Challenge of Addressing Risks from Your Supply Chain and Third Parties
Working with third parties is a reality of doing business in the 21st century. Organisations are working with a larger number of vendors, and those vendors are performing more business-critical functions. No matter the size or scope of your vendor risk management programme, your third party’s risk will always be your risk.
Agencies like the U.K. Serious Fraud Office, the French Anti-Corruption Agency and the U.S. Department of Justice have made enforcement a top priority. This requires organisations to perform consistent onboarding, vetting, screening and monitoring across all third parties to keep pace with regulators. Today, however, vendor management is more than just screening and monitoring for bribery and corruption. Cyber security and data protection is the latest concern for vendor management systems working to protect organisations from security breaches while ensuring compliance with regulations like GDPR throughout the entire supply chain.
The basic rule is vendor management grows more complex as the number and diversity of third parties increase. Industry, geography, contract values and government relationship all add nuances to risk and require organisations to have direct control and visibility into their third party relationships. Effective third-party risk management programmes are essential to protect organisations from legal and reputation risk, and defend the reputation you have worked so hard to build.
Monitor your outside vendors