Due Diligence

In today’s globalized world, the typical company has numerous third-party relationships be it with a supplier, a distributor, a lawyer, or even a client. However, they also bring along new risks — such as IT security risks, health and security risks, anti-corruption risks, environmental risks, operational risks, regulatory compliance risks, and health risks.

Some of these risks are usually assessed and examined by companies during the on-boarding process to find out whether or not one they’re doing business with someone they could trust. But after that third party risk management and due diligence usually takes a backseat.

Third-party risks that aren’t identified and mitigated in time can snowball into serious problems which influence one’s profitability and reputation. It doesn’t matter whether the issue is the third party’s fault. Ultimately, the company who hired the third party is held responsible by regulators and customers for not doing enough to uncover and deal with the issue in a timely manner.

That leaves businesses in a bit of a dilemma. On one hand, they need to grow and stay competitive that involves, to some extent, expanding their third party network. But on the flip side, if they happen to do business with a high-risk or non-compliant third party, they might get into trouble.

Compounding the challenge, regulators have become much more strict in their oversight of third-party risks. A spate of regulations such as the Health Insurance Portability and Accountability Act (HIPAA), Anti-Money Laundering (AML) requirements, battle minerals reporting requirements, the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act, the Federal Trade Commission (FTC) Act, and the Dodd-Frank Act have increased the pressure on organizations to enhance third-party due diligence. They need to effectively evaluate third-party risks, monitor compliance, conduct due diligence evaluations, identify gaps that could create new risks or compliance violations, and proactively address and fix issues that come up.

How Third-Party Violations and Misconduct Affect Leading Brands
* In 2012, the SEC charged a top pharmaceuticals company for, among other things, using third party intermediaries to make improper payments to foreign officials in order to increase the sales of its products.
* In 2009, a healthcare provider in Dallas found that one its own contract security guards had blasted into several computers, including systems that contained confidential patient information.
* In 2013, several top retailers in Europe were forced to recall their products after food providers were suspected of mislabeling beef as horsemeat.
* In 2012, major technology manufacturing companies were at the receiving end of negative publicity after their third party contractor was found to be violating labour and working conditions rules in its own factories with illegal amounts of overtime, crowded working conditions, under-age employees, and, in some cases, serious industrial accidents.
* In 2011, the FSA fined a worldwide insurance intermediary based in U.K. for failings in its anti-bribery and corruption systems controls. These failings created an unacceptable risk where payments made by the company to overseas third parties might be used for corrupt purposes.

The Current Approach to Third-Party Due Diligence
Companies throughout the world are striving to establish effective processes and systems to manage third-party risks and regulatory compliance. Yet more often than not, their approach is ad hoc and fragmented. Some businesses face growing difficulties due to constant changes in their third party network. Others focus on areas such as third-party performance direction, but fail to pay sufficient attention to third party risk management and compliance monitoring. Because of this, they aren’t able to proactively unearth potential ethical issues caused by security breaches, bribery, money laundering, regulatory violations, and so on.
The need of the hour is a comprehensive application for third party due diligence and oversight. Strong policies, training programs, risk assessments, controls, audits, investigations, and timely issue remediation are critical in this respect, and are increasingly being expected by regulators and government authorities across states.

Companies with a strong program for due diligence and third party governance stand to benefit in several ways. They gain the danger intelligence and business insights necessary to not only mitigate third party risks such as non-compliance or unethical behaviour, but also protect their business against fraudulent transactions. They also streamline third-party direction, and enhance due diligence. And lastly, they’re well-positioned to forge a reputation of integrity, credibility, and reliability that automatically attracts and sustains customer loyalty.