With Third-Party Risk, No Corporation Is An Island


Globalization means businesses are forced to work with unfamiliar partners — exposing themselves to new forms of risk. The latest research shows a lack of due diligence and risk mitigation is costly. PYMNTS breaks down just how costly third-party risk can be, whether through collaborating with business partners or striking deals with new members of their international supply chains. As the data shows, no business is an island.

230 countries are covered under the Thomson Reuters World-Check database, the result of a collaboration with SAP announced last week. Together, the companies are launching the database for corporate users of the SAP Business Partner Screening app to help mitigate third-party risk and ensure compliance. The database includes a list of individuals and businesses that are considered higher-risk and covers 530 regulatory, sanction and watch lists. According to Thomson Reuters’ Managing Director of Risk & Supply Chain Phil Cotter, the database helps companies automate risk mitigation and screening to ensure their third parties won’t get them into trouble down the road.

50 percent of businesses don’t have a dedicated third-party risk management tool, research from MetricStream revealed last week. According to MetricStream Chief Evangelist French Caldwell, the data makes clear “that many enterprises are yet to grasp fully how vital risk management is, but businesses can no longer plead ignorance. They are responsible for the actions of their third parties, and they will bear the brunt of any fallout.”

35 percent of risk and compliance professionals believe bribery will go up this year, found a new report from Kroll and the Ethisphere Institute. Forty percent of those surveyed believe that their exposure to bribery and corruption risks will come from third-party violations, too. Researchers found that more than half of the firms surveyed have encountered legal, ethical or compliance issues with a third party after initial onboarding due diligence. “Firms need to determine a level of monitoring so they can react appropriately, in a timely manner, to any changes in a third party’s risk profile,” said Kroll Managing Director Robert Huff in a statement.

24 years have passed since global supply chain risk has hit levels seen today, with Dun & Bradstreet’s latest CIPS Risk Index, developed for the Chartered Institute of Procurement & Supply, hitting 82.64. Several factors are behind the trend, including the emergence of the middle class in China and rising payrolls — which leads to suppliers shifting supply chains into nearby Indonesia — as well as Brexit, resulting in a depressed pound and rising import costs. According to reports, however, the highest supply chain risk is experience in the Asia-Pacific region, while globally an increase in protectionism will lead to continuing increases in supply chain risk, researchers declared.

20 percent of companies face significant third-party risk exposure, according to more data from MetricStream Research. For those businesses that have been exposed to this type of risk in the last 18 months, a quarter of them said they have faced financial losses of at least $10 million because of it. The report, which surveyed more than 40 companies across 15 industries, revealed that the rise in outsourcing means companies are often putting themselves in a position of data security breaches, business disruptions, corruption and compliance risks. Interestingly, MetricStream found, the rise in fourth-party risk is also gaining steam as businesses are not only held responsible for their third-party partners, but also for that party’s own vendors and business partners down the supply chain.