A global crisis calls for a fresh due diligence and risk management review of your company’s third-party partnerships

The worldwide coronavirus pandemic has disrupted life in just about every word, from personal health concerns and social distancing to shelter-in-place mandates and business closures. But in the corporate world, life plods on. Critical concerns about ongoing sales and revenue, keeping personnel employed, safety issues inside the workplace, and uncertainty about the future make business leaders lose a lot of sleep these days.

An added element that global organisations should genuinely be concerned about is the ongoing viability of the supply chain. The pandemic is affecting different parts of the world at varying levels, so it’s vitally important to be continually vigilant in how the crisis affects your third-party suppliers and how those supply chain partners behave and maintain legitimacy in these uncertain times.

The healthcare industry is on the front line of the global supply chain battle, as it feverishly addresses an unprecedented demand for personal protective equipment. The shortage of PPE (Personal Protective Equipment) has forced many organisations – out of sheer desperation – to seek and purchase supplies from just about any outside source that can produce what’s needed. This panic buying has led to unscrupulous manufacturers producing and flooding the market with sub-standard products that, aside from being grossly overpriced, are putting an untold number of lives in peril. Further, the global demand for PPE has fostered rising occurrences of bad actors who see lucrative opportunities for bribery, tax evasion and money laundering amid crisis and confusion.

The pandemic has thrown many other industries into complete disarray, which will naturally open the doors for opportunists to do what’s necessary to take advantage of the situation. And suppose your organisation happens to be affiliated with these bad actors. In that case, the long-term effects can be potentially devastating, affecting the organisation’s reputation, and resulting in untrusting customers, lost business, loss of market value, decreased share price, litigation, and any number of regulatory penalties.

Crisis Situations Require Enhanced Due Diligence

Third-Party Risk Management Program is not a passive process. It requires time and effort, and, as we’ve witnessed during the present global crisis, the risks associated with Third-Party partnerships are continually evolving. Those outside risks can be found on many operational levels, from a supplier’s present working conditions and the protection of customer data to safeguarding the company’s intellectual property and suspicious changes in pricing and payment terms, among others. Here are several items to consider in re-evaluating the company’s relationship with Third-Party partners during this critical period:

  • Essential Workers – Is the company observing the latest guidance related to safety practices for that personnel still working on the production lines? Is the company providing PPE protection and following social distancing on the factory floor?
  • Remote Workers – Is the supplier’s staff working from home now? How do you know those staff members, working on your behalf, are behaving correctly and completing their work? Who is overseeing the production of at-home workers?
  • Customer Data – If staff is working remotely, how are they accessing vital company data? Is the at-home network protected? Can it be accessed and infiltrated by unaffiliated outside parties?
  • Information Sharing – Has the supplier addressed intellectual property protection concerning at-home workers? Are the various corporate (and at-home) communication channels safeguarded, including email accounts, online chats, direct messaging, video conferencing and phone calls?
  • Product Quality – Can the supplier still provide proof of product viability, including compliance with safety, quality, labelling and other standards?
  • Production, Component and Logistical Costs – Has the supplier altered its various costs in response to the crisis? Has it provided acceptable reasons for the changes? Are these additional costs verified and justified?
  • Relationships with Agents – Are the agents that assist in your global supply chain maintaining business integrity during the crisis? Are there unreasonable changes to pricing, terms and delivery dates?
  • Regulatory Compliance – Is the supplier complying with local, regional and national mandates recently enacted as a result of the pandemic?

Remember, your organisation is only as safe as the least protected component of your Third-Party supplier network. It’s vital to ensure adequate protection against the rising number of risks associated with the recent worldwide crisis.

The Need for Leadership in These Challenging Times

Desperate times call for desperate measures, and these are most undoubtedly desperate times. An organisation where leadership, management and workforce do not take the third-party risk seriously will eventually suffer the consequences brought on by lack of action. And to those organisations that practice effective risk management, passive engagement in times of crisis is not enough.

The key to effective risk management during these times is proactivity. Asking difficult questions now can save you from answering accusatory questions later. Questions company management might immediately consider include:

  1. Are our suppliers equipped to protect our sensitive information against today’s risks?
  2. How sophisticated are our cloud and social media security?
  3. Are our suppliers capable of adapting to regulatory compliance changes?
  4. Are proper redundancies in place to ensure our information is protected against disaster?
  5. Will we be prepared if one of our suppliers unexpectedly shut down a line or closed its doors?
  6. Do we have the adequate tools to vet new or replacement suppliers properly?
  7. Who owns the risk management process internally? What additional resources do they need to succeed in the current situation?
  8. Do we have a set methodology for addressing incidents involving our suppliers?
  9. Do we maintain an accurate and complete interactive inventory of our suppliers?
  10. Can we identify warning signs with suppliers?
  11. Do we have a well-communicated reporting process?

The coronavirus pandemic has created crisis and uncertainty that we’ve never experienced. And crises are breeding grounds for bad actors who see opportunity in the midst of uncertainty. Ongoing due diligence of third-party partners in times of crisis is vital to safeguard the organisation’s long-term interests and protect it from an increasing number of outside risks.

Let’s Talk!

If you have any further questions or are interested in implementing compliance solutions, please contact us.

Who is CRI® Group?

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body that provides education and certification services for individuals and organisations on a wide range of disciplines and ISO standards, including ISO 31000:2018 Risk Management- GuidelinesISO 37000:2021 Governance of OrganisationsISO 37002:2021 Whistleblowing Management System, ISO 37301:2021 (formerly ISO 19600) Compliance Management systemAnti-Money Laundering (AML) and ISO 37001:2016 Anti-Bribery Management Systems.


Zafar I. Anjum is Group Chief Executive Officer of CRI® Group, a global supplier of investigative, forensic accounting, business due diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center-QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguards businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, USA, and the United Kingdom.

t: +44 207 8681415 | m: +44 7588 454959 |e: zanjum@crigroup.com