Cristina Muehl’s second part of her series addresses third-party risk management relating to contract termination. Cristina is a Senior Corporate Auditor at Delphi Corporation. Her Linked In profile is here. She can be reached at firstname.lastname@example.org.
This second part of the series will take a look at the last phase in the lifecycle of third-party business relationship and that is contract termination. This is a phase a lot of times overlooked.
The assumption is that as long as the entity has ended the contractual relationship, risks cease to exist. The true case is that there are several topics to be addressed. Starting from ensuring that the way the contract was terminated will not generate future claims to ensuring that any remaining property of the entity that is still located on the premises of the third-party will be taken care of and returned in good conditions (e.g. extremely important if there is a cool chain of products that needs to be maintained).
An additional area of concern that has received more and more attention in the recent time is related to intellectual property. Third-parties are involved in the production of products or prototypes that are highly valuable to the future development of entities. The main risk is that information will be leaked to competitors putting in jeopardy potential financial gains from launching new products on the market. Controls have to build into the contract termination process to ensure that any documentation, products under development or any other type of information that is of value to the entity is retrieved from the third-party. All sensitive documentation remaining with the third-party must be destroyed and disposed.
Contract termination has a fixed moment in time. Nevertheless, products provided by the third-party will continue to be used for a period of time subsequent to this milestone. This means that there might happen that product quality claims arise that needs to be addressed even if the business relation has been terminated. A solution to this problem is to ensure that the termination protocol stipulates what should be done in case of subsequent events and the obligations of third-party to provide information on product quality, tests performed or any documentation that might be necessary to assess the claim.
One risk that can be mitigated by giving the deserved credit to the area of contract termination is reputational risk. As investigations occur post-factum, by practicing record retention, the entity will be already equipped with information about the transactions engaged and information about the grounds of business termination. Hence, shortening the response time to authorities and creating an environment of transparency and trust.
Another valuable point to consider is communication within the organization to ensure that all parties involved in dealing with the third-party are aware of the process and no transactions will take place following contract exit. In the same time addressing the issue with other parties such as business partners or other third-parties that were working together of different projects, is highly important as it ensures that additional sensitive information will not be provided to the third-party. Plus, the other business partners will be aware that there will be a change and discussions on how the transition period will look like can be initiated. In the same time, the entity should ensure that any list of customers that the third-party was engaged with, are informed and aware of new contact points.
A proper termination procedure will help the entity ensure that all areas are covered and that in case of subsequent investigations on the third-party, the documentation available will provide a clear picture on the business relationship and termination process.
An entity’s power to make sound business decisions resides in its capacity to gather and evaluate internal and external information about the environment it is activating in. By incorporating the two areas of service extension and contract termination within its third-party risk management program, the entity will be better equipped and informed to manage the related risks related and take decisions.