This year’s Kroll Fraud and Financial Crime Report found companies are growing increasingly concerned that third parties are driving a higher risk of financial crime. We read through the report to pull...
Millions of companies around the world have been impacted by regulations which mandate them to carry out ESG and human rights due diligence (HRDD in the last few years–or they soon will be. These regulations...
Global companies have been fined hundreds of millions of dollars for alleged compliance breaches in the last year. Whether the allegations against them related to bribery and corruption or breaches of...
From Stricter Sanctions to Broken Supply Chains: What the Ukrainian War has Meant for Third Party Risk Management February 2024 will mark two years since the latest conflict in Ukraine began. As well...
Third parties help companies to deliver their products and services, but they also expose them to regulatory, financial, strategic and reputational risks. In the latest blog in our third party risk series...
Third parties help companies to deliver their products and services, but they also expose them to regulatory, financial, strategic and reputational risks. In the latest blog in our third party risk series, we look further at five key third party risks facing your company. Then, we explain how companies can mitigate them by investing in the right data and technology to support an effective compliance operation.
1. Regulatory risk of new human rights due diligence laws and stronger anti-bribery and corruption requirements
Perhaps the most obvious risk to your company is that global regulators have introduced new and more stringent requirements to manage third party risks. This takes two main forms: firstly, legislation that specifies how to manage bribery, corruption and financial crime risk. This includes regulations designed to incentivize good practice in compliance. For example, the US Corporate Enforcement Policy was updated in 2023 to offer more lenient sentences to companies that voluntarily disclose evidence of wrongdoing and subsequently improve their compliance procedures.
Secondly, the dominant legislative trend of last three years has been to mandate companies to monitor third parties for Environmental, Social and Governance (ESG) risks such as human rights violations or environmental damages. The latest such regulation to come into force (in January 2023) was Germany’s Supply Chain Due Diligence Act. A poll on the law’s impact by the Institute of the German Economy found that 18% of companies planned to change their sourcing practices so they only use third parties in countries with high standards on human rights and environment practices.
These twin trends require companies to carry out thorough due diligence on third parties and suppliers before and during the business relationship to ensure they are compliant with regulations. This screening should cover ESG factors as well as bribery and corruption risks.
2. Financial risk of rising enforcement actions
These new laws have led to global regulators becoming more willing and able to take action against alleged compliance breaches by companies. Third parties are frequently cited in these cases. For example, a chemicals firm was fined $218 million by US regulators in September 2023 over its alleged use of third parties to bribe government officials in Vietnam, Indonesia and India.
3. Reputational risk of ESG failures
There is growing evidence that, even if a company has not broken the law, the business will still suffer if it fails to exercise due concern for ESG factors. Significantly, younger people tend to be particularly concerned about ESG, so companies should ensure their third parties have a positive ESG record–or risk losing the next generation of customers, investors and employees. A survey by Harris Poll in summer 2023 found that young people expect to see “meaningful evidence of business ethics” by a company, and only 6% considered statements from the CEO to count as meaningful evidence.
It has become clear that companies can thrive if they demonstrate a transparent and positive ESG record in their activities and those of their third parties. A paper in the Harvard Business Review in 2023 found that many companies have recognised this shift by carrying out a “rapid and dramatic transformation” of the role of the Chief Sustainability Officer (CSO). Until recently, the role typically focused on communicating about their firm’s corporate social responsibility activities. Now, many CSOs sit on a company’s board and are charged with integrating ESG into the business’ core strategy.
4. Strategic risk of third party disruptions or bankruptcy
Unforeseen events in recent years–such as the COVID-19 pandemic, the conflict in Ukraine and the blockage of the Suez Canal–have wreaked havoc on supply chains. Meanwhile, rising inflation and energy prices and a cost-of-living crisis have dampened consumer spending and raised the risk that third parties and suppliers go out of business. It is therefore unsurprising that BDO’s recent poll of 500 medium-sized businesses found supply chain disruption was their primary concern heading into winter 2023.
Carrying out effective due diligence on third parties and suppliers can help to establish whether your third parties are in jurisdictions with a likelihood of conflict, human rights violations, bribery and corruption, or extreme weather. Understanding third parties’ financial health can also predict how resilient they would be to economic shocks.
5. Compliance risk of failing to invest and adapt
The four risks above show how important it is that firms prioritize the development of an effective compliance and due diligence operation which gives them an unvarnished view of the activities of their third parties. Yet recent evidence suggests companies are not always making the necessary investments, and in fact some are reducing their compliance budgets. A 2023 survey by Compliance Week and Morgan Lewis found that 29% of respondents said their investment in anti-bribery and corruption was below average, while 37% said their investment in technology to combat this risk was below average.
Technological solutions can help firms to make their compliance processes more efficient and effective. In the past, compliance officers had to manually search through thousands of sources for references to current and prospective third parties. Moreover, regulators now expect companies to carry out ongoing monitoring, which would mean staff constantly repeating these manual searches.
Instead, platforms like LexisNexis bring together a vast range of data sources in one place. Companies can upload a spreadsheet of all their third parties and the platform will surface the relevant mentions across the data. A risk score for a third party will then be provided, and automatically updated when new information comes to light in future.
Companies should respond to these five risks by upgrading their approach to due diligence and compliance. This involves screening third parties and customers against a very broad range of reliable and authoritative data sources, including:
Looking for more tips on how to implement an effective due diligence operation to identify and manage third party risks? Our new E-Book identifies the ten main trends companies need to understand and respond to. Download it for free today.
Email: information@lexisnexis.com
Telephone: +31 (0)20 485 3456