Third-party due diligence: it’s more than satisfying regulators
Warning: this blog might challenge you to think about things differently. Proceed with caution. 🚧
Managing third-party risk is such a big deal in our profession that we literally have an entire day dedicated to it. (Happy International Anti-Corruption Day, y’all!) But there are also SO MANY aspects to it, that when I sat down to write this post, I honestly had no idea where to start. After some brainstorming and looking to others for inspiration, I started to notice common recurring advice on how to manage third party risk. And it left me with a lot more thoughts than I expected. Here are some examples of what I found:
⚠️ High-risk third parties and ongoing relationships must be prioritized over low-risk third parties
📑 Find a strategic approach to third-party risk management
🔎 Get visibility into contracts with subcontractors, and verify the right terms and conditions are there
💰 Keep track of your third parties’ financial health, because those with poor financial performance are more likely to bribe
The list goes on.
Source: Peacock's Parks and Recreation via giphy.com
Now, before you keep reading, I must clarify: all of these things are important, and should absolutely be done. But …
Shouldn’t there be more to third party due diligence than just checking the boxes?
These things above just seem too … easy. Reading a contract: easy. Tracking financial health: easy. And as long as you do them, you’ll probably avoid the DOJ knocking at your door. But is that really what being in this field is about?
The truth is, even if you check all of the boxes, cross your t’s, and dot your i’s, you aren’t in the clear. Sure, you’re “legally protected,” but that does not equate to conducting ethical business. Period.
So, how do you make a difference when it comes to managing your third parties? You utilize a resource you already have—your people! Specifically, those who are working directly with third parties.
Hey there, dream team! | Source: DreamWorks Pictures Anchorman: The Legend of Ron Burgundy via giphy.com
Think about it: When it comes to hiring people to work for your company, it’s human nature to hire the best, most qualified, ethical people you can find. These are people you already trust with your business, so why not rely on them to help with something like third-party management? Of course, this means you’ll need to train them and provide them with resources so that they know what red flags to look for when working with a third party. 🚩 (You know, the stuff that can result in serious blowback for your company.)
With training and resources, they’ll know to ask questions or speak up if the third party:
- Indicates that unauthorized expenses are being made
- Adds undisclosed, unapproved, or unauthorized subcontractors
- Makes an unexpected, unexplained change in personnel who are doing the work
These are just some examples of third-party red flags that can pop up every once in a while. Your next step is to make sure your vendors share your values (like, actually in practice) on the daily.
Real talk: If you’re concerned about whether your suppliers are acting in line with your values, you’re not alone. This is a common concern amongst any entity that works with third parties (so, like, all of them). And let’s be honest: You can train your third parties on your standards, have them certify that they work according to your code, and so on. But that’s all talk and no action. To make sure your third parties truly share your values (you guessed it!), train the people who interact with them. Your employees should know to contact you immediately if a third party:
- Says they are giving gifts, entertainment, charitable donations, or any other payment to a government official/entity
- Adds personnel who are associated with a sanctioned country
- Passes on competitive information that might have been inappropriately acquired
Lastly, make sure that the people who are most likely to witness unethical behavior by a third party know how to report it. If you have employees in a manufacturing site or warehouse, make sure you have your helpline information posted in high-traffic areas. If your procurement team is in a different location, double check that they have their own local helpline number. Ultimately, this all comes down to one thing: helping yourself help yourself.
And speaking of help, don’t be afraid to ask for it. Broadcat has a bunch of materials to train your folks on what to look out for in less time than it takes to finish a cup of coffee (or tea if that's your jam). ☕Here are a few. Check 'em out:
- Managing a third party?
- Watch out for red flags from third parties
- Managing a joint venture partner?
Wanna see more? Let's chat or you can learn more about Compliance Design Club and our microlearning training materials here.