Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organisation in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm. Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need in medical supplies. In particular, the city that has been hit hard by the pandemic was in need of millions of 3M-brand N95 respirators, the type that keep health care workers, police, paramedics and others safe. A supplier emerged to potentially fill this need. Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and by fraudulently posing as a 3M- dealer. The fraudster, a former used car dealer in New Jersey, now faces charges of wire fraud and wire fraud conspiracy in a three-count criminal complaint unsealed in U.S. District Court in Manhattan (New York Times, 2020).
The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies have to be on guard for third-party fraud at all times. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organisation’s core business model. The following are some key third-party due diligence measures every organisation can do to stay better protected from supplier or contractor fraud.
Before evaluating its third-party partners, an organisation should look inward and measure its own risk management tools. These include the following:
- Audit and supervision functions
- Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
- Jurisdictional considerations
- Data and IP protection
- Whistleblower policies
Conduct due diligence
The organisation should engage a risk management process on all current and potential suppliers and contractors. For each third party, the following should be evaluated:
- Business and operations
- Financial condition and reputation
- Experience, culture, vision and business style
- References and government records (including any legal action, bankruptcies, structure changes)
- Background checks (including ownership and key personnel)
- Insurance and certifications
Maintain management oversight
Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organisation should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled on a regular bases (yearly at minimum) to ensure the proper standards are maintained for the organisation. Not every company or government organisation is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, however, organisations can be protected year-round from the risk of any of the following serious pitfalls:
- Merging with an international business embroiled in behind-the-scenes legal battles.
- Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
- Partnering with organisations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing
- Awarding work to an overseas contractor with absolutely no prior experience
- Affiliating with a contracting company owned by a politician with significant influence on future awards
For many organisations, it is recommended and necessary to have a team of professionals guide you through the process of implementing a comprehensive program for third-party risk management. That’s where CRI Group comes in. We have one of the largest, most experienced and best-trained integrity due diligence teams in the world. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI Group’s due diligence experts are committed to maintaining and constantly evolving our global network.
ISO 31000 Risk Management Playbook: all you need to know and more! Download for FREE...
Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:
- What is ISO 31000? Why is this Standard a good idea?
- ISO 31000 framework, why was it revised? and What are the main differences?
- Key Clauses of 31000:2018 and Who is the standard for?
- The process and the link between 31000:20180 and other standards
3PRM-Certified™ a third-party compliance verification and certification program
As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for an effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organisation considering how to better equip your team with the best knowledge and skills, 3PRM-Certified™ program is a all in solution. Our 3PRM™ service is flexible and we tailor our scope to address an organisation’s specific concerns and risk areas. CRI Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organisation from liability, brand damage and harm to business. The 3PRM-Certified™ program includes a focus on the following:
- Providing third-party risk assessments
- Meeting contracting requirements
- Conducting due diligence
- Identifying potential fraud risks
- Providing management oversight
Utilising a network of trained professionals positioned across five continents, CRI Group’s 3PRM services utilise one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.
This TRM Strategy program will help organisations in establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today, and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organisation, the consequences of inadequate due diligence cannot be overestimated.
Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI Group today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.