COVID-19 is set to have a substantial impact on the risk landscape, particularly in terms of supply chain and third-party risk

Despite greater regulation and stronger enforcement action, research by Refinitiv has found that organisations are struggling to gain visibility over third-party risks and take appropriate action.

The survey found that on average, 43% of third parties do not receive due diligence checks, an increase of 6% compared to the responses found in Refinitiv’s 2016 Third-Party Risk Survey. When it comes to reporting a third-party breach, 53% of respondents would report internally, and only 16% said they would report it externally. Additionally, 61% believe that prosecution would be unlikely if the organization breached third-party-related regulations.

COVID-19 is set to have a substantial impact on the risk landscape, particularly in terms of supply chain and third-party risk. Global supply chains can create competitive advantages for businesses and cut costs for consumers, but they also carry significant risk. If businesses do not have clear insight into all levels of their supply chains and the ability to conduct due diligence quickly and easily, they cannot hope to mitigate or manage their risk. However, 62% of respondents noted they do not know the extent to which third parties are outsourcing work. For those countries surveyed in 2016, the rate decreased from 59% to 57%. Further, only 15% of global respondents reported they had sufficient knowledge of the risks associated with pandemic and epidemics. 

“COVID-19 has exposed the fragility of supply chains and demonstrated how critical due diligence is to identify and manage multiple risk scenarios, whether it be country risk, jurisdiction risk, or the concentration risk of over-exposure to vendors or geographies. As a result, businesses are likely to build greater visibility and resilience into their supply chains in the future so they can more thoroughly assess and mitigate supply chain risks and increase actions taken in all aspects of third-party due diligence,” said Phil Cotter, managing director of the Risk business at Refinitiv.

The survey also found that 63% of respondents agree that the current economic climate is encouraging organizations to take regulatory risks in order to win new business. The rising importance of green issues is also included the report. When surveying institutional investors, 84% stated that ‘greenwashing’, by providing misleading environmental credentials, is becoming increasingly common.

“As regulators increasingly focus on sanctions, corruption, sustainability, and human rights, companies must upgrade their risk management capabilities in order to continue to reap the benefits from working with third parties”, said Charles Minutella, head of enhanced due diligence at Refinitiv. “Our report shows that many companies today are not taking necessary actions to protect themselves against the risk of criminal activity and regulatory enforcement. Additionally, the sentiment toward ongoing monitoring and reporting of breaches highlights the need for more overall due diligence resources, education and approaches. Better data, greater technological innovation and new forms of collaboration are crucial when it comes to reducing third-party risk.”

The findings of the report are based on a survey completed by nearly 1,800 global third-party relationship, risk management and compliance professionals in corporate organisations. The research was conducted in February 2020 across 16 countries, including: UK, USA, Brazil, China, India, Australia, Germany, France, Singapore, Spain, Hong Kong, South Africa. Russia, Saudi Arabia, the Netherlands, and Canada.