Managing third-party risk
Third-party due diligence
Due diligence helps companies understand third parties better
Performing third-party due diligence is critical, as it represents a systematic and consistent effort to vet business relationships tiered by levels of inquiry based on a thorough business inventory and risk assessment.
It helps companies to not only understand the third parties with whom they will be contracting, but also the broader context in which they will operate.
How to undertake comprehensive due diligence
- Create risk profiles by understanding the cultural and business norms, prior incidents of fraud, previous litigation and adverse press, other non-performance contracts within the industry and geography, or the experience of their peers
- Have complete transparency in the way that the third party is remunerated not just in its fees or commissions, but in its expenses
- Structure to apply the company’s travel and entertainment expense policy appropriately to third parties
- Go deep enough to include the beneficial ownership of the third party and its reputation
It is crucial to not only conduct due diligence when entering into new business relationships but also to have a robust compliance auditing system to monitor activities. Forensic data analytics could potentially identify inappropriate activities before they escalate into penalties amounting to millions of dollars.
Five commonly raised red flags from conducting third-party due diligence
Companies should be alert for the more subtle red flags, which can emerge during the due diligence. They may indicate that a third party carries a risk of exposing the company to fraud, bribery or corruption:
- Omission of certain key personnel/shareholders
- A lack of information or trading history
This factor alone would not rule out start-ups.
- A business address in a non-commercial zone or at service office suites
- Low capitalized company
Suppliers with small capital base could be acting merely as middlemen for undisclosed suppliers, which pose a further risk.
- Tampering or irregularities with the tendering process
This includes the acceptance of late bids, bids being accepted despite failings in technical specifications or scoring, and bids at or very close to set budgets.