Vendor risk management has been on the agenda for years, and it’s no surprise why. With almost 90 percent of FCPA enforcement actions involving third party intermediaries and more than half of all cyber breaches being traced back to third parties, the risks are clear. Yet recent studies have shown that 51 percent of external relationships are not going through a formal due diligence check at the onboarding stage. Why aren’t vendor onboarding best practices sticking?
With new factors shaping our world, such as ESG requirements and unforeseen business disruptions like coronavirus, what is holding companies back from actually implementing a strong risk-based program? We take a look at some of the main issues with the vendor onboarding process and how they can be addressed.
It’s Complicated
It’s estimated that organizational ecosystems are growing at around 15 percent year over year for both relationships and transactions. Most compliance professionals have seen this first hand. From global growth to extended supply chains, it can be hard to keep track of growing numbers of vendors, especially if you are required to extend screening out to second, third, or even fourth tier vendors. Throw in the impacts of coronavirus, and the problem can seem insurmountable.
For some businesses, legacy systems might not be able to take the strain of such complexity. In other cases, a decentralized process or a complicated and inefficient paper-based system magnifies the problem. Whatever your industry, gaps can become evident in the process as vendor structures become more intricate.
There Just Aren’t Enough Resources
There is no doubt that compliance budgets are under pressure, but the COVID-19 pandemic has magnified this effect significantly. Compliance teams are being asked to do more with less despite growing regulations to combat financial crime. Technology can provide a solution through efficiencies of scale, but rolling a system out too hastily can mean poor quality results and more risk exposure.
Reduced staffing levels or inexperienced team members can also have a negative impact on a compliance team’s capacity to manage the vendor onboarding process effectively. When resources are stretched, firefighting can end up becoming the norm instead of the exception, and thereby distracting from proactive compliance.
How Do You Get to the Bottom of ESG?
COVID-19 sharpened the focus on ESG factors, but prior to this there was growing momentum behind the trend for sustainable vendor management. But almost half of compliance professionals find it difficult to identify environmental, social, and governance risks within customer due diligence processes.
With the growing focus on green crime, businesses need to establish robust supply chains that can stand up to growing investor scrutiny. Unearthing issues around environmental risks as part of vendor onboarding requires specialized research skills, experience sleuthing through public records, and thoughtful analysis of past or current litigation. For compliance teams, getting to the bottom of these issues for vendors takes time and expertise that may not yet be evident in-house.
Getting Ahead of Vendor Risk
Supply chain resiliency is critical as we continue to battle the outcomes of the COVID-19 pandemic. The ability to identify third-party threats before they become major barriers plays a significant role in building resilience and there are financial benefits to this too. Research shows organizations that take a more proactive approach to extended enterprise risk management can improve their bottom line by as much as three percent.
IntegrityRisk has extensive experience helping businesses manage their vendor onboarding processes to help minimize risk. Here are five considerations to help you address the most common problems.
- Take a risk-based approach – It’s been said time and time again, but it remains at the heart of a best practices approach. Taking a risk-based approach enables you to manage your available resources and focus on the highest risks to your business first.
- Be consistent globally – Accessing global information takes special knowledge and language skills. Having a defensible, auditable process in place and working with due diligence partners will identify red flags and reduce complexity.
- Prevent hidden surprises: Whether it’s ESG related or reputational, staying informed of changes in circumstances through perpetual monitoring means you don’t have to rely on voluntary disclosure from your third parties.
- Plan to remediate: The pandemic required some quick pivots, especially when it came to supply chains. Developing a remediation plan to address any gaps in third-party screening will strengthen your business should there be any regulatory scrutiny.
- Ensure it is well designed: Building and operating a compliance environment that is comprehensive, consistent, and fully up to standard isn’t easy. Working with a partner like IntegrityRisk positions you ahead of risk through established vendor best practices that allow you to keep your vendor onboarding on track.
Get ahead of vendor risk with comprehensive third-party screening from IntegrityRisk. Reach out today to simplify your vendor onboarding process.