Diversity and Inclusion as a Third-Party Risk Management Tool

5 minute read

July 2021

Diversity and inclusion initiatives are helping organizations to increase profitability, boost their reputation and even strengthen their third-party risk management program.  

Organizations should consider the importance of diversity and inclusion as an overlooked third-party risk management tool. As emerging standards force organizations to evaluate if their current diversity and inclusion initiatives are effective, organizations will need to assess whether their third parties support these efforts. This article will explore how diversity and inclusion policies can be leveraged as a third-party risk management tool to create an ethical company culture and drive risk out of the organization.  

Emerging Diversity and Inclusion Standards for 2021

Until very recently, countless industries were dominated by outdated standards that were inherently discriminatory against minority groups. There’s good news: regulatory bodies are working to change this reality by introducing targeted reforms.  

In the finance and banking sector, the introduction of the Dodd-Frank Wall Street Reform and Consumer Protection Act Section 342  required all covered federal agencies to create an Office of Minority and Women Inclusion (OMWI). The federal OMWIs are responsible for all matters relating to diversity in management, employment and business activities within the agencies.   

Each agency’s OMWI was directed to develop standards for assessing the diversity policies and practices of their respective regulated institutions and reporting annually to Congress on its own diversity and inclusion progress and the data received from its regulated institutions. The standards encourage institutions to address four areas: 

  • Organizational commitment to diversity and inclusion
  • Workforce profile and employment practices
  • Procurement and business practices; supplier diversity
  • Practices to promote transparency of organizational diversity and inclusion

In addition to these standards, the combination of a recent Nasdaq proposal and a new California law, AB979, gives banks and other corporations a deadline to diversify their boards. The Nasdaq proposal stipulates that organizations have at least one director who self-identifies as female and another who self-identifies as a minority from an underrepresented community. Any failure of an organization to meet the requirements of the proposed rules in the next 2-4 years will require them to explain that failure.  

In California, the new law AB979 requires that public companies increase their diversity by 2023. The law applies to all domestic and/or foreign companies that have their primary office in California. Under the law, companies are required to increase diversity for underrepresented communities, including African Americans, Hispanics, Asians, Native Americans, and members of the LGBTQ+ community. Organizations that are found non-compliant may be subject to penalties and fines.  

Many organizations will need to implement diversity and inclusion policies to achieve compliance with these new standards. Additionally, organizations will need to conduct pre-contract due diligence and ongoing monitoring to gain insight on how their third parties are adapting to diversity and inclusion mandates. 

Benefits of Diversity and Inclusion for Third-Party Risk Management

Regardless of compliance with these emerging standards, implementing diversity and inclusion policies adds significant value for the organization and its third-party risk management program. A more diverse workplace inherently opens the talent pool, allowing for greater insight into different markets, suppliers, and clients, ultimately helping organizations increase their success and boost profits. According to McKinsey, researchers found that companies with more diverse executives were 33% more likely to see above-average profits.  

Employee diversification is only one aspect of broader diversification. When applied as a third-party risk management tool, diversity throughout the vendor population can increase the organization’s risk tolerance.  

Disruptions in your supply chain or vendor population are worsened without a diverse supplier base. Natural disasters, political turmoil and economic downturns can impact overall operations and cost your company valuable resources. A diverse set of vendors can reduce supply chain vulnerability by limiting concentration risk.  

A 2019 report from Hewlett Packard showed many benefits from businesses that have diverse suppliers. From companies throughout the service and manufacturing industries, the study demonstrated that organizations with a strong focus on supplier diversity produced a procurement ROI that was 133% better than other comparable organizations. The study stated that this helped generate, on average, an extra $3.6 million to the organization’s bottom line. 

Several supplier diversity certifications are key to track throughout onboarding and continuous monitoring. Such certifications provide diversity documentation to ensure that a potential or current supplier meets the organization’s diversity and inclusion standards. These include but are not limited to certifications from:  

Even with the help of these certifications, achieving diversity throughout the extended enterprise has proven to be more difficult than one might think. Too often, organizations develop diversity policies that look great on paper and then fall flat when put into actual practice. Organizations often make the critical mistake of failing to align diversity policies and practices with their operational and strategic goals.  

Worse, an organization can be brought down by their third party’s poor diversity and inclusion efforts. Organizations must establish sufficient knowledge of their third parties for lasting success in diversity and inclusion initiatives. One way this can be achieved is with business ratings that score a third party based on their diversity and inclusion practices. 

Finally, organizations often lack the info-structure and technology to track diversity throughout the extended enterprise. A Vendor Risk Management tool can automate and streamline diversity and inclusion assessments to help the organization advance initiatives and meet its goals. 


A company’s true values are measured internally and, in its relationships, making it imperative that companies know exactly who they are doing business with. A negative reputation is hard to bounce back from – both financially and reputationally in our hyper-connected world.Charges of discrimination and a blatant lack of diversity throughout the organization can severely threaten a company’s success.  

Today’s most successful brands have added immeasurable value by developing a reputation for diversity and inclusion. An article from Risk Management Magazine suggests that successful diversity and inclusion initiatives begin with an equitable company culture – something organizations can work towards with effective leadership training and handbooks that outline the company’s diversity and inclusion policies. 

In an increasingly diverse world, implementing inclusion and diversity screening into not just internal hiring but third-party onboarding and monitoring just makes sense. From a compliance perspective, staying up to date on diversity and inclusion reforms as they arise will help your organization avoid penalties. From a supplier risk management perspective, diversifying your suppliers will strengthen your supply base and add business value.  

Making diversity and inclusion a priority throughout the extended enterprise requires organizations to have complete visibility into their third-party population. ProcessUnity Vendor Risk Management centralizes and automates the vendor lifecycle – from onboarding to due diligence. To learn more, visit https://www.processunity.com/third-party-risk-management/ 

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.