- Case study
Sustaining a pharma company’s good name with third-party risk management
A digital way to maintain ethics abroad
A global pharmaceutical company with suppliers and third parties around the world.
With regulators around the world taking greater interest in third-party risk management (TPRM), the company needed to improve the way it assessed its thousands of vendors. It needed to ensure compliance with relevant laws and regulations, and with its own corporate standards. But it lacked standard processes and couldn’t provide timely or accurate risk reports, or keep up with the volumes of assessments that were needed.
Genpact defined and put into practice a scalable TPRM process for checking third parties against the company’s standards of excellence.
The company is now able to assess nearly 100% of its third parties over a certain level of spend, and at up to 40% faster. Its reporting is more accurate and timely, and its Dow Jones Sustainability Index ranking has gone up.
Companies don't always feel confident that the conduct and practices of suppliers and other parties align with their own corporate principles. But a global pharmaceutical firm gained that confidence with Genpact's third-party risk program.
To comply with local and international regulations, and its own high corporate responsibility standards, the company needed a completely new approach to TPRM and assessing the working practices of suppliers and third parties.
Legislation such as the Foreign Corrupt Practices Act (FCPA) in the US and the Bribery Act in the UK say that even if a company doesn’t know about a bribe or other corrupt activity, it is still liable, but having adequate procedures can be a mitigating factor. Consumers are also taking greater interest in the ethical practices of the companies they buy from. So the financial merits need to be balanced with the risks of working with third parties.
This requires exhaustive one-time and ongoing due diligence of suppliers, sub-suppliers, wholesalers, retailers, and others. The audits and regular reassessments review and analyze multiple external and internal data including on supplier performance, regulatory actions, and financial disclosures.
Internally, the firm didn’t have a standard process or guidelines for conducting supplier risk management — and no tools or technology to support the function. It couldn’t provide timely or accurate supplier risk reports. And at a time when greater supplier visibility was becoming more important, the procurement team had limited bandwidth for carrying out detailed assessments.
The bottom line: with all its global suppliers and specialized products — and with regulations coming at it from all sides — the firm knew it would need a fresh, new approach as well as a scalable model for assessing third-party risk.
Operating models based on technology, process re-engineering, and advanced organizational structures, such as shared or global business services, process outsourcing — can help firms solve complex challenges. These operating models can deliver intelligent risk operations that routinely evaluate and respond to a company's ethical standards and practices — cost effectively and at scale. With our help, the pharmaceutical firm pursued this approach to fundamentally transform its TRPM strategy.
Assessing suppliers in a standard way
Genpact's first task was to define a single, rigorous risk assessment: an end-to-end diagnostic process for evaluating supplier risk, which included supplier segmentation and prioritization. The process involves risk assessment of suppliers and sub-suppliers, due diligence, and audit and reassessment. It also benchmarks any existing processes against industry standards, and anything that's not ideal goes in a plan for optimizing procurement.
The outcome was an increase in the procurement team's capacity.
Once we'd managed the vital supplier risk assessments, the company expanded the process to its other third-party risks.
A multifaceted assessment
The company's procurement team is responsible for sourcing all materials and services for operations and R&D from a global supplier base. Genpact assesses vendors across the entire supply network to determine if they meet the firm's ethical standards. Then we monitor compliance and provide risk mitigation where necessary. These vital functions serve to protect the firm's reputation and — more importantly — safeguard the health of patients who use its medicines.
We conduct this comprehensive, third-party risk management in five languages, which includes a five-part review process:
We decoupled functions in a smart way, made more sophisticated use of metrics, added data-driven process management, and rolled out a specialized organizational design. The result is consistent quality at lower costs and superior scale.
If, during the initial assessment, a supplier appears to pose certain risks, software provides the due diligence process. It asks questions on policies and practices, and the supplier must upload supporting information or evidence to validate the answers. We manage both the tool's technical support and reporting.
We also conduct our own research on suppliers, accessing financial documents, news reports, and other publicly available information from the web and social media channels. We evaluate suppliers to ensure appropriate policies are in place for:
Once the company is confident that suppliers represent no undue risk to its reputation, these suppliers sign a contract that documents agreed-upon principles of responsible procurement. Contracts also cover any specific risks the company wants to mitigate.
Monitoring and support ensures the suppliers maintain these ethical standards — and we routinely measure their performance against key indicators. If the suppliers slip up, we prescribe corrective action and check they're taking it, using scheduled and unscheduled on-site audits of one to four days.
The whole company has benefited from this new standardized approach to third-party risk, especially its sourcing, procurement, and payables teams.
Now, with clear processes, roles, and responsibilities, plus the right technology in place, the company has:
What's more, this model has had a strategic impact. Because the business is meeting its risk targets, employees now have time to focus on maintaining a world-class supply chain rather than evaluating every supplier decision that could cause problems. Figure 1 shows how the firm is using intelligent operations for third-party risk.
As clear evidence of the strategy's success, the company ranked highly among large pharmaceuticals on the Dow Jones Sustainability Index. The index assesses economic, environmental, and social performance by looking at corporate governance, risk management, supply chain standards, and labor practices. And with our support, the company's solid reputation will only grow stronger.