Third Party Risk Management & Monitoring

Back to top

Third Party Risk Management for Companies in the UK

How well do you know your organisation’s vendors? Third party relationships are more visible now than ever before, making it even more important for your organisation to work with the best. An effective third party compliance programme helps you ensure your vendors hold the same ethical values, strengthening your partnerships and insulating your organisation from risks.

Request pricing on third party risk management software.

Back to top

What is Third Party Risk Management?

Third party risk management is best known as a vehicle for vetting and signing-on new vendors, but third party risk monitoring services also help you maintain strong positive relationships with third parties and ensure your own reputation isn’t damaged due to their misconduct. NAVEX Global’s RiskRate is designed to help you manage and evaluate your third parties across the engagement life cycle. RiskRate facilitates third party risk management through the ability to centralise processes and records, score relative risks, and pursue enterprise due diligence as applicable for vendors identified as higher risk to your organisation.

For example, without careful evaluation of business justification, screening, onboarding, and monitoring, your organisation can be associated with third parties that do business in your name, yet have issues with:

Reputational integrity
Politically exposed people
Government relationships
Unscrupulous business practises
Legal battles
Public scandals
Bribery and corruption
Regulatory compliance issues
Sanctions
Your third party risk is your risk. Invest in protecting your firm from partnering with the wrong third party vendor.

Why is Third Party Risk Management Important?

It’s important to know right away if a potential vendor is aligned with your organisation’s ethics and compliance policies. Best practices include training your third parties on your code of conduct and aligning them to your anti-corruption, cyber security, conflicts of interest and other key policies and expectations. An effective risk management programme ensures your organisation is safeguarded from vendor risk around the clock.

Effective third- party risk management and due diligence requires a deeper dive for warning signs. It allows you to manage a true end-to-end risk management effort, and can include items such as:

The Corruption Perception Index (CPI) for the country in which the third party is operating
Size or sensitive nature of transactions
History of past relationship with the third party
Abnormally high commission or compensation
Lavish gifts and entertainment expenses
Third parties making unexpected, unreasonable or illogical decisions
Choosing a reputable solution for third party risk management helps alert you when a warning flag arises and also provides invaluable protection for your organisation’s name and reputation. Relationships with third party vendors that are involved in scandals surrounding bribery or corruption can cause your organisation to be liable or experience increased public and regulatory scrutiny.

Back to top

What Does Third Party- Risk Management Entail?

The right approach to third party risk management is informed by the specific expectations define in the UK Bribery Act, U.S. Foreign Corrupt Practices Act (FCPA), and similar anti-corruption legislation around the world. A risk-based programme about empowering your company to make the best decisions, take the best path,and generate measurable outcomes. We recommend following these steps with each third party.

Define Your Risk Profile

Honestly assess your organisation’s risk and tolerance for risk. Note your industry, your facility locations, the regulatory environment in which you operate, the number of people you employ, the likelihood of your employees and third parties working with government officials anywhere around the world.

Identify Your Third Party Risk

Define your key evaluation criteria and weigh whether or not to engage with individual third parties based on their risk factors. Use a consistent evaluation model to score relative risks related to each third party. Include criteria that defines the financial commitment to each third party and the risk it represents, the type of third party, the regional and country location of the third party, and prioritise your investigations and alignment with each third party based on the nature and level of the risk associated with it.

Automate

Use a risk management software solution to manage your current and potential relationships. An automated solution allows you to centralise data collection, score relative risks, view all of your third parties through a single dashboard, plan and execute onboarding, business justifications, questionnaires, screenings and reputational monitoring. Programme sophistication is not dependent on expenditures and employee resources, but on the discipline applied to structuring an effective programme. These relationships can come from your industry, regulatory authority, and other areas. Third party risk management software will help you rate and prioritise the most critical risks to your business.

Assess

Once you screen a third party, a percentage of your screening will result in “red flags” that indicate potential issues with that third party. In those cases, you need to define whether to continue with your engagement, or to conduct a more robust due diligence analysis of the third party. Due diligence, often defined as “boots on the ground” research, reveals additional detail about your third parties and allows you to make engagement decisions based on a more complete data set. A due diligence analysis may result in your approval of the engagement, a requirement of the third party to align to your expectations, or a denial of the engagement.

Mitigate

Once you have defined your most critical third party risks and have screened and monitored your third parties, you are well-positioned to mitigate these risks. Your continuous monitoring allows you rapid insight to changes in your third party’s status and allows you to take action to reduce impact on your organisation before status changes create risk for you.

Back to top

Continuously monitor your third party risks from one centralised location with RiskRate

Request a demo

Back to top

Resources

Definitive Guide to Third-Party Risk Management

Learn everything you need to know about effectively managing your third party risk-from defining a due diligence process to creating risk-based strategy-in our comprehensive guide.

Read Now

White Paper & eBookA Prescriptive Guide to Third Party Risk Management

Back to top

Products

Course Library

Compliance Resources

Our Story

Careers

Press Releases

NAVEX Global Community

Blog

Contact the Team

+44 (0)20 8939 1650

Follow Us

LinkedIn Twitter Facebook YouTube

Thank you for subscribing! Please be sure that @navexglobal.com is on your company's safe sender list to ensure our emails reach your inbox!

Sign Up For Our Emails

© 2020 NAVEX Global, Inc. All Rights Reserved

Terms of Service

Privacy Statement

Modern Slavery Act Statement

Terms of Use

Email Subscriptions

Cookie Preferences

English