Events, legislation and new insights in the past year have highlighted the extent to which risks often go undetected in the supply chain, through exposure to business partners, third-parties or banks.

A report by Thomson Reuters – Third party risk: Exposing the gaps – looks deeper into the issue of how companies are managing their third-party business relationships. The report's author, Shaun Sibley, writes that, while companies recognise the need to conduct due diligence on third parties, “there are still large gaps in knowledge, resources and information to properly address all the risks”. One of the main problems highlighted in the report is that companies are not taking regulations seriously and don't believe they could be prosecuted for a transgression. For example, more than half (56 per cent) the companies think they are unlikely to be prosecuted for a breach of regulations. The report also found that companies carry out due diligence on fewer than two-thirds (62 per cent) of third parties. However, compliance remains a strong driver in persuading companies to monitor and assess third-party risks. As well as the risks to reputation, compliance is one of the main drivers in carrying out due diligence on third parties.

The findings of the survey, which polled 1,132 professionals (27 per cent of which are in treasury & finance), focused on how companies could find themselves exposed to risks (many that would pose serious reputational risks) such as bribery and corruption, modern slavery, conflict minerals and environmental crime, specifically through third parties.

Due diligence expected to increase next year

The survey found that:

• nearly half of the companies polled were not sufficiently knowledgeable about the risks they face;
• many companies struggle to detect risks and the main reasons given are lack of budget, time and data; and
• more than three-quarters (77 per cent) expect the time and resources spent on third party due diligence to rise next year (see graphic below), while 80 per cent of compliance professionals believe their personal liability will increase.

The Foreign Corrupt Practices Act

The survey also found that 14 per cent of third party risk management professionals do not use the Foreign Corrupt Practices Act (FCPA) to inform their decisions and 13 per cent are not even aware of this legislation. The report author writes: “This is top of the agenda for many companies managing third party relationships and with good reason – all ten of the biggest FCPA settlements involved the use of third parties. In the first quarter of 2016 alone, there were eight corporate FCPA enforcement actions and three individual resolutions, with companies paying nearly $500m in fines, penalties and settlements.”

Risk of not understanding beneficial ownership

Shaun Sibley also discussed some of the events in the past 12 months that have concentrated the focus on third-party risks. These have included the so-called 'Panama Papers', which leaked a huge amount of data regarding companies and individuals holding secretive offshore accounts to avoid taxation. This brought the issue of beneficial ownership into the spotlight and showed the risks of entering into a business relationship without first carrying out thorough due diligence of the third party. This infographic below shows a fictitious example of how complex the company connections can get and how, without full knowledge of beneficial ownership, past and present, a company can potentially expose itself to significant risk.

---

CTMfile take: This report really emphasises the complexity of third-party risk and how companies need to increase their efforts to manage it.