Refinitiv has published the findings of its fourth third-party risk survey. The report highlights the pressures that organizations face when managing risk associated with third party relationships, intensified by managing an average of almost 10,000 of these relationships across the world, and reveals the hidden dangers in supplier, distributor, and partner relationships. In particular, the report showcases the significant threats COVID-19 poses to third-party risk management and supply chain stability, potentially exposing companies to fraud and threatening their business operations.
Despite greater regulation and stronger enforcement action, the report finds that organizations are struggling to gain visibility over third-party risks and take appropriate action. The survey found that on average, 43% of third parties do not receive due diligence checks, an increase of 6% compared to the responses found in Refinitiv’s 2016 Third-Party Risk Survey. When it comes to reporting a third-party breach, 53% of respondents would report internally, and only 16% said they would report it externally. Additionally, 61% believe that prosecution would be unlikely if the organization breached third-party-related regulations.
COVID-19 is set to have a substantial impact on the risk landscape, particularly in terms of supply chain and third-party risk. Global supply chains can create competitive advantages for businesses and cut costs for consumers, but they also carry significant risk. If businesses do not have clear insight into all levels of their supply chains and the ability to conduct due diligence quickly and easily, they cannot hope to mitigate or manage their risk. However, 62% of respondents noted they do not know the extent to which third parties are outsourcing work. For those countries surveyed in 2016, the rate decreased from 59% to 57%. Further, only 15% of global respondents reported they had sufficient knowledge of the risks associated with pandemic and epidemics.
“COVID-19 has exposed the fragility of supply chains and demonstrated how critical due diligence is to identify and manage multiple risk scenarios, whether it be country risk, jurisdiction risk, or the concentration risk of over-exposure to vendors or geographies. As a result, businesses are likely to build greater visibility and resilience into their supply chains in the future so they can more thoroughly assess and mitigate supply chain risks and increase actions taken in all aspects of third-party due diligence,” says Phil Cotter, Managing Director of the Risk business at Refinitiv.
The survey also found that 63% of respondents agree that the current economic climate is encouraging organizations to take regulatory risks in order to win new business. The rising importance of green issues is also included the report. When surveying institutional investors, 84% stated that ‘greenwashing’, by providing misleading environmental credentials, is becoming increasingly common.
“As regulators increasingly focus on sanctions, corruption, sustainability, and human rights, companies must upgrade their risk management capabilities in order to continue to reap the benefits from working with third parties,” says Charles Minutella, Head of Enhanced Due Diligence at Refinitiv. “Our report shows that many companies today are not taking necessary actions to protect themselves against the risk of criminal activity and regulatory enforcement. Additionally, the sentiment toward ongoing monitoring and reporting of breaches highlights the need for more overall due diligence resources, education and approaches. Better data, greater technological innovation and new forms of collaboration are crucial when it comes to reducing third-party risk."