Managing third-party risk checklist

Managing third-party risk checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organisation in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.

Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.

Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks

The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies have to be on guard for third-party fraud at all times. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organisation’s core business model. Every organisation can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.

Identify vulnerabilities

Before evaluating its third-party partners, an organisation should look inward and measure its own risk management tools. These include the following:

  • Audit and supervision functions
  • Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
  • Jurisdictional considerations
  • Data and IP protection
  • Whistleblower policies

Conduct due diligence

The organisation should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:

  • Business and operations
  • Financial condition and reputation
  • Experience, culture, vision and business style
  • References and government records (including any legal action, bankruptcies, structure changes)
  • Background checks (including ownership and key personnel)
  • Insurance and certifications

Maintain management oversight

Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organisation should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organisation. Not every company or government organisation is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organisations year-round from the risk of any of the following serious pitfalls:

  • Merging with an international business embroiled in behind-the-scenes legal battles.
  • Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
  • Partnering with organisations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
  • Awarding work to an overseas contractor with absolutely no prior experience
  • Affiliating with a contracting company owned by a politician with significant influence on future awards

It is recommended and necessary for many organisations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI Group’s due diligence experts are committed to maintaining and constantly evolving our global network.

Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

  • What is ISO 31000? Why is this Standard a good idea?
  • ISO 31000 framework, why was it revised? And What are the main differences?
  • Key Clauses of 31000:2018 and Who is the standard for?
  • The process and the link between 31000:20180 and other standards

Getting Started with ISO 31000 Risk Management?


3PRM-Certified™ a third-party compliance verification and certification program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organisation considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organisation’s specific concerns and risk areas. CRI Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organisation from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting due diligence
  • Identifying potential fraud risks
  • Providing management oversight

Utilising a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TRM Strategy program will help organisations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organisation, an organisation cannot overestimate the consequences of inadequate due diligence.



Let’s Talk!

Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI Group today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.




Who is CRI Group?

Based in London, CRI Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk Management, Employee Background Screening, Business IntelligenceDue Diligence, Compliance Solutions and other professional Investigative Research solutions provider.

We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI Group also holds BS 102000:2013 and BS 7858:2012 Certifications, is an HRO certified provider and partner with Oracle.

In 2016, CRI Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management Systems, ISO 37301:2021 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification.

ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organisations. Contact ABAC® for more on ISO Certification and training.



Share Insights