Quotidien Fintech, Blocktech, DeFi, Blockchain

Lundi 16 Juin 2014

What you don’t know about your business partners can hurt you

The corporate risk of doing business with external parties is a deepening problem, especially as companies globalize and supply chains lengthen.

Globalization and increasing regulatory pressures require organizations to examine their business relationships in order to assess risk, take informed decisions, and comply with laws. From an external perspective there are three main drivers for Third Party Risk Management:
- Anti-Bribery and Corruption legislation (FCPA and UK Bribery Act)
- Anti-Money Laundering requirements
- Emerging markets risks

As a result of these drivers, organizations are looking to build processes and programs to manage third-party risk that is efficient, scalable and fits their unique requirements. Our recent General Counsel Survey (Over the horizon: How corporate counsel are crossing frontiers to address new challenges) shows that Corporate liability for the conduct of third parties has pushed Third Party Risk Management into the spotlight. An effective third-party risk program would likely include the following three elements:
- Identification of Third Parties
- Third Party Risk Assessment
- Integrity Due Diligence

1. Identification of Third Parties

Third parties include business partners, distributors, agents, consultants, vendors, customers, logistics providers and others. Organizations may have thousands of Third Parties archived in systems in various geographies. Thus, the initial challenge is to understand the universe of Third Parties, the location of the data and the means with which to efficiently extract the specific data that will ultimately be used for the risk assessment. Once the universe of third parties and related data has been compiled, organizations would then need to apply initial analytics to eliminate those third parties that would clearly fall out of the scope.

2. Third Party Risk Assessment

After identifying and prioritizing the portfolio of Third Parties or where a new Third Party needs to be on-boarded, there should be a defined process that is then managed to gather further information about a Third Party and to perform a risk assessment to determine the appropriate level of integrity due diligence (IDD) for that particular TPI. The risk assessment can be performed on criteria that are relevant for the organization.

Examples of such criteria are:
- Country of operation
- Nature of relationship
- Country of payment
- Type of industry
- Length of relationship
- Significance of relationship
- Nature of relationship
- Degree of government involvement
- Annual volume of transactions

Following the completion of the risk assessment process, the TPIs can be categorized by risk so that the appropriate level of due diligence can be performed. This can also mean that no due diligence is needed.

3. Integrity Due Diligence

Based upon the results of the Third Party Risk Assessment a good next step is to have five possible actions:
- Deem that no further Integrity Due Diligence is needed
- Perform high-level screening of sanctions/politically exposed persons (PEPs)
- Perform enhanced desktop integrity due diligence
- Perform full, in-country due diligence investigative procedures
- Cease the relationship with the Third Party.

The fourth action is sometimes needed when online due diligence isn’t enough. Organizations may elect to undertake an in-depth Integrity Due Diligence of a Third Party, based on its preliminary risk rating, jurisdictional limitations and other previously identified risk factors.

Alternatively, based on the findings of earlier due diligence (including a high-level screening), the client may seek additional procedures to clarify the findings, address gaps or inconsistencies, or examine relationships more closely. KPMG’s global network of Corporate Intelligence and other Forensic professionals can undertake an in-depth Integrity Due Diligence that typically consists of targeted procedures combining in-depth desk research and field investigations to retrieve documents and information, conduct interviews and site visits. KPMG’s network of professionals can assist with prospective business partners and with local jurisdiction sources that may include business and commercial contacts, current or former associates of the Third Parties, etc. They may also contact colleagues in relevant jurisdictions who have in-country subject matter experience of political, government and business practices.

Don’t be caught off guard!
Applying the appropriate integrity due diligence to the right risk profile is critical to a successful program of managing Third Parties.

By Leo Hattenbach Director, Forensic

Les médias du groupe Finyear

Chaque jour (5j/7) lisez gratuitement :

Le quotidien Finyear :
- Finyear Quotidien

La newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises de la finance d’entreprise et de la finance d'affaires.

Chaque mois lisez gratuitement :

Le magazine digital :
- Finyear Magazine

Les 6 lettres digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- Le Capital Investisseur
- GRC Manager
- Le Contrôleur de Gestion (PROJET 2014)

Un seul formulaire d'abonnement pour recevoir un avis de publication pour une ou plusieurs lettres

Finyear: latest news, derniers articles

Inscription à la newsletter

Flux RSS