Building trust into your business model has implications for how business is conducted but also who it conducts business with. With regards to third parties, it is critical for organizations to incorporate precautionary measures to ensure your third parties and their stakeholders are trustworthy.
All businesses depend on third parties in some way. In recent years, globalization and digital transformation have served as the catalyst for businesses to increasingly depend on third parties for goods and services. As a result of this shift, there are increasing regulatory and market pressures for businesses to report on their associated third parties – vendors, suppliers, partners, and services providers. Disclosures and transparency are now more than ever widely expected to build trust with consumers, investors, and employees.
Due diligence is one of the first steps businesses should incorporate and prioritize. As market demands continually evolve to lean towards trust and transparency, it is critical that your organization stands up a risk-based approach to third parties — this often begins with third-party due diligence.
Read more to learn about how OneTrust can assist with third-party due diligence solutions.
What is Third-Party Due Diligence?
Third-party due diligence (TPDD) is a business process related to assessing the ethical practices and regulatory compliance of a third party to identify risk exposure. Third-party due diligence is commonly carried out at the onset of a business-to-business relationship before any goods or services are provided. The goal of conducting third-party due diligence is to understand the ethical practices and compliance of a third party — an entity and its associated individuals — and make a more informed decision on engaging with a third party based on the risks. There are two common practices businesses use to conduct initial third-party due diligence:
- Intake or Scoping Questionnaire: used to initiate third-party due diligence by identifying a business owner, the potential third party, the proposed business function, and other basic parameters
- Screening or Compliance Check: used to screen the requested third parties against data sources for records of compliance violations, criminal conduct, adverse media, and other categories.
In addition to identifying initial risks, third-party due diligence throughout the third-party lifecycle serves to monitor and flag emerging risks that were not detected in the initial screening to ensure ongoing compliance with expectations.
Why Third-Party Due Diligence?
Ethics is emerging as a key component of business strategy – as a value and as a requirement. This includes considering how your third parties – and the countries they operate in – are aligned to your business standards regarding ethics and compliance, including oversight on:
- Human rights
- Fair labor
- Politically exposed persons (PEPs)
The stakes are high for organizations with potential compliance and reputational risks if there is no proper due diligence process. The risks of going into business with the wrong third party can have negative implications for your business. For example, a third party’s adverse media can result in devastating effects on your organization’s reputation if it contradicts your brand and consumer values. In a scenario where a business-critical third party was forced to dissolve due to non-compliance; your own compliance and even entire operations may be at risk.
It is necessary to implement a consistent third-party due diligence program to keep up with your third parties. According to a recent survey by Dow Jones, procurement leaders expect the number of third-party suppliers that they rely on to increase by 40 percentage points over the next three years. Ultimately, implementing third-party due diligence processes reduces overall liability and is the first step in mitigating third-party risk holistically and instills trust within their business.
Key Third-Party Due Diligence Considerations
Third-party due diligence encompasses a wide array of potential issues. Here is a list of the most common red flags that a robust third-party due diligence solution should offer:
- Centralized third-party intake questionnaires
- Third-party profiles on entities and related individuals
- Seamless screening and compliance checks powered by reputable data integration(s) to flag risks such as:
- Human rights and labor violations
- Regulatory violations
- Anti-fraud and financial crimes
- Control and ownership
- Politically exposed persons (PEPs)
- Sanctions and watchlists
- Adverse media reports
- Automatic risk scoring and assessment workflows
- Ongoing monitoring and risk flagging
- Remediation recommendations
- Record keeping and audit-ready reporting
How Can OneTrust Help?
Standing up a third-party due diligence solution will help your organization streamline third-party intake, conduct compliance checks, flag risks, implement appropriate treatment plans, and maintain ongoing oversight by monitoring key concerns. OneTrust Third-Party Due Diligence software enables organizations to take a streamlined approach to third-party due diligence and reduce risk by aligning third parties to their ethical practices and compliance requirements.