©Tetra images/Getty Images
©Tetra images/Getty Images

Planning for third-party business risk

17 April 2020

Third-party risk is increasingly complex and the process of managing this risk, plus compliance, can be painful, says Neil Isherwood, due diligence subject matter expert at Dun & Bradstreet.

He recommends creating a process, first identifying the supplier and its relationships, and verifying these against the business in a risk-based approach. Then, to establish the business’s ultimate beneficial owners, using that information based on your company’s risk tolerance.

Screen the supplier for sanctions, and reputational or litigation risk, and assess the risk of the entity to confirm the supplier passes your compliance policy.

Next, establish a reporting process to show you have undertaken the policy set out, and are adhering to it and the process.

Lastly, create a process to monitor suppliers for changes, and plan how you will deal with this.

Four key tenets to ensure best practice in third-party risk planning:

1. Set and stick to your policy.

2. Use a risk-based approach and find ways to segment your portfolio accordingly. This makes it easier to onboard suppliers and manage less risky customers, leaving time to scrutinise those in more risky industries or countries, or who have shown non-compliance previously.

3. Establish a secure ID and verification of businesses and the people connected to them. Verify that the data provides a holistic picture, having searched for financial risk.

4. Look at automating your third-party data collection, which can shorten the process of onboarding, and establish rigorous monitoring and repeat due diligence processes.

LATEST
JOBS
Bristol
GBP45000.00 - GBP55000.00 per annum + Excellent Package
Bramwith Consulting
Flexible location with some days in London
Up to £140k plus bens
Langley Search & Interim
SEARCH JOBS
CIPS Knowledge
Find out more with CIPS Knowledge:
  • best practice insights
  • guidance
  • tools and templates
GO TO CIPS KNOWLEDGE