Implementing Third Party due diligence in supply chain 

The major objectives of businesses include getting their works, products, goods or services (outputs) to end-users that value them. Most businesses, especially in the manufacturing sector, cannot operate alone. They engage third parties in the supply value chain of their outputs (works, products, goods and services). Businesses must do due diligence on the third parties that they want to get involved in the distribution of their outputs as a regulatory or ethical measure or both. Increased regulatory and consumer scrutiny on the integrity of businesses have changed how businesses operate in recent times.

Now, the spotlight is turning to third parties and vendors that work on behalf of businesses or as part of their supply chains. Setting and enforcing appropriate standards in business is one thing, but introducing a robust and reliable set of procedures that can uncover risks and protect a business and its reputation by an organisation is another. In the past, businesses must scrutinise and investigate the background of third parties that want to do business with them by themselves. Nowadays, there are specialist companies that do background checks of companies and individuals for fees.

A disclosed principal may be liable for money paid to his agent (third party) in respect of transactions conducted by the agent with his authority. While government requirements and orders on businesses require compliance to avoid punishment which may be prosecution and or fines, some business requirements are matters of ethics. Businesses must ensure that they engage third parties that will comply with these government and business ethics requirements. For example, it is a government requirement that all restaurants must have clean toilets for staff and customers, and clean eating areas devoid of cobwebs, chair and table dust and dirt on the floor. If a franchisee of a brand (for example MacDonald fast food chain) refuses to comply with these basic requirements, it will generally affect the goodwill of the franchisor and all its business chains.

Businesses must identify their risks and priorities and turn the identified risks into a reliable programme. Their set priorities must be given to the third party who wants to do business with them. This can only be ensured by carrying out third-party due diligence. Third-party due diligence is the investigation that a person or business is expected to carry out before entering into a contract or agreement with another party. By law, there are scopes of third-party due diligence and best practices in conducting due diligence. The following is the process of carrying out third party due diligence:

Step 1 – Understand Compliance Concerns: The global nature of business today subjects all businesses to a growing number of regulations and a greater need to mitigate risk exposure through partners and third parties, regardless of where your business is located. Businesses are responsible for what their accredited distributors do while doing business. Businesses must therefore understand the compliance requirements of the community where their third parties are doing business.

Step 2 – Define Corporate Objectives for Due Diligence: Due diligence process needs to align with the strategic, financial, regulatory, and reputational risks of organisations. This is especially true for organisations doing business with third parties in countries that attract high levels of regulatory scrutiny.

Step 3 – Gather Key Information: For a corporate entity, organisations need to collect basic information including, incorporation documents of the third party, details on key shareholders and beneficiaries, group structure, board members, other associates and official references from banks and disclosure offices. For an individual, organisations need to focus on gathering proof of identity, source of wealth and funds and potential political links.

Step 4 – Screen Prospective Third Parties against watch-lists and Politically Exposed Persons (PEPs): Once a basic level of vetting has taken place, prospective third parties – both companies and individuals – should be subjected to a watch-list screening process.

Step 5 –  Conduct a Risk Assessment: After preliminary information collection and watch-list screening has taken place, perform a risk assessment. Considerations should include: country of origin of risks such as those identified by Transparency International’s Corruption Perceptions Index rating, specific sector risks like a high level of government involvement that might increase corruption risk, especially in the defence industry or dependence on local agents that might increase bribery risk in the construction industry, entity risks such as the use of intermediaries in transactions, joint-venture partners and exposure to money laundering, essential internal factors related to financial risk including deficiencies in employee training, skills, and knowledge.

Step 6 – Validate the Information Collected: Following risk assessment, the due diligence process should include verification of the information that has been collected. For low-risk third parties, this final screening involves corroborating details against public records, a credit check, and using specialised databases. High-risk third parties require an enhanced due diligence process of the entity itself, as well as known associates, subsidiaries, and other related entities. Negative news checks establish potential reputational risks from media archives. Additionally, check against court databases to search the litigation history of the prospective client or third party.

Step 7 – Audit the Due-Diligence Process: Throughout the due diligence process, organisations need to maintain a comprehensive record of relevant documents, assessment, and decisions to ensure they can demonstrate and prove that decisions to engage with partners or third parties were made in good faith.

Step 8  –  Establish an On-Going Monitoring Plan: Once a third party has been vetted, you still need to actively monitor the relationship to ensure that you are aware of potential problems before your organisation is put into problems.

Step 9  –  Review Your Due-Diligence Process Regularly: Business strategy needs review. Commit to periodic reviews with stakeholders to ensure that the due diligence process always aligns with those needs over time.

It is noteworthy to state that automation and digitisation are industry trends driving greater scrutiny on third parties in modern times. To incorporate automation into your due diligence process, it is necessary to create a Third Party Due Diligence Process Map; Identify Elements that could be automated and Evaluate the return on investment (ROI) of automation.

Common challenges that organisations face when conducting third-party due diligence include: (1) Not knowing what questions to ask, (2) Inadequate technology, (3) Poor communication, (4) Slowness of execution, (5) Unplanned costs, (6) Lack of expertise, (7) Team buy-in, (8) Incomplete information, (9) Sunk Costs, and (10) Using information gathered to make an accurate evaluation.

Having a comprehensive, effective third party due diligence programme in place is critical in helping organisations avoid costly fines, as well as other non-monetary penalties. Government and industry agencies around the world are scrutinising organisations’ activity related to their party vendors as ignorance is not an excuse in court.

• business a.m. commits to publishing a diversity of views, opinions and comments. It, therefore, welcomes your reaction to this and any of our articles via email: comment@businessamlive.com