Third Party Risk Assessment

-

A business should be well aware of the importance of completing due diligence on third parties before engaging in any transaction, even if it is for a short period of time. Third-party assessment is now more important than ever due to new regulations and guidelines. These third party poses significant compliance risks, including facilitation payment, bribery, corruption, sanctions, data privacy and more, can be introduced into a company's operation.

Some of the regulations that compel businesses to do risk assessments on third party (below list is not exhaustive)

Every business such as banks, insurance companies, payment businesses, financial institutions etc, must conduct third party due diligence. I believe that in the years to come, we will see more stringent and mandatory guidelines from global and local regulators.

So, how can we comply and strengthen our business before the regulator knocks on our door and fines us heavily? We can either outsource it to consulting firms or establish an in-house process. In my experience, it is always preferable to expand the compliance process rather than rely on external consulting firms. As a result, I will share best practices for conducting third-party due diligence.

A Holistic Approach to Managing Third-Party Risks

  1. Scope: The operating handbook should include a clear and simple definition of what constitutes an assessment.
  2. Risk Factors: The process ought to list the risk category, such as anti-corruption, sanction, anti-bribery, data privacy, human rights, and Environmental Social Governance (ESG). This depends on the jurisdiction and regulatory guidelines.
  3. Types of Risk: Country/geography, type of engagement, vendor size, web presence, red flags, and many other factors vary according to the procedure.
  4. Risk categorization: Each vendor should be assigned a risk level high, medium, or low. Some prefer to keep one more risk category, say very high, to closely monitor such a vendor. 
  5. Adverse Media Screening System: A good adverse media screening tool is necessary to identify red flags involving third parties and their associates.
  6. Continuous monitoring: A procedure for ensuring that vendors follow all applicable contractual requirements and legal duties.
  7. Training and Communication: Third-party training for all vendors or high-risk vendors and proper communication to third parties regarding business expectations.
  8. Risk-based approach: A risk-based approach must be used when dealing with low-risk vendors.
  9. Document Management: Complete documentation, such as contracts, screening files, reports, and so on, must always be stored in one location.

For effective implementation, a policy document or SOP outlining the procedure is necessary. Due diligence without a manual is ineffective and, in fact, leads to further challenges. The first thing regulatory authorities look for is policies, SOP, guidelines, or any other type of written document that guides the risk assessment team. Few examples of policy could be Anti-Money laundering policy, Sanction policy, Anti-Bribery policy, Human rights policy, ESG, Data Privacy and others.

Don't get confused by the terminology; each industry has a distinct name, but the purpose is the same. Some of those I am familiar with include third-party  vendors, agents, business associates, intermediaries, and suppliers. The overall approach for performing due diligence remains the same.

 
        source: google.com
 

Comments

Post a Comment

Popular posts from this blog

Corruption: A Deep-Rooted Challenge

-
Image
Corruption represents a significant threat to the integrity of societies, damaging public trust and impeding the effectiveness of governmental institutions in meeting the needs of their citizens . Consider how a parent might offer a toy to encourage a child to eat; this basic act of using incentives to influence behavior, while harmless in this context, illustrates our fundamental understanding of how rewards may influence behavior. While these everyday examples may appear minor, they reveal a pattern of behavior that has persisted throughout human history and emerged in more serious ways across civilizations. History Corruption derives from the Latin term corruptus. The word is the past participle of corrumpere, which means "mar, bribe, and destroy." The Oxford Dictionary defines it as “dishonest or fraudulent conduct by those in power, typically involving bribery."   Corruption has been a chronic problem since the time of the Egyptians, and it is now prevalent in ...
Read more

#IsBoycottChina a good Idea?

-
Image
I find this very amusing that every year some or the other way Indian people start trending boycott China, and this time it all started with boycott Chinese apps (i.e. TikTok). But are we doing anything apart from boycotting? Are we focusing on the right things so that we don’t have to trend boycott China every year?       India is notorious when it comes to banning. What is it this year you ask? Indians are going after the Chinese products, particularly TikTok, the number one trending app. Is boycotting the right thing to do?       Let's put this thing in perspective,        "Imagine you are a deer. You have essentially only four things to do during the day: sleep, eat, avoid being eaten and socialise (by which I mean mark a territory, pursue a member of the opposite sex, nurse a fawn, whatever). There is no real need to do much else. Now imagine you are a human being. Even if you only count the basic things, you have rather more...
Read more

SDD/ CDD/ EDD = DD

-
Image
The title may appear unusual without any context, and you might be wondering about it. The reason is that everything I've encountered lately has centered on DD which stands for Due Diligence. A term you might have come across in various contexts. However, I’m here to provide my perspective on due diligence specifically in relation to Anti-Money Laundering (AML).   What exactly is due diligence? Is it merely research focused on a particular topic, or does it involve uncovering elusive details? Due diligence is a blend of the both; it represents a thorough investigation aimed at uncovering factors that could influence a process, a decision, or any significant matter at hand. For compliance professionals, due diligence means gathering and documenting crucial information required by regulatory authorities guidelines. This includes details about the business, key stakeholders, any negative media attention, as well as relevant policies and codes of conduct. Even though thi...
Read more