Have summaries of our latest blogs delivered to your inbox, so you can stay up to date on the topics and current events that matter to your business.
Recent years have been characterized by supply chain disruption–from Covid-19 to the Suez blockage to the invasion of Ukraine. Moreover, companies who fail to identify and manage illegal or unethical...
While global supply chain risk is certainly not new, our need and ability to identify and assess it quickly affects every facet of our businesses. From the ESG expectations of consumers and the increasing...
Third parties help companies to deliver their products and services, but they also expose them to regulatory, financial, strategic, and reputational risks. In this blog, we look at five key third party...
The intersection of Artificial Intelligence (AI) and business pulses with potential, especially since generative AI (GenAI) has entered the picture. Google research scientist Oriol Vinyals notes, “Generative...
This year’s Kroll Financial Crime Report found companies are growing increasingly concerned that third parties are driving a higher risk of financial crime. We read through the report to pull out...
Companies operating in today’s global business environment must navigate ever-strengthening anti-bribery and corruption regulations. Some of the most significant recent enforcement actions against companies arose from alleged due diligence failures, leading to fines, legal action, strategic risks and reputational damage. Meanwhile, there are growing expectations around companies’ understanding of their Environmental, Social and Governance (ESG) impact, including new legislation mandating them to carry out human rights and environmental due diligence. All this should prompt companies to carry out effective due diligence across your organization
As the complexity of organizations’ global third-party networks—it’s more critical than ever for you to have an effective strategy for evaluating and monitoring third-party risk, particularly if there is a risk of financial crime. Below we've outlined nine steps for a due diligence process based on guidance from regulators to help companies mitigate financial and reputational harm due to third-party relationships. Take a closer look.
The global nature of business today subjects your enterprise to a growing number of regulations and a greater need to mitigate risk exposure through partners and third parties—regardless of where your enterprise is located.
Many countries have implemented new legislation in the last decade that have made it even more important to ensure you and your partners remain compliant. While legislation like the United States Foreign Corrupt Practices Act have existed for nearly half a century, countries in the European Union have strengthened their requirements. Germany recently implemented the Supply Chain Due Diligence Act, which combats human rights violations in addition to the existing regulation of financial crimes.
Furthermore, many of these statutes have extra-territorial reach, so if you or a partner are operating in a country different than your headquarters, you need to comply by their laws as well. Otherwise, you run the risk of facing hefty penalties and enforcement actions from multiple governments.
Before you enter an agreement with a third-party supplier, understand the laws in the areas where they'll be operating and consider if they pose a compliance risk for any jurisdiction.
MORE: Key trends in risk and compliance 2023
Your due diligence process needs to align with the strategic, financial, regulatory, and reputational risks your organization may face. Define your objectives of your due diligence research by asking the right questions before you start. You'll want to consider the size of the organization, their publicity, and whether there could be any Politically Exposed Persons or legal risks associated with the potential partnership.
and the baseline risks you are unwilling to take. Any partnership will have a degree of risk, but there is a big difference between entering into a partnership with local businesses and suppliers versus a high-value, publicly scrutinized company. Decide on your goals and assess how much risk you're willing to assume.
Once you understand the regulatory landscape and have set your risk management goals, you can begin your due diligence research. While there are many topics you'll want to assess when evaluating a partnership, there's certain information that is crucial to your analysis. This will differ depending on whether you're working with a corporation or an individual.
For a corporate entity, organizations need to collect basic information including:
Because a corporate entity will have many moving parts, it's important that you assess all the aspects of the organization to get a complete picture of the risk they present.
For an individual, organizations need to focus on gathering:
This is often more straightforward than a corporation because you are evaluating one variable. Regardless, it is important that you perform a due diligence check to ensure that an individual partner will not compromise your organization.
MORE: 4 ways that third-party data APIs can help you become more risk resilient
Once a basic level of vetting has taken place, prospective third parties—both companies and individuals—should be subjected to a watchlist screening process. By conducting watchlist and politically exposed persons (PEP) checks early in the process, you can quickly determine if the potential third-party relationship poses a significant risk. Names of companies, individuals, NGOs and, if applicable, assets such as vessels should be checked against:
After preliminary information collection and watchlist screening has taken place, it’s time for you to perform a risk assessment. Considerations should include:
MORE: Why managing reputational risk is key to your business success
Following the risk assessment, your due diligence process should include multi-source verification of the information that has been accrued. This will involve a different degree of scrutiny depending on the level of risk the party presents.
Throughout the due diligence process, your organization needs to maintain a comprehensive record of relevant documents, assessment, and decisions to ensure you can demonstrate ROI and prove that decisions to engage with partners or third parties were made in good faith. This is particularly important in case there is legal action and you need to prove that you performed adequate due diligence.
MORE: Safeguard your organization's reputation and monitor risk
Once a third party has been vetted, you still need to conduct ongoing monitoring of the relationship to provide visibility into emerging red flags that could put your organization at risk. As regulation changes, it's important to ensure your partners maintain compliance with new legislation. Additionally, new leadership or negative news could compromise what an existing partnership, and ongoing monitoring will allow you to decide if and when it's time to cut ties.
Business needs change. Commit to periodic reviews with stakeholders to ensure that your due diligence process is always aligned with those needs over time. The best way to do this is by using intelligent technologies like Nexis Diligence+™ that enable comprehensive, risk-aligned due diligence without the manual effort. With our extensive, enriched data, you can feel confident that you are making decisions to keep your risks managed and your company compliant.
To get started on your due diligence strategy, check out our complete "Due Diligence Checklist" for everything you need to know about monitoring anti-bribery and corruption risks.