If You Haven’t Addressed These 5 Third-Party Risks, You’re Behind the Curve

Third parties help companies to deliver their products and services, but they also expose them to regulatory, financial, strategic and reputational risks. In the latest blog in our third party risk series, we look further at five key third party risks facing your company. Then, we explain how companies can mitigate them by investing in the right data and technology to support an effective compliance operation.

1. Regulatory risk of new human rights due diligence laws and stronger anti-bribery and corruption requirements

Perhaps the most obvious risk to your company is that global regulators have introduced new and more stringent requirements to manage third party risks. This takes two main forms: firstly, legislation that specifies how to manage bribery, corruption and financial crime risk. This includes regulations designed to incentivize good practice in compliance. For example, the US Corporate Enforcement Policy was updated in 2023 to offer more lenient sentences to companies that voluntarily disclose evidence of wrongdoing and subsequently improve their compliance procedures.

Secondly, the dominant legislative trend of last three years has been to mandate companies to monitor third parties for Environmental, Social and Governance (ESG) risks such as human rights violations or environmental damages. The latest such regulation to come into force (in January 2023) was Germany’s Supply Chain Due Diligence Act. A poll on the law’s impact by the Institute of the German Economy found that 18% of companies planned to change their sourcing practices so they only use third parties in countries with high standards on human rights and environment practices.

These twin trends require companies to carry out thorough due diligence on third parties and suppliers before and during the business relationship to ensure they are compliant with regulations. This screening should cover ESG factors as well as bribery and corruption risks.

2. Financial risk of rising enforcement actions

These new laws have led to global regulators becoming more willing and able to take action against alleged compliance breaches by companies. Third parties are frequently cited in these cases. For example, a chemicals firm was fined $218 million by US regulators in September 2023 over its alleged use of third parties to bribe government officials in Vietnam, Indonesia and India.

3. Reputational risk of ESG failures

There is growing evidence that, even if a company has not broken the law, the business will still suffer if it fails to exercise due concern for ESG factors. Significantly, younger people tend to be particularly concerned about ESG, so companies should ensure their third parties have a positive ESG record–or risk losing the next generation of customers, investors and employees. A survey by Harris Poll in summer 2023 found that young people expect to see “meaningful evidence of business ethics” by a company, and only 6% considered statements from the CEO to count as meaningful evidence.

It has become clear that companies can thrive if they demonstrate a transparent and positive ESG record in their activities and those of their third parties. A paper in the Harvard Business Review in 2023 found that many companies have recognised this shift by carrying out a “rapid and dramatic transformation” of the role of the Chief Sustainability Officer (CSO). Until recently, the role typically focused on communicating about their firm’s corporate social responsibility activities. Now, many CSOs sit on a company’s board and are charged with integrating ESG into the business’ core strategy.

4. Strategic risk of third party disruptions or bankruptcy

Unforeseen events in recent years–such as the COVID-19 pandemic, the conflict in Ukraine and the blockage of the Suez Canal–have wreaked havoc on supply chains. Meanwhile, rising inflation and energy prices and a cost-of-living crisis have dampened consumer spending and raised the risk that third parties and suppliers go out of business. It is therefore unsurprising that BDO’s recent poll of 500 medium-sized businesses found supply chain disruption was their primary concern heading into winter 2023.

Carrying out effective due diligence on third parties and suppliers can help to establish whether your third parties are in jurisdictions with a likelihood of conflict, human rights violations, bribery and corruption, or extreme weather. Understanding third parties’ financial health can also predict how resilient they would be to economic shocks.

5. Compliance risk of failing to invest and adapt

The four risks above show how important it is that firms prioritize the development of an effective compliance and due diligence operation which gives them an unvarnished view of the activities of their third parties. Yet recent evidence suggests companies are not always making the necessary investments, and in fact some are reducing their compliance budgets. A 2023 survey by Compliance Week and Morgan Lewis found that 29% of respondents said their investment in anti-bribery and corruption was below average, while 37% said their investment in technology to combat this risk was below average.

LexisNexis: Helping you to overcome each of these third party risks

Technological solutions can help firms to make their compliance processes more efficient and effective. In the past, compliance officers had to manually search through thousands of sources for references to current and prospective third parties. Moreover, regulators now expect companies to carry out ongoing monitoring, which would mean staff constantly repeating these manual searches.

Instead, platforms like LexisNexis bring together a vast range of data sources in one place. Companies can upload a spreadsheet of all their third parties and the platform will surface the relevant mentions across the data. A risk score for a third party will then be provided, and automatically updated when new information comes to light in future.

Companies should respond to these five risks by upgrading their approach to due diligence and compliance. This involves screening third parties and customers against a very broad range of reliable and authoritative data sources, including:

• Legal data including court cases involving a company.
• Sanctions lists and watch lists that reveal which entities and individuals would cause a company doing business with them to be sanctioned.
• Lists of Politically-Exposed Persons (PEPs), whose prominent political positions can make them a target of bribery and corruption–and therefore deserving of enhanced due diligence.
• News data, which can flag perceived and alleged risks involving a company or individual–especially if the data comes with an archive of historic news.
• ESG data, which indicates a company’s impact on the environment, its reputation for social issues, and any failures in governance.

Looking for more tips on how to implement an effective due diligence operation to identify and manage third party risks? Our new E-Book identifies the ten main trends companies need to understand and respond to. Download it for free today.