Sustaining a pharma company’s good name with third-party risk management

Companies don't always feel confident that the conduct and practices of suppliers and other parties align with their own corporate principles. But a global pharmaceutical firm gained that confidence with Genpact's third-party risk program.

To comply with local and international regulations, and its own high corporate responsibility standards, the company needed a completely new approach to TPRM and assessing the working practices of suppliers and third parties.

Legislation such as the Foreign Corrupt Practices Act (FCPA) in the US and the Bribery Act in the UK say that even if a company doesn’t know about a bribe or other corrupt activity, it is still liable, but having adequate procedures can be a mitigating factor. Consumers are also taking greater interest in the ethical practices of the companies they buy from. So the financial merits need to be balanced with the risks of working with third parties.

This requires exhaustive one-time and ongoing due diligence of suppliers, sub-suppliers, wholesalers, retailers, and others. The audits and regular reassessments review and analyze multiple external and internal data including on supplier performance, regulatory actions, and financial disclosures.

Internally, the firm didn’t have a standard process or guidelines for conducting supplier risk management — and no tools or technology to support the function. It couldn’t provide timely or accurate supplier risk reports. And at a time when greater supplier visibility was becoming more important, the procurement team had limited bandwidth for carrying out detailed assessments.

The bottom line: with all its global suppliers and specialized products — and with regulations coming at it from all sides — the firm knew it would need a fresh, new approach as well as a scalable model for assessing third-party risk.

Operating models based on technology, process re-engineering, and advanced organizational structures, such as shared or global business services, process outsourcing — can help firms solve complex challenges. These operating models can deliver intelligent risk operations that routinely evaluate and respond to a company's ethical standards and practices — cost effectively and at scale. With our help, the pharmaceutical firm pursued this approach to fundamentally transform its TRPM strategy.

Assessing suppliers in a standard way

Genpact's first task was to define a single, rigorous risk assessment: an end-to-end diagnostic process for evaluating supplier risk, which included supplier segmentation and prioritization. The process involves risk assessment of suppliers and sub-suppliers, due diligence, and audit and reassessment. It also benchmarks any existing processes against industry standards, and anything that's not ideal goes in a plan for optimizing procurement.

The outcome was an increase in the procurement team's capacity.

Once we'd managed the vital supplier risk assessments, the company expanded the process to its other third-party risks.

A multifaceted assessment

The company's procurement team is responsible for sourcing all materials and services for operations and R&D from a global supplier base. Genpact assesses vendors across the entire supply network to determine if they meet the firm's ethical standards. Then we monitor compliance and provide risk mitigation where necessary. These vital functions serve to protect the firm's reputation and — more importantly — safeguard the health of patients who use its medicines.

We conduct this comprehensive, third-party risk management in five languages, which includes a five-part review process:

1. Risk assessment
2. Due diligence
3. Monitoring and support
4. Reporting
5. Governance and continuous improvement

We decoupled functions in a smart way, made more sophisticated use of metrics, added data-driven process management, and rolled out a specialized organizational design. The result is consistent quality at lower costs and superior scale.

If, during the initial assessment, a supplier appears to pose certain risks, software provides the due diligence process. It asks questions on policies and practices, and the supplier must upload supporting information or evidence to validate the answers. We manage both the tool's technical support and reporting.

We also conduct our own research on suppliers, accessing financial documents, news reports, and other publicly available information from the web and social media channels. We evaluate suppliers to ensure appropriate policies are in place for:

• Anti-bribery and corruption
• Confidentiality
• Conflict of interest
• Data privacy
• Employment practices
• Fair trade and competition
• Governance
• Product security
• Product communication
• Research and development ethics
• Health, safety, and environmental principles

Once the company is confident that suppliers represent no undue risk to its reputation, these suppliers sign a contract that documents agreed-upon principles of responsible procurement. Contracts also cover any specific risks the company wants to mitigate.

Monitoring and support ensures the suppliers maintain these ethical standards — and we routinely measure their performance against key indicators. If the suppliers slip up, we prescribe corrective action and check they're taking it, using scheduled and unscheduled on-site audits of one to four days.

The whole company has benefited from this new standardized approach to third-party risk, especially its sourcing, procurement, and payables teams.

Now, with clear processes, roles, and responsibilities, plus the right technology in place, the company has:

• Assessed nearly 100% of its strategic third parties over a certain level of spend
• Eliminated duplicate assessments
• Reduced the cycle time for conducting assessments by up to 40%
• More accurate, timely reports
• Enhanced supplier relationships
• Improved third-party master data

What's more, this model has had a strategic impact. Because the business is meeting its risk targets, employees now have time to focus on maintaining a world-class supply chain rather than evaluating every supplier decision that could cause problems. Figure 1 shows how the firm is using intelligent operations for third-party risk.

As clear evidence of the strategy's success, the company ranked highly among large pharmaceuticals on the Dow Jones Sustainability Index. The index assesses economic, environmental, and social performance by looking at corporate governance, risk management, supply chain standards, and labor practices. And with our support, the company's solid reputation will only grow stronger.