War in Ukraine: Monitoring Resiliency in Your Vendor Network

5 minute read

March 2022

As the world turns its attention towards the escalating conflict between Russia and Ukraine, companies are scrambling to understand the downstream effects on their business. Sanctions, cyber warfare threats and interruptions to Russian and Ukrainian business operations pose unforeseen risks that organizations must prepare to tackle.  

Today’s world is more interconnected than ever before. Even if your business does not have Russian or Ukrainian partners, it could still feel the ripple effects of this large-scale global event. The time to ensure that your vendor network can withstand tough times is now. 

Emerging Risks from the Russian-Ukrainian Conflict

Countries around the world – including the US, UK, Japan and Australia – imposed sanctions on Russia in response to their invasion of Ukraine. The sanctions will have immediate and far-reaching consequences on Russia’s economy. For example, those imposed by the United States prevent Americans from engaging in any transactions with Russia’s central bank. The country’s stocks and currency have already taken a hit, directly threatening the financial resiliency of Russian companies – and the global organizations that rely on them.  

To make matters worse, cyber experts warned of retaliatory cyberattacks on US banks in response to the sanctions. Banks face the threat of ransomware and malware attacks, denial-of-service attacks, and data wiping and theft. 

The threat of cyberwarfare extends beyond banks. Russia has already executed several cyberattacks on Ukraine: Ukrainian websites were defaced and taken offline, and data wiping malware was unleashed on government systems. These attacks demonstrate Russia’s ability to target their enemy’s defenses and interrupt critical infrastructure.  

Tips and Tools to Monitor Resiliency in Your Supplier Base

The risks detailed above aren’t going away, and your organization needs to prepare for their consequences. Whether or not you have suppliers in Russia and Ukraine, it’s a good idea to monitor the status of your vendor population as the situation evolves.  

Here are a few areas to consider monitoring in your vendors, along with tools to help you do it:  

Financial Health: The stringent sanctions on Russia directly impact the financial health of Russian financial institutions. You’ll need to be aware if a partner’s financial viability begins to degrade so that you can make informed decisions about the relationship.  

  • Tip: Incorporate financial health ratings into your third-party risk process for comprehensive, real-time visibility into a vendor’s financial viability. Ratings provide updated data that allow you to increase monitoring activities and respond to issues accordingly. 
  • Tool: ProcessUnity Vendor Financial Intelligence embeds RapidRatings’ Financial Health Ratings into your third-party risk workflow to provide actionable insights on a vendor’s financial viability. These empirical ratings — uninfluenced by company bias — serve as accurate and predictive indicators of a company’s financial viability, operational efficiency and resilience.  

Sanctions Screening: As governments around the globe continue to impose new economic sanctions on Russian banks and persons, it is critical to stay on the right side of the evolving regulatory landscape. Even inadvertent exchanges with a sanctioned party or entity can have swift and deeply detrimental financial and reputational implications. OFAC may take administrative action against companies that do not “employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program”. 

  • Tip: Screen your vendors and their directors, owners, major investors and ultimate beneficial owners (UBO) for inclusion on sanctions and watchlists, including global sanctions lists, narrative sanctions and sanctions ownership information. Bad actors will construct multi-layer, multi-jurisdictional legal structures and shell companies to obfuscate true ownership.  
  • Tool: ProcessUnity Screening Intelligence leverages Refinitiv’s contains comprehensive coverage of all known sanction bodies and includes more than 280 sanction programs to enable screening of vendors at a deeper level via vendor identity validation and ultimate beneficial owner identification.

Cybersecurity: The increased risk of global cyber warfare demands that your supply chain security is airtight. Even if you have strong internal cybersecurity defenses, a third-party vulnerability could directly impact your organization. In fact, cyber attackers often use third parties as a ‘back door’ to a harder-to-breach target. Ransomware or malware attacks on your third parties or partners could easily expose your organization’s data, assets and applications. 

  • Tip: Identify which vendors have access to your organization’s critical data, assets and applications. Think of your vendor’s risk as your risk: vendors must have adequate controls and cybersecurity practices to protect your organization. One way to validate a vendor’s security is by leveraging cybersecurity ratings in your monitoring process. 
  • Tool: ProcessUnity Vendor Cyber Intelligence integrates BitSight’s Cybersecurity Ratings into your third-party risk workflow to provide up-to-date, data-driven evidence of a vendor’s cybersecurity. BitSight analyzes a third party’s cybersecurity posture — taking into account security controls, policies, and more than 20 risk vectors — and applies sophisticated algorithms to generate daily security ratings ranging from 250 to 900. Lower numbers correlate to a higher risk of a data breach. Using cybersecurity ratings in your third-party risk process helps highlight vulnerabilities that can have devastating consequences. 

Business Continuity: If you have critical partners in Russia and Ukraine, you’ll need to monitor the status of their operations and anticipate service disruptions. Understand your concentration risk – how heavily your operations rely on support from Russian and Ukrainian suppliers – and establish a contingency plan in case of interruptions. 

  • Tip: Deploy event-based questionnaires as needed to quickly assess risks related to the conflict. These questionnaires may be in response to an attack in a particular region, a supply chain issue or an economic downturn. Additionally, monitor external news feeds for updates on areas where your suppliers could be affected.  
  • Tool: ProcessUnity Vendor Risk Management supports custom dashboards to monitor key geopolitical developments. This data can be used to trigger event-based questionnaires to the appropriate suppliers, then quickly collect responses for review. Non-preferred responses are automatically flagged by the system based on company policy.  

Monitor Your Third-Party Resiliency with ProcessUnity Vendor Risk Management

Staying on top of weakness in your supply chain will be critical to navigating risk as the conflict unfolds in Russia and Ukraine. Your organization needs the right tools to gain insight into vulnerabilities on a global scale. ProcessUnity Vendor Risk Management streamlines your third-party risk processes with automation to help you assess and monitor emerging risks. The solution enables you to act on geopolitical developments, deploy emergency risk questionnaires and integrate external content for continuous monitoring. To schedule a Vendor Risk Management demo today, click here 

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.