No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Due Diligence Best Practices to Support Your COVID-19 Recovery Efforts

Considerations to Mitigate Third-Party Risk Amid a Supply Chain Disruption

by Daniel Hartnett
May 15, 2020
in Featured, Risk
semi truck on one side of broken bridge

How can compliance programs support their firm’s recovery from COVID-19? Kroll’s Daniel Hartnett suggests that due diligence best practices can help compliance officers assist their firm’s efforts to rebuild the global supply chain network in a likely environment of “doing more with less.”

The COVID-19 pandemic is altering global supply chains in ways that will not be recognizable when compared to the outbreak. Third parties up and down a company’s supply chain network are experiencing various levels of disruption, and many are unlikely to survive. Of those that do survive, many are likely to emerge in a different form. Geographic concentration, once seen as a supply chain strength, is increasingly identified as a weakness to be corrected. As a result, even with the various support efforts governments are enacting, COVID-19 is likely to have a lasting effect on global supply chain networks.

Because of these changes, companies that rely upon global supply chains will face increased pressure to more effectively and efficiently manage their third-party risk. On the one hand, they need to rapidly identify, screen and onboard new third parties to replace those that can no longer meet their firm’s needs due to COVID-19 disruptions. At the same time, however, companies need to continue to minimize their exposure to the legal and reputational risk inherent in relying upon third parties as part of their supply chain network. While regulatory agencies have stated that they will consider COVID-19 impacts when investigating violations, they have not given companies a blank check to disregard their regulatory obligations when it comes to third parties.

Supply Chain Networks After COVID-19

It is increasingly obvious that the supply chain networks that emerge from the COVID-19 crisis are likely to differ significantly from how they looked just a few short months ago.

  • Many companies will likely no longer exist due to bankruptcy. A wave of bankruptcies and closures are hitting businesses across multiple industry sectors. While the airline, trucking and logistics industries are heavily hit, no industry is immune. Any small and medium-sized enterprises in your supply chain network that lack the cash reserves to outlast the outbreak are also in a precarious situation. In addition, any company that was in financial trouble heading into the crisis is unlikely to survive. As a result, many of your long-time supply chain partners may no longer be viable options in the future.
  • Some of those companies that do survive will emerge in a different form. One strategy for surviving is to significantly modify your business structure or operations. Therefore, the frequency of divestitures and restricting is likely to increase. Certain business units or facilities may be shut down or sold off, impacting the vendor’s ability to meet your needs. Furthermore, capacity may be severely diminished due to employee layoffs.
  • Certain third parties may have new ownership. In the current environment, investors and private equity firms will be looking for investment opportunities given the climate of distressed companies and cheap debt finance. Companies will also be desperate for quick infusions of capital to help stave off bankruptcy. The growth of government stimulus programs around the globe could even lead to the quasi- or actual nationalization of previously private companies. As a result, ownership of one of your current partners could change suddenly, potentially causing a third party’s risk profile to change as well.
  • Many companies around the globe will continue to be at risk of periodic COVID-19 disruptions. Virologists are increasingly raising concerns that a second wave of the disease could occur later this year. These outbreaks and subsequent disruptions are likely to be localized and hard to predict, injecting additional uncertainty into supply chain networks. Third parties currently operating may be again suddenly taken offline in the future.
  • Third parties that are geographically concentrated may become a liability. Until this crisis, having suppliers in the same region was viewed as a positive attribute. However, the pandemic has shown that having multiple tiers of suppliers co-located can rapidly undermine a supply chain if that jurisdiction suffers another similar disruption. Geographic diversification of third parties will therefore become a new mantra, especially for key supply chain partners.

Impacts Upon Third-Party Compliance Programs

These changes to global supply chain networks post COVID-19 are likely to create new pressures on third-party compliance programs, such as these following:

  • The need to rapidly and efficiently screen and onboard large numbers of new third parties. As business units across the enterprise rush to replace previously relied upon supply chain partners, they will look to compliance teams to facilitate a rapid onboarding process. More than ever, compliance programs risk being accused of “holding up business” if they are unable to meet this internal demand.
  • The need to conduct due diligence on third parties in potentially new, unfamiliar jurisdictions. As companies seek to increase supply chain resiliency, they will prioritize diversifying their vendor locations. To support this shift, compliance teams will need to know how to conduct and assess due diligence on subjects in jurisdictions they may not have covered previously.
  • The ability to quickly and efficiently rescreen existing third parties. Knowing who you are truly conducting business with is not just sound business practice, but also a regulatory requirement in some jurisdictions. Therefore, ownership changes at an existing third party could cause that company’s risk profile to change. For example, a previously unproblematic supplier may now exposure a firm to risk if the supplier’s new owners are politically exposed or even sanctioned.
  • The requirement to monitor existing third parties post-onboarding. Crises often cause companies to take drastic measures to bring products or services to market faster. The severity of the COVID-19 outbreak will likely lead to an increase in the number of companies around the globe involved in illicit activities, such as bribery, in order to improve their chances of recovery.
  • The need to “do more with less.” Tightening budgets will be a major theme for most companies as they struggle to recover from this crisis. As a result, compliance teams will be pressured to identify ways to reduce their resources required while still ensuring their organization’s regulatory obligations.

Leveraging Due Diligence Best Practices to Help Your Firm Recover

Without a doubt, these pressures will increase the challenge facing compliance teams seeking to carry out their tasks. However, there are some due diligence best practices that compliance officers can draw upon to help their company recover while also ensuring that it remains compliant with third-party regulatory requirements.

Understand your current third-party ecosystem. More than ever, this is a necessary first step to minimizing your firm’s exposure to third-party risk. The more you know about your supply chain partners, the better you will be able to assess their risk profile and prioritize your limited resources when conducting due diligence. Here, it is necessary to have a basic understanding of all third parties across the enterprise, not just those dealing with specific business units.

Ensure a risk-based due diligence approach. A one-size-fits-all due diligence program is both ineffective and wasteful. Not all third parties are equally risky; therefore, they don’t all require the same level of screening. Develop an objective, relevant risk taxonomy for your third parties to help you assess their relative risk. At a minimum, consider using criteria such as industry sector, jurisdiction and type of the third party; the nature and size of your relationship; and, especially, the third party’s relationship, if any, with government entities. Use this taxonomy to segment your supply chain partners in risk-ranked categories so you can focus your limited resources on your riskiest relationships.

Conduct proactive due diligence on potential alternate third parties. Screening potential backup third parties could help your firm minimize the time to onboard an alternate should a current partner be adversely affected by the pandemic. It could also prevent your firm from scrambling at the last minute if any red flags arise during your onboarding process. At a minimum, consider prescreening backups for critical third parties, namely those that provide a mission-critical product or service.

Establish an ongoing monitoring plan. Third-party risk unfortunately never ends with the onboarding process, as risk profiles are likely to change over time — especially in the current environment. Stay ahead of any sudden red flags by continually monitoring your existing third-party relationships to rapidly identify emerging risk-relevant developments. Consider leveraging a technology solution to more efficiently and cost effectively monitor your pool of third-party partners.

Leverage technology to efficiently conduct your due diligence. Using a technology-driven third-party management system can save your program time and money. The more automated the process, the more accurate and objective the process, and the less resources and time required. A technology solution also ensures transparency in the hopefully unlikely event of an audit. Finally, a centralized system helps prevent inadvertent dissemination of proprietary or controlled information when compared to less secure communication channels, such as email.

Conclusion

Unfortunately, the reality is that COVID-19 will continue to impact companies and the global supply chains upon which they rely for the foreseeable future, even after the pandemic peaks. While a firm’s due diligence program is not the silver bullet to a successful emergence from this crisis, it can and should play a supporting role. Identifying and implementing ways to more rapidly, efficiently and cost effectively screen and monitor third parties not only further minimizes your company’s exposure to risk, but it also directly contributes to its recovery efforts.


Tags: COVID-19Due DiligenceSupply ChainThird Party Risk Management
Previous Post

Coalfire Report: Compliance in the Era of Digital Transformation

Next Post

Workplace Reopening Checklist for Compliance: Managing Return-to-Work Issues

Daniel Hartnett

Daniel Hartnett

Daniel M. Hartnett is an Associate Managing Director in the Compliance Risk and Diligence practice at Kroll, a division of Duff & Phelps, where he assists clients with supply chain due diligence and third-party risk management.

Related Posts

svb_f

Risky Business: Important Lessons From SVB’s Demise

by Atul Vashistha
March 28, 2023

When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious...

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

ProcessUnity Unify Third Party Risk and Cybersecurity Whitepaper-f

Unify Third Party Risk & Cybersecurity for Sustainable Resiliency

by Corporate Compliance Insights
March 14, 2023

Align risk reduction efforts by bringing together third-party and cybersecurity functions White Paper Unify Third-Party Risk & Cybersecurity for Sustainable...

semitrucks

Tracking Down Emissions When They’re Buried in Your Supply Chain

by Sarah Carpenter
February 22, 2023

Manufacturers are pressed from all sides to prove their environmental bona fides, but given the nature of manufacturing-related emissions, that...

Next Post
man in blue shirt checking boxes on screen

Workplace Reopening Checklist for Compliance: Managing Return-to-Work Issues

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT