Third-party risk management checklist. Fraud doesn’t take a break in times of crisis – in fact, that’s often when it thrives. And the same is true for supplier fraud. Unethical business practices by third-party partners can directly impact your organization in all sorts of ways. This type of fraud can cause financial, logistical, and reputational harm.

Locked in the grips of the COVID-19 pandemic, New York City found itself desperately in need of medical supplies. In particular, the city hit hard by the pandemic required millions of 3M-brand N95 respirators, the type that keeps health care workers, police, paramedics and others safe. A supplier emerged to fill this need potentially.

Unfortunately, he had a scheme to defraud the city of $45 million through price-gouging and fraudulently posing as a 3M- dealer. The formerly used car dealer in New Jersey, the fraudster now faces wire fraud and wire fraud conspiracy charges in a three-count criminal complaint unsealed in the U.S. District Court in Manhattan (New York Times, 2020). Managing Third-Party Risks

The case is an unfortunate reminder of what type of fraud and corruption lurks in supply chains. While a crisis presents new vulnerabilities – often, safeguards are bypassed for urgency – companies must be always on guard for third-party fraud. Due diligence isn’t just a corporate buzzword, nor is it a concept to keep compliance officers happy. It must be an integral part of every organization’s core business model. Every organization can do the following key third-party due diligence measures to stay better protected from supplier or contractor fraud.


1. Identify vulnerabilities

Before evaluating its third-party partners, an organization should look inward and measure its own risk management tools. These include the following:

  • Audit and supervision functions
  • Business continuity plans, supply chain alternatives (very critical would considering third-party contracts)
  • Jurisdictional considerations
  • Data and IP protection
  • Whistleblower policies

2. Conduct due diligence

The organization should engage a risk management process on all current and potential suppliers and contractors. For each third party, the organisation should evaluate the following:

  • Business and operations
  • Financial condition and reputation
  • Experience, culture, vision and business style
  • References and government records (including any legal action, bankruptcies, structure changes)
  • Background checks (including ownership and key personnel)
  • Insurance and certifications

3. Maintain management oversight

Due diligence is only worthwhile if appropriate action is taken in response to its findings. Once third-party partnerships have been evaluated and approved, the organization should continue to manage, monitor and maintain these relationships. Risk management is not a one-time process. It should be scheduled regularly (yearly at minimum) to ensure the proper standards are maintained for the organization. Not every company or government organization is ordering emergency supplies due to COVID-19 or other crises. With proper third-party due diligence, third-party due diligence can protect organizations year-round from the risk of any of the following serious pitfalls:

  • Merging with an international business embroiled in behind-the-scenes legal battles.
  • Getting caught up in making procurement decisions involving the inappropriate influence of government officials who were slated to receive kickbacks.
  • Partnering with organizations that are potential credit risks, have claimed bankruptcy, have dissolved stated companies or are faced with debtor filing.
  • Awarding work to an overseas contractor with absolutely no prior experience
  • Affiliating with a contracting company owned by a politician with significant influence on future awards

It is recommended and necessary for many organizations to have a team of professionals guide you through implementing a comprehensive program for third-party risk management. That’s where CRI® Group comes in. We have one of the largest, most experienced and best-trained integrity due to diligence teams globally. With multi-lingual teams that have conducted assignments on thousands of subjects in over 80 countries, CRI® Group’s due diligence experts are committed to maintaining and constantly evolving our global network.

Managing risk effectively is essential to ensure businesses succeed and thrive in an environment of constant uncertainty. This playbook covers everything you need to know about ISO 31000:2018; here’s a quick rundown of the playbook structure:

  • What is ISO 31000? Why is this Standard a good idea?
  • ISO 31000 framework, why was it revised? And What are the main differences?
  • Key Clauses of 31000:2018 and Who is the standard for?
  • The process and the link between 31000:20180 and other standards

Getting Started with ISO 31000 Risk Management?


3PRM-Certified™ a third-party compliance verification and certification program

As the risk for data breaches and supply chain disruption continues to rise with COVID-19, so does the need for effective third-party risk management (TPRM) programs. Whether you’re a TPRM professional looking for a certification to advance your skillset, or the leader of your organization considering how to better equip your team with the best knowledge and skills, the 3PRM-Certified™ program is an all-in solution. Our 3PRM™ service is flexible, and we tailor our scope to address an organization’s specific concerns and risk areas. CRI® Group’s exclusive 3PRM-Certified™ solution provides the very best in third-party risk management. Our 3PRM-Certified™ program provides a proactive approach to mitigating risks from third-party affiliations, protecting the organization from liability, brand damage and harm to the business. The 3PRM-Certified™ program includes a focus on the following:

  • Providing third-party risk assessments
  • Meeting contracting requirements
  • Conducting due diligence
  • Identifying potential fraud risks
  • Providing management oversight

Utilizing a network of trained professionals positioned across five continents, CRI® Group’s 3PRM services utilize one of the largest multi-national fraud investigation teams the industry has to offer. The 3PRM-Certified™ program is especially critical when your business is performing pre-merger and acquisition research and pre-IPO due diligence, engages new clients, employs, contracts or retains foreign business partners and requires a consistent and audit-worthy AML and anti-corruption compliance program.

This TPRM Strategy program will help organizations establish the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. Third-party relationships are critical in business today and include partnerships with suppliers, distributors, consultants, agents and other contractors. While such affiliations are essential to the success of your organization, an organization cannot overestimate the consequences of inadequate due diligence.



Let’s Talk!

Get ahead of any potential problems down the road with suppliers, contractors, and other third-party partners. Our extensive solutions include due diligence, employee pre- and post-background screening, business intelligence and compliance, facilitating any decision-making across your business no matter what area or department. Contact CRI® Group today and learn more about our third-party due diligence and risk management solutions. If you have any further questions or interest in implementing compliance solutions, please contact us.


About us…

Based in London, CRI® Group works with companies across the Americas, Europe, Africa, Middle East and Asia-Pacific as a one-stop international Risk ManagementEmployee Background ScreeningBusiness IntelligenceDue DiligenceCompliance Solutions and other professional Investigative Research solutions provider. We have the largest proprietary network of background screening analysts and investigators across the Middle East and Asia. Our global presence ensures that no matter how international your operations are, we have the network needed to provide you with all you need, wherever you happen to be. CRI® Group also holds BS102000:2013 and BS7858:2019 Certifications is an HRO certified provider and partner with Oracle.

In 2016, CRI® Group launched the Anti-Bribery Anti-Corruption (ABAC®) Center of Excellence – an independent certification body established for ISO 37001:2016 Anti-Bribery Management SystemsISO 37301 Compliance Management Systems and ISO 31000:2018 Risk Management, providing training and certification. ABAC® operates through its global network of certified ethics and compliance professionals, qualified auditors and other certified professionals. As a result, CRI® Group’s global team of certified fraud examiners work as a discreet white-labelled supplier to some of the world’s largest organizations. Contact ABAC® for more on ISO Certification and training.



Zafar I. Anjum is Group Chief Executive Officer of CRI® Group (, a global supplier of investigative, forensic accounting, business due to diligence and employee background screening services for some of the world’s leading business organizations. Headquartered in London (with a significant presence throughout the region) and licensed by the Dubai International Financial Centre-DIFC, the Qatar Financial Center – QFC, and the Abu Dhabi Global Market-ADGM, CRI® Group safeguard businesses by establishing the legal compliance, financial viability, and integrity levels of outside partners, suppliers and customers seeking to affiliate with your business. CRI® Group maintains offices in UAE, Pakistan, Qatar, Singapore, Malaysia, Brazil, China, the USA, and the United Kingdom.

Contact CRI® Group to learn more about its 3PRM-Certified™ third-party risk management strategy program and discover an effective and proactive approach to mitigating the risks associated with corruption, bribery, financial crimes and other dangerous risks posed by third-party partnerships.


Zafar Anjum, MSc, MS, CFE, CII, MICA, Int. Dip. (Fin. Crime) | CRI® Group Chief Executive Officer

37th Floor, 1 Canada Square, Canary Wharf, London, E14 5AA United Kingdom

t: +44 207 8681415 | m: +44 7588 454959 | e: