Mitigate third-party risk and sail safe with a comprehensive screening and monitoring program

Damaging reputational headlines on compliance failures have come fast and furious in recent years. UK Bribery Act (UKBA) and US Foreign Corrupt Practices Act (FCPA) violations resulted in an automotive company settling a corruption charge for $800 million and an American multinational confectionary company and a liquor giant settling paying over $25 million. A global cosmetics giant paid over $130 million as fine to the Securities and Exchange Commission. Two hundred and sixty companies including retail and hospitality businesses were fined $2.2 million for underpaying workers. A major bank paid over $650 million in fines for violating sanctions. A web services firm had to cough up a $35-million penalty for a data breach caused by one of its third parties.

Enterprises around the world have been expanding into previously untapped markets and relying more on third parties to drive growth and acquire competitive advantage. But increased business opportunities have exposed organizations to operational, financial, regulatory, and reputational risks, making third-party risk management a moving target. By necessity, a thriving global business ecosystem now includes more external players. So how might that affect the safety of your products? And what if someone breaches your data security? Trying to keep track of what these distant vendors are up to can keep you awake at night and cause major risk concerns for business the world over.

Add to this an atmosphere in which global regulators have produced rigorous new parameters designed to root out longstanding corruption and other unethical practices. Laws such as the US Foreign Corrupt Practices Act (FCPA), Sapin II, the UK Bribery Act (UKBA) – and many other country-specific laws that are in place across the globe – are holding firms evermore liable for the wrongful actions of whom they choose to work with. They have also broadened the definition of third parties to now include shareholders, directors, agents, distributors, and even fourth and fifth parties.

Businesses that haven't prepared for this new reality can find it challenging to thoroughly vet third parties who form linkages and connections beyond their control. In many such firms, often, there's no single owner to manage third-party risks. The responsibility resides between risk, compliance, legal, procurement, and business stakeholders to manage it. This results in a manual, reactive, decentralized, and siloed approach to third-party screening. Under such circumstances, due diligence can fall through the cracks. And with increasing regulatory demands and the rising volume of third parties, companies become vulnerable to penalties and reputational damage.

Enterprises that aren't applying the right mix of digital technologies such as artificial intelligence and machine learning with compliance domain knowledge to counter these issues often lack the means to proactively identify and detect risks from a multitude of data associated with third parties. They are forced to react after the fact.

There's a practical way forward that addresses these pitfalls – and lets you be proactive. It calls for a risk-based, holistic, and future-ready third-party due diligence approach. This evolutionary approach demands a new framework supported by the right digital technologies and domain expertise that enhances risk coverage – extending it beyond just the suppliers and identifying linkages among parent companies, principals, shareholders, and government bodies. It also accelerates a targeted and risk-based third-party assessment. The outcome of which becomes quickly visible – a sharp, insightful, comprehensive picture of your company's third-party risk exposure.

Genpact's third-party due diligence solution, illustrated in figure 1, makes all that possible. To protect your firm, our third-party risk-based framework puts to work the latest in artificial intelligence and machine learning, guided by deep domain knowledge. The solution combs through rich sources of global intelligence, such as compliance databases and the open source, to systematically screen and risk-rate existing and potential third parties. It also eliminates false positives through a multi-level review mechanism conducted by a team of risk and compliance experts. Analysis and feedback from the results through machine learning enables the solution to continuously learn, evolve, and reduce the volume of false positives in subsequent screenings. It delivers this information through standard reports, interactive dashboards, and comprehensive audit trails, promoting quick action before trouble occurs – and quick remediation when necessary.

• We helped a global footwear manufacturer pinpoint over two dozen potentially problematic third parties. That greatly reduced the risk of regulatory penalties and safeguarded the enterprise from potentially incalculable damage to its reputation.
• For a global consumer goods company, we increased risk coverage from 5,000 suppliers to 50,000 suppliers, reviewed over 50,000 alerts on suppliers and associates, and identified 135 high-risk and 275 medium-risk suppliers. It significantly helped the procurement function reduce the risk of regulatory non-compliance.
• For an American pharmaceutical company, we increased coverage of third-party due diligence to 100% of its business entities (from 15 to 38 entities), implemented a risk-based approach of selecting third parties for screening, and accelerated the time-to-screen by 20%.
• With our third-party due diligence solution, we helped a German e-commerce major screen its third parties and identify over 20% that were of medium and high risk. This helped the ethics and compliance team at the firm take action to mitigate the risk arising out of non-compliant third parties.

There's so much more to our solution than just the standard reports, audit trails, and continuous monitoring that standard solutions deliver. We work with our clients across the value chain to plan, design, implement, and operate a third-party due diligence solution that is totally tailored to their needs. Our case management workflow allows for real-time escalation to compliance, legal, and procurement teams for necessary action while maintaining a complete audit trail for external auditors and regulators. Another distinction is that our highly qualified risk and compliance experts act on alerts highlighted by multiple compliance datasets, local media, and open source databases, conducting reviews and providing conclusive results.

In a global economy, new markets emerge and opportunities proliferate. But so do risks. It takes a robust third-party due diligence program to protect your company from third-party risks and minimize regulatory exposure. Protect your company from multimillion-dollar penalties. Genpact can help.