Due diligence the key for third-party risks

Organisations must ensure they conduct thorough due diligence of third-party supply chain risks amid tougher economic conditions and heightened regulatory enforcement, according to leading risk professionals.

Speaking as part of Refinitiv’s latest webinar on third-party risk and relationships, attendees noted the importance of conducting due diligence on partners across the supply chain.

With companies under pressure from the Covid-19 pandemic, and nations including Australia enforcing legislation on human rights and trafficking, the stakes are higher than ever. Participants said there is a greater need for organisations to review third-party relationships.

Recent research from Refinitiv reveals 43% of third-party relationships are not subject to any form of due diligence checks, despite greater regulation and enforcement action on human rights across Asia-Pac, Europe, and the United States.

The statistic underlines the need for organisations to pay closer attention to supply chain management, attendees said.

Charles Minutella, head of enhanced due diligence at Refinitiv, said companies had different views on due diligence, and the risk sector “lacked a common definition around what is due diligence and what is required”.

He said organisations should ask several key questions, including whether they know the vendor, if it can deliver the services and goods required, if they are a politically exposed person, whether the supplier is on a sanctions list, and if they have a sustainability record. He added most companies looked at sanctions and politically-exposed people, “at the very least”.

Karin Ragel, head of supply chain risk at Lendlease, said companies need to adopt “a risk-based approach” to third parties.

“From our perspective, our supply chain risks are instrumental in the development, construction and maintenance of the assets we create,” she said.

She described diligence as “critical”, and said Lendlease looked at items including safety, capacity to perform, its concentration risk with suppliers, as well as compliance and reputation/integrity risks, climate change and cyber risks.

Alice Cope, a senior advisor at Pillar Two, a corporate sustainability consultancy, said she was not surprised at the 43% figure.

Cope said the United Nations’ Guiding Principles on Business and Human Rights set the “global standard” for how companies should respect human rights, adding organisations needed to conduct “ongoing human rights due diligence”. 

“That process needs to look at not only assessing risks, but integrating the findings of impact assessments into the business,” Cope added.

Further Refinitiv research shows 63% of people agree that the economic climate will encourage organisations to take more risk with third parties.

Ragel said this underscored the importance of “making sure everyone was part of the decision-making process” with regard to third parties. She warned businesses against focusing on new business ahead of the consequences of breaking the rules.

Cope said businesses would be under more pressure amid the pandemic, and said taking extra risks was dangerous given the backdrop of greater regulatory enforcement.

She said developments in southeast Asia highlighted the changing regulatory outlook.

“In Malaysia this year, new regulation will make individuals personally liable for anything involving bribery. So companies need to be proactive in being able to demonstrate they have adequate procedures in place to mitigate the risk of and prevent corruption.”