Each year we publish a comprehensive report around key metrics in organisation’s third-party due diligence programme. We are beginning to gather data for the 2017 version and your input is needed. Take the survey now.
The 2016 Third Party Risk Management Benchmark Report revealed that organisations with more advanced approaches to third-party risk management noted a significant difference in their programme’s outcomes – including accurately scoring third-party risk, compliance with laws and regulations, monitoring all third parties, and documented processes and controls. Those with automated due diligence systems report even better results, despite major challenges such as increasing legal impacts and lack of resources.
KEY TAKEAWAY #1
Conflicts of interest, bribery and corruption, fraud, and cyber security are the top program concerns.
Please click here to view image
The comparison of the 2015 and 2016 results show a somewhat surprising move of conflicts of interest to the top concern, slightly overtaking the perennial front runner, bribery and corruption. While it is not readily apparent what might have caused conflict of interest concerns to more than double, it may be a reflection of the risk assessments made by the 2016 respondents. Alternatively, it could be a result of maturation of third party programmes to the point where they are beginning to address new yet troublesome concerns that are not as readily solved.
Internal concerns about bribery and corruption remain almost unchanged year over year. This is not surprising given the highly publicised third party driven failures and enforcement actions in the past year. Cyber security is a top concern for those in several key industries including finance and healthcare. This is not surprising, given the high number of recent cyber security breaches and the impact they’ve made in these industries.
Complexity, training and information management continue to be challenges while a lack of resources and processes continue to frustrate reductions to these concerns. As with 2015, we see only around one-third of survey respondents reacting to these challenges with additional resources.
KEY TAKEAWAY #2
Screening of all third parties is on the rise
Please click here to view image
<< Download the report to get benchmark data for measuring your programme >>
The percentage of respondents who indicated that they screen all third parties before engagement increased by 4% from 2015 to 2016. In 2016, 45% of respondents indicate they screen all of their third parties. This is really a best practice.
While the degree of due diligence may vary depending on risk, it is impossible to predict with certainty which third party is likely to violate laws or the organisation’s policies with respect to bribery and corruption or other issues. If an organisation does not conduct due diligence on a third party and bases its decision on intuition and is wrong, it jeopardises an its ability to defend its actions or programme. Organisations should consider conducting at least a basic screen of all third parties before engaging them.
The percentage of organisations which conduct no third party due diligence remained steady year over year at 6%. It is unclear what drives this decision, but being wrong in this case will be hard to defend.