In an age where the actions of one player can cripple an entire organization’s reputation, a handshake no longer cuts it.
Trust goes a long way in commercial relationships, but not far enough to truly manage third-party integrity risks amid increased regulator and stakeholder scrutiny. Doing business in the modern world means bringing any number of allies and supply chain partners into your network; and in an age where the unscrupulous actions of one player can cripple an entire organization’s reputation, a handshake and boilerplate agreement no longer cuts it.
Not that third-party risk can be avoided. Modern organizations rely on strategic alliances and partnerships to keep pace with innovation, gain footholds in foreign markets, lower costs and adopt technologies that get them closer to their customers. The need for third-party relationships is nothing new, but now – more than ever – organizations must insulate themselves against the illegal, fraudulent and reputationally damaging actions of their partners.
One weak link
We do not need to search far for examples of companies succumbing to third-party damage. Be it financial institutions unknowingly doing business with corrupt or fraudulent players, pharmaceutical industry partners accused of bribery, or global organizations linked to manufacturers with poor working conditions, there are countless headlines of dubious players harming otherwise reputable organizations.
As a result, organizations are much more cautious about who they are bringing into their network. Third-party arrangements are being scrutinized to a higher degree, prompting high-level boardroom discussions and important questions: What are we really signing up for? Do we understand who we are doing business with? Do we know their integrity? Are we willing to stake our reputation on their operations?
What can you do today?
Technology investments notwithstanding, there are several actions that organizations can take to gain more immediate comfort over their third-party risks.
Trust is still an asset in any partnership, but it is only the foundation. More and more organizations are turning to data analytics and digital tools to gain deeper insights into their potential third-party arrangements. They are using sophisticated 'scrubbing' tools to pour through online sources for accurate and relevant information about who they are bringing into their networks, whether or not they have skeletons in the cupboard that may put at risk the organization's values, regulatory obligations and ultimately the reputation.
And these tools are evolving. KPMG's K-3PID solution, for example, is an AI-enabled name-screening tool created to quickly scour massive amounts of public data simultaneously on their potential partners, while removing false positives, duplicated results, and irrelevant material. Its natural language processing and sentiment analytical capabilities enables auto translation in 60 languages, allowing users to include foreign media and sources in their investigations. The tool also maintains a full audit trail of consulted sources and discounted search results.
KPMG's next generation K-3PID solution is revolutionizing the risk management arena with the ability to help organizations monitor their third party universe on a continual basis. After all, just because a third party passes initial scrutiny, there is no guarantee it will not stray from expectations down the road, become acquired by less trustworthy owners, or bring less reputable players into their own circle. This constant monitoring is now a 'must-have' as commercial relationships can (and will) change, altering the dynamics of even the most established alliances.
What is K-3PID?
KPMG Third Party Intelligent Diligence (K-3PID) is a customizable tech-enabled, AI computing solution designed to perform rapid, broad ranging and cost-effective third-party due diligence, while translating results, auto-discounting false positives and generating a full audit trail.
Every strategy is unique
Different organizations will explore different approaches to third-party risk. Financial institutions, for example, may focus more keenly on regulatory risks such as money laundering and fraud, while entities in less regulated sectors might concern themselves more with quality control, bribery and corruption, and other reputational considerations. No matter the factors at play, organizations must make third-party risk management a priority by using technology, stronger oversight, and controls to tackle what trust alone cannot cover.
Let's do this.
© 2020 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.