Managing third-party risk

Asia-Pacific third-party risk landscape

55% of respondents believe risks are more likely to arise from third parties than from internal staff

65% of respondents say that all of their third parties are required to comply with their company’s ABAC of conduct.

26% of respondents have no systems or processes in place to manage and monitor third-party relationships.

37% have an approved supplier database and 38% have a background checking system.

Managing third-party risk

Asia-Pacific third-party risk landscape

Some key findings

  • 55% of respondents believe risks are more likely to arise from third parties than from internal staff
  • Only 65% of respondents say that all of their third parties are required to comply with their company’s ABAC of conduct.
  • 26% of respondents have no systems or processes in place to manage and monitor third-party relationships.
  • Only 37% have an approved supplier database and 38% have a background checking system.
  • Share

Our 2013 Asia-Pacific Fraud Survey shows weak systems and control of third parties are an area of vulnerability. More efforts need to be placed on due diligence, forensic data analytics and frequent compliance audits to manage and monitor third-party relationships.

“Companies that are successful in managing third-party risk extend their own ethical and compliance framework to cover third-party relationships.”
Chris Fordham, Asia-Pacific Fraud Investigation & Dispute Services (FIDS) Leader

The importance of managing third-party risk

Recent prosecutions by regulators demonstrate that companies can be liable for the actions of third parties acting on their behalf.

Fines make headlines but they do not tell the whole story. Companies also have to bear hidden penalties such as the investigation cost, reputational damage, loss of business opportunities while undergoing investigations, risk of class action litigation, and the cost of remediation.

Adverse attention from regulators can also make raising capital or securing investment incredibly challenging.

The UK Bribery Act and the US Foreign Corrupt Practices Act (FCPA) require companies to apply third-party due diligence procedures.

Weak systems and controls in Asia-Pacific

In Asia-Pacific, two groups of third parties ‒ vendors and suppliers (57%), and agents (22%) ‒ have been identified as representing the biggest compliance risk to a business operation.

Types of third parties representing the biggest compliance risk

EY - Types of third parties representing the biggest compliance risk

Q: Which type of third parties represents the biggest compliance risk toyour company?
Base: All respondents (681)

Several challenges remain in relation to how risk management tools are used or how some companies neglect to take preventive measures to vet third parties.

Weak systems and control of third parties are areas of vulnerability that require more focused effort from companies in Asia-Pacific looking to reduce the risk of exposing themselves to anti-bribery/anti-corruption (ABAC) enforcement actions.

Risk management tools

A prudent approach to vetting third parties is essential.

A broad set of tools is at the disposal of companies to prevent and detect third-party breaches, comprising:

These tools form the basis of a strong monitoring system for third-party relationship and identify where there are conflicts of interest.