Legal, risk and compliance officers are facing a host of new challenges related to third parties, as disruption and bad actors proliferate.
The impact of COVID-19 has demonstrated the need for many organizations to reassess the resilience of their operations. As businesses weather the crisis, the changing demand for goods, increased restrictions on trade and movement, and sociopolitical pressure have significantly disrupted key supply networks, with 94% of Fortune 1000 companies reporting changes in this critical area.1
The picture emerging of the pandemic effects on business integrity reveals real, and evolving, challenges. It is no secret that in times of economic vulnerability, either through crisis or economic downturn, bad actors will seek to take advantage. The unfortunate truth is that, even in the short period since the pandemic began, frauds and scams have already significantly affected critical sectors, including health care, consumer goods and financial services. The International Criminal Police Organization (INTERPOL) has reported on heightened risks, including targeted fraud schemes in health and critical infrastructure and counterfeit trade,2 with heightened threats of counterfeit emails, advance fee fraud and money laundering.3
Many organizations already find it challenging to manage third-party risk in their supply chains. Now, they must account for the changing context of supply chain integrity driven by the impacts of the pandemic, to not only weather the current storm but emerge stronger and more resilient to these threats.
Some of the challenges legal, risk and compliance officers are currently facing include:
- Societal pressure for business continuity, with increased demand for particular products
- Faster onboarding of essential third parties
- Exposure to countries with higher attendant risks of fraud, corruption, and labor and human rights abuses
- Uncertified and substandard products entering the market
- A high volume of new third parties requiring legal and integrity due diligence
- Weaker internal communication and controls to identify and mitigate deficiencies
- Continued regulatory pressure to maintain standards
While short-term business needs may be being met for now, the medium- and long-term impact of new and unmanaged third-party risks remains to be seen. Those third parties may themselves have inadequate compliance procedures and maybe using fourth parties over which a business may have limited insight.
In light of the risk factors highlighted above, screening and carefully selecting third-party suppliers using a risk-based approach has perhaps never been more necessary. The prevalence of high-risk actors in supply chains may serve only to slow down the response to the pandemic itself.
In this time of economic uncertainty, how can organizations balance business continuity with their integrity agenda? What does a flexible approach toward supply chain risk management look like and can it be effective?
These four tips will help organizations manage the immediate response to their changing third-party ecosystem:
Prioritize the most important third parties
Identifying the most critical third parties in the supply chain and assessing their response to the pandemic is important in determining the resilience of an existing population. Businesses may find that they need not look outside of their existing supply chain for credible and reliable suppliers. In these instances, businesses will need to double down on their risk reviews over the existing population to integrate additional risk factors such as financial risk, business continuity and resilience, and geopolitical risk — areas that previously carried less weight.
When identifying alternatives, pay attention to inherent risk factors
For an alternative third party, identify the inherent risks attached to the country and sector that it operates in. What has the impact of COVID-19 been in that country? How sensitive is that entity to potential changes in export legislation and governmental influence? Consideration of a wider range of risk factors, beyond those traditionally applied, will save time and effort when shortlisting new candidates.
For new third parties, be confident that screening is undertaken proportionate to the increased risks
Many supplier screening programs were devised for a differing level of risk. As the context has now changed, so too must the program. After shortlisting suitable alternatives, ensure that context-heavy, proportionate and risk-based screening is carried out to identify the legal, reputational or financial risks they may bring with them. Ask new third parties to outline their own COVID-19 contingency plan to see how well-prepared they are to face the pandemic and the knock-on effects. This approach will help to streamline workflows when looking at a high volume of entities.
Don’t forget fourth parties!
Until now many organizations have focused their risk assessment and corresponding integrity diligence solely on their immediate supplier. This ignores the fact that third parties often subcontract their own services and will have their own respective supply chains, also affected by the pandemic. The most critical fourth parties must undergo the same level of screening as third parties.