Global companies are opening themselves up to greater risk including bribery and corruption and modern day slavery by conducting due diligence on just 62% of their suppliers, distributors, and third party relationships, with only 36% fully monitoring the ongoing risks and 61% not even knowing the extent to which third parties are outsourcing their work, a global Thomson Reuters survey has found.

The survey

Thomson Reuters’s survey of over one thousand respondents -- including compliance and risk, procurement, operations and legal professionals across nine countries -- highlights the turmoil and pressures that organizations face when managing risk associated with third parties, exacerbated by having to cope with an average of almost 10,000 of these relationships in various regions of the world. (For a copy of the report, ‘Thomson Reuters 2016 Global Third Party Risk Survey’*, see.)

Main findings

The survey revealed that:

• Struggle to detect risks: 66% of respondents revealed they know where risks may materialize, but struggle to employ processes to detect them. This issue is expected to intensify, with 77% expecting more time and resources being required to conduct adequate due diligence on third parties over the coming year
• Personal responsibility: 
  • 80% believe their personal liability will increase over the next year. 
  • 65% of all respondents believe the current economic climate is encouraging organizations to take risks with regard to regulations in order to win new business. This pressure is encouraging those who should be protecting companies to take on risks
  • one in three respondents stated they would not report a breach internally if it concerned a third party with which they are working, although some (11%) might still report it externally. 
  • just over half think they are unlikely to be prosecuted if they did breach regulations. (Most surprisingly, a high proportion of respondents from the U.S. and the U.K. agreed with this, at 61% and 56% respectively, even though these countries have some of the strictest regulations in place.)

Thomson Reuters comment: “Despite recent large fines for breaching regulations, we were surprised that 63% of respondents agreed that ‘winning new business is a priority and as a consequence might breach regulations,’ the most startling result coming from the U.S. with 79% in agreement. This demonstrates the immense pressure organizations are under and, as a result, professionals may be willing to take risks to drive business,” said Shaun Sibley, managing director, Supply Chain and Commodities. 

Plug for third party services

Not surprisingly the Thomson Reuters Press Release contained the following plug, “Aside from the pressure to adhere to regulatory requirements, there are significant benefits from working with third parties, including helping companies be more competitive. More than seven in ten respondents claim third party relationships have allowed their company to be more flexible and competitive. Carrying out thorough third party due diligence not only ticks the regulatory box and helps mitigate against reputational damage, financial risk and data security, it also drives an organization’s business.”

Future challenges

Respondents cited the following as key challenges they are facing and looking for support on:

• lack of data available – 41%
• resource constraints including budget and time – 38%
• limited knowledge of the risks they face – 32%
• lack of support prioritization at a board level – 29%

Not only this, many respondents felt they did to have enough understanding of third part risks, “Less than half of respondents claim to be sufficiently knowledgeable about third party risks such as bribery and corruption and modern day slavery; they also admit to having gaps in their processes to manage these risks. Therefore, it is clear that the private and public sectors need to come together to share information and data and also put solutions in place to eliminate these risks,” said Sibley.  

——

* The survey was conducted by FTI Consulting on behalf of Thomson Reuters in August and September 2016 with 1,132 global third party relationship/risk management/compliance professionals at organizations in North America, South America, Europe, Asia and Australasia.

---

CTMfile take: This survey reveals a dire situation with many respondents prepared to breach regulations just to win business even though most respondents feel their personal responsibility is growing, plus a huge lack of understanding of the full extent of the risks in their business. The role of third party support providers can only grow in helping companies understand and manage their business risk exposures.