How well do you really know your clients, vendors, distributors or local representatives? Many companies underestimate the risks and overestimate the quality of their third-party risk assessment. It’s time to reassess the risks and invest in Third Party Risk Management before the damage is done.
Businesses are under intense scrutiny as government and modern society’s expectation for impeccable business integrity continues to grow. Extending to the choice of Third-Party Intermediaries (TPIs), such expectations demand a high standard of ethical behavior. It’s crucial to have the right information before engaging in a new relationship with financial intermediaries, wealth management customers etc.
Get the right information on third-parties
Performing an effective due diligence for your TPIs can be tough. KPMG’s latest Global Anti-Bribery and Corruption Survey found this holds true especially for cross-border relationships. Global businesses struggle with great variability in the:
Quality and volume of available information
Collection processes and sources
Language skills required to process and analyse the information.
Moreover, the sheer volume of public information complicates the collection of comprehensive intelligence. It can exhaust resources if you don’t take a systematic approach.
It’s essential to invest in prevention and detection and to set up an appropriate, systematic approach. Ignorance isn’t an accepted excuse, so your selection of TPIs must be based on complete information. When shortfalls are detected by regulators, penalties range from fines to being barred from government contracts. The company may also suffer a hit to its reputation and/or waste management time and valuable resources to address the deficits after the fact.
Check the status quo
Start by assessing your current universe of TPIs. Keep in mind, the complete global pool of TPIs may be unknown for some companies because they use multiple local procedures that are misaligned. Thus, a disorganized approach complicates the accurate identification and appropriate application of controls to rank high, medium and low risk TPIs.
Once you have an overview of your organization’s TPIs, gather data on your current situation, analyze its implications and assess the complexity of your business needs, locations and solutions/products.
When addressing the status quo in your organization, consider the implementing the following best practices in third-party risk management:
Establish a Third-Party Risk Management (TPRM) process
It should be credible, consistent, effective and efficient. This is achieved by setting up a transparent, centralized, risk-based and globally applicable approach that exploits partly automated solutions.
Avoid over-reliance on a single source of information. Ill-advised decisions can have harmful consequences.
Take advantage of specialized intelligence solutions that track tens of thousands of sources from around the globe.
Reassess any red flags. Inclusion in such a list or database doesn’t imply guilt of any crime.
Nevertheless, red flags allow you to review potential risk and reassess the actual risks your organization may have.
Take a country-specific approach to global third-party risk due diligence
Although the Internet has increased the availability of information, the quality and type of information varies greatly from country to country.
Country-specific expertise is essential to effectively assess information on individuals and entities.
Some of the most common challenges global enterprises face regarding mitigating third-party risk across country locations include:
The accuracy, availability and verification process varies a lot internationally, making it difficult at best to compare information across jurisdictions.
You can’t rely exclusively rely on English searches. Language barriers may mean distinct language skills are needed to adequately identify information linked to the individual or entity of interest.
Manual data gathering can be effective, but it’s labour intensive. Ensuring the exhaustiveness of the collected information and the recurrent updating of information requires a substantial effort, which in turn drives up the costs.
Country-specific expertise is also required to adequately evaluate the findings in context given the different business environments with varying regional customs and conventions.
Inconsistencies arising from ambiguous procedures can undermine integrity and compliance with regulatory requirements. They distort the results, diminish the comparability of the findings and impede the reliability of your due diligence efforts.
Mitigate cognitive bias
If your risk assessment process is not well-defined, your outcome may be unduly shaped by cognitive biases. For example, it’s well known that people barely distinguish between marginal differences and frequently err when evaluating probabilities – the former leaving a blurred line for decision making and the latter directly twisting the risk analysis. These are just two of the possible issues when relying on predominantly manual corporate intelligence.
One way to mitigate such bias is to employ partly automated solutions with a rigorous framework and a proven methodology. You can customize these tools to fit your business needs, satisfy your risk appetite and make sure you get an accurate picture of the risks. Setting transparent, pre-defined assessment criteria will increase the credibility of your TPRM by minimizing discretion.
Automate your third-party risk assessment
Specialized tools for corporate intelligence boost efficiency, improve the thoroughness of your analysis and make continuous monitoring of existing risks much easier. Such technology, automate part of the search for negative press and media, detect litigation, conduct background checks on directors and main shareholders, monitor sanction lists and many other critical elements to a third-party due diligence.
For accuracy, make sure the solution should be on a proven methodology that considers your business environment and the present risks of the respective domain.
Avoid nasty surprises by taking these five key steps
Protect your organization both from financial and reputational damages by implementing a robust third-party due diligence procedure:
Monitor the risks periodically or continuously, verify the initial findings and reassess your risk exposure based on the latest facts.
Commit to a high level of business integrity, mitigate risk exposure and strengthen your overall compliance for the benefit of your organization.Add to favorites