Third-party risk: Re-thinking vendor assessments

Third parties can introduce substantial risk into global supply networks, but rigorous vendor risk assessments can be costly and time-consuming to complete. By adopting a data-first approach, you can simplify and optimize your vendor onboarding, without compromising the quality of risk screening and due diligence.

• Find out how ProcessUnity and LSEG work together to deliver trusted data for vendor assessment purposes and help simplify the process of conducting due diligence of vendors during onboarding.
• Learn how adopting a data-first approach can help you simplify and optimize your vendor onboarding, without compromising the quality of risk screening and due diligence.

The changing environment around vendor risk assessment

Against a backdrop of rising fraud, bribery, corruption and other forms of financial crime, corporate organizations are acutely aware of the potential risk that third parties can introduce into global supply networks.

A strict regulatory environment, combined with the threat of potential reputational damage if responsible business practices are not ensured throughout third-party networks means that robust third-party risk assessments combined with screening and monitoring are critical for organizational success.

Furthermore, risk professionals are increasingly aware of the need to conduct multi-faceted risk assessments investigating a range of potential risks. For example, it is no longer enough to assess information security or cyber risk alone. Organizations need to fully assess, monitor and manage a range of potential third-party risks, including environmental, social and governance (ESG), integrity, identity, operational, financial, reputational risks, and more. Companies are increasingly expected to adopt a sophisticated risk-based approach to compliance because of the strict-liability nature of most sanctions’ regimes. The risks associated with sanctioned entities and individuals are often hidden due to complex supply chain networks and ownership structures. In a backdrop of geopolitical tensions, it is paramount for organizations to have access to trusted, accurate and comprehensive screening data, a key pillar of a robust compliance program.

When assessing vendor risk, this need for a multi-faceted approach translates into lengthier, more complicated onboarding processes, usually including detailed questionnaires, which can create vendor and analyst fatigue and place undue pressure on often scarce resources.

The challenge of collecting the right data

Screening has a pivotal role to play in all aspects of third-party risk management (TPRM). The right screening datasets can help risk and compliance teams build a holistic picture of potential risk, more easily identify relationships where heightened risk may be present, spot trends, pinpoint concerns, and more.

That said, collecting the data directly from your third parties is not always a straightforward task. This can impact the veracity of the entire risk assessment process, because without complete and trusted data, effective risk assessment is impossible.

Looking specifically at risk assessments in the vendor onboarding space, gathering robust and complete data for each vendor can quickly become a substantial challenge. Vendor provided data may not be objective, in part because vendors may not provide an accurate or complete picture of their risk profile. Responses can also be incomplete if vendors simply don’t respond to requests for information at all. Repeated requests for information can become time-consuming, costly and slow the pace of business – but, more than this, they can create negative experiences that damage key vendor relationships.

Reducing your risk assessment burden

ProcessUnity has partnered with LSEG’s flagship risk intelligence database World-Check to address these data and scalability challenges and deliver a solution that reduces the vendor assessment burden by adopting a data-first approach. This allows customers to screen third parties and their beneficial owners (individuals and organizations) against the World-Check database and use the Media Check screening tool to further support their due diligence needs in the fight against financial crime, bribery, and corruption. The data provided simplifies compliance with regulatory obligations relating to anti-bribery anti-corruption (ABAC), enabling detailed screening and monitoring of politically exposed persons (PEPs) and heightened risk individuals and entities.

Our combined capabilities deliver trusted data for vendor assessment purposes and simplify the process of conducting due diligence of vendors during onboarding. In this way we help to empower TPRM teams to complete vendor assessments faster and gain greater coverage across their vendor portfolio. ProcessUnity also uses data from additional sources including the Global Risk Exchange and flags the potential discrepancies in vendor responses for you, so teams spend less time chasing and validating vendor identity and ultimate beneficial ownership (UBO) data.

It’s worth noting that data can be incorporated into a variety of TPRM use-cases, including procurement due diligence (determining which vendors to contract from a shortlist), onboarding, ongoing monitoring, and more. ProcessUnity offers a variety of complete, proven third-party risk program workflows developed to facilitate ongoing monitoring needs throughout the entire vendor lifecycle, and integrates with World-Check screening to help customers mitigate risk and continuously assess vendors more efficiently. Companies using the combined offering can support bribery and corruption risk management as a part of their TPRM program.

When assessments run smoothly, questions aren’t duplicated, and vendors aren’t repeatedly asked the same questions they’ve already answered. Additionally, teams can ensure a happy, stable vendor relationship, and mitigate the potential inheritance of third-party risk in the process.

This partnership is just one example of using a data-first approach, supplemented by leading technology, to simplify risk management in an environment that is increasingly complex and demanding – and to remain on the right side of an evolving regulatory risk curve without slowing the pace of business.

—

To dive deeper into the unified approach provided by the ProcessUnity workflow and World-Check database, please visit our webpage: https://www.processunity.com/vendor-screening-intelligence-lseg-risk-intelligence/