The future of the third party due diligence process is here and it’s automated. Third party due diligence is a necessary step to confirm you’re operating legally and safely. There was no getting around the fact that it’s an administrative burden -- until now.
This article looks at the current process of third party due diligence, the gaps it leaves and the future of automated, continuous monitoring.
What Is Third Party Due Diligence?
Third party due diligence is the process of checking that your suppliers can supply you the correct quality and quantity of goods and services in a legal way.
The process is usually governed by risk management practices in the organisation. It may be linked to Business Continuity or Operational Resilience plans.
Similarly, it usually plays a part in the quality management process.
On top of this, due diligence is a key part of ensuring the organisation remains compliant with anti-corruption and bribery laws. For example, the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act. Both regulations affect transactions that happen outside of the specific territories.
For these reasons, the process usually involves both the Compliance and Procurement teams.
Third Party Due Diligence & Sustainability
Organisations increasingly have sustainability criteria for their supply chain partners. This has been increasing due to a combination of consumer demand, awareness and the regulatory landscape.
Regulations like the UK’s Modern Slavery Act oblige organisations to ensure their full supply chain is free of modern slavery and child labour. This includes suppliers operating outside of the UK or several tiers deep.
Third party due diligence is therefore required to ensure that each supplier, and their suppliers, are acting in accordance with UK expectations.
Other sustainability agendas could include targets like reducing deforestation, buying Fairtrade, or using recycled materials. Each of these requires action from the supply chain, and due diligence is the process followed to check suppliers are acting in accordance with the customer’s requirements.
What’s the Current Process?
The first stage of third party due diligence is to decide on risk factors. Most companies use a risk-based approach by evaluating factors such as:
- Geographic location
- Financial profile
- Annual spend
- Close relationships with political figures
From here, organisations will decide on the type of due diligence process to undertake. Third parties deemed high risk will have more rigorous checks than those deemed low risk.
Next, organisations will need to gather the information required. The checks usually include financial stability, ISO certifications and legal ownership.
This information is reviewed manually to give the third party a risk profile or score. Generally, on a red, amber, green scale, it will determine whether the organisation is appropriate for use, up to what type of relationship or spend level and how regularly it should be reviewed.
For example, an organisation deemed low risk could be approved for high value transactions in multiple spend categories and reviewed annually. A high-risk company may need to be formally approved before each purchase or transaction.
After the initial approval for use, the final stage of the process is to decide how regularly to re-confirm the approval. Usually, this is on an annual basis.
When this is required, the process is repeated to re-confirm the third party’s approval for use.
What Gaps Does This Leave?
When a due diligence process is manual, the information is sourced from numerous locations and sometimes by multiple people within the organisation. For example, the Finance team may source and evaluate financial risk whilst a member of Compliance confirms their ability to supply within the relevant industry regulations. The information is sourced from different places, for example, a financial report will be obtained from a different place to checking an ISO certification.
This is a time-consuming process, with multiple people required to sign off a new third party.
Another concern is that the manual process usually relies on information that the third party provides about themselves. This leaves a gap where the supplier could choose to exclude some unfavourable data or exaggerate positive information.
The traditional due diligence process also doesn’t cover external factors such as natural disasters or political changes in a geographic location.
The biggest gap is that in the 21st Century, data doesn’t stay static. As soon as we’ve researched it, it’s out of date. Just like when a car breaks down the day after its MOT, third party due diligence information can change in an instant. Ownership could change, their cash flow position could falter or the political & trading landscape in their country could shift.
The Future with Contingent
We take the risk-based approach further. Contingent eliminates periodic checks for continuous monitoring. That means you know when a change happens that could affect your operations. You’ll be the first to hear about any changes to the third party, such as ownership, name or geographic location.
On top of this, automation means you can monitor your whole supply chain instead of picking high risk entities. This isn’t limited to your tier one suppliers, either. We open up your supply chain, so your due diligence processes can go further than ever before.
Contingent also puts all the information into one dashboard for your use. The financial risk, ISO certificates, supply chain and more are accessible instantly. We’ll even notify you if a risk event could disrupt your operations.
Abandoning manual processes enables you to make strategic decisions to protect your business. Take your third party due diligence process to the next level and automate it.