification and appropriate application of controls to rank high, medium and low risk TPIs.
Once you have an overview of your organization’s TPIs, gather data on your current situation, analyze its implications and assess the complexity of your business needs, locations and solutions/products.
When addressing the status quo in your organization, consider the implementing the following best practices in third-party risk management:
Although the Internet has increased the availability of information, the quality and type of information varies greatly from country to country. Country-specific expertise is essential to effectively assess information on individuals and entities.
Some of the most common challenges global enterprises face regarding mitigating third-party risk across country locations include:
If your risk assessment process is not well-defined, your outcome may be unduly shaped by cognitive biases. For example, it’s well known that people barely distinguish between marginal differences and frequently err when evaluating probabilities – the former leaving a blurred line for decision making and the latter directly twisting the risk analysis. These are just two of the possible issues when relying on predominantly manual corporate intelligence.
One way to mitigate such bias is to employ partly automated solutions with a rigorous framework and a proven methodology. You can customize these tools to fit your business needs, satisfy your risk appetite and make sure you get an accurate picture of the risks. Setting transparent, pre-defined assessment criteria will increase the credibility of your TPRM by minimizing discretion.
Specialized tools for corporate intelligence boost efficiency, improve the thoroughness of your analysis and make continuous monitoring of existing risks much easier. Such technology, automate part of the search for negative press and media, detect litigation, conduct background checks on directors and main shareholders, monitor sanction lists and many other critical elements to a third-party due diligence. You gain access to a multitude of individuals and trusted sources in a variety of languages and countries which increases the coverage of your data collection, boosts trust in its completeness and saves costs by minimizing the search effort of manual intelligence gathering.
Using the tools to conduct ongoing comparisons with new entries allows you to adjust to changes – so you can be confident in your assessment at any time. Moreover, the global harmonization of the process will lead to consistent and comparable results – a great foundation for good decisions.
For accuracy, make sure the solution is based on a proven methodology that considers your business environment and the present risks of the respective domain. The potential efficiency gains resulting from partly automated solutions for corporate intelligence can more than offset the considerable efforts to revamp your TPRM.
Considering the risks your organization may unnecessarily be exposed to by flawed procedures, it’s my professional advice, in most cases, to invest in prevention and detection to avoid nasty surprises. Protect your organization both from financial and reputational damages by implementing a robust third-party due diligence procedure: