In January 2014, Walmart was forced to recall meat sold at some of its China stores after the discovery that it contained DNA from foxes. In the aftermath, Walmart China’s president and chief executive officer commented that, “It is a deep lesson that we need to continue to increase investment in supplier management."
Only one month earlier, Target disclosed it had been the victim of a major credit card security breach. Experts believe thieves gained access to roughly 40 million credit and debit card numbers and the personal information of as many as 70 million customers. The subsequent investigation found the hackers used a third-party contractor to gain access.
These incidents highlight the risks of doing business with suppliers that fail to perform appropriately: potential supply chain disruption, serious reputational damage and even government investigations related to regulatory compliance.
Three Major Risks of Doing Business with Third Parties
Most companies have relationships with a wide range of third-party organizations. While these third parties are essential to drive growth, they bring with them risks that need to be mitigated and managed.
Supply Chain Risk
In recent years, the drive for efficiency and cost-savings has increased the complexity of supply chains, resulting in lost visibility. This leaves your company vulnerable to a delay – or even complete halt – to operations if the tools, supplies or necessary services provided by third-parties are disrupted.
Chances are that your business agreements include contractual terms that even your most loyal suppliers will seek to avoid from time to time. Likewise, suppliers who appear to be on solid financial ground may actually be on thin ice when it comes to their capitalization.
Counterfeiting, piracy, trade secret theft and trademark infringement are all
serious considerations for any company, but in today’s economy, intellectual
property is at greater risk when working with third-party business partners. A
2013 report by The Conference Board found that roughly half of the executives
surveyed perceived extensive risk of IP infringement in emerging markets when
engaging suppliers and business partners.
How Emerging Regulatory and Compliance Mandates are Impacted
In addition to operational risk with third parties, new regulatory mandates constitute an entirely separate area of compliance risks for any company that engages third-party suppliers.
Consider the flurry of new regulatory mandates impacting the financial services industry, including:
New guidance on risk management. In October 2013, the U.S. Department of Treasury’s Office of the Comptroller of the Currency (OCC) emphasized the responsibility banks have to assess and manage risks associated with third-party relationships. The OCC makes it clear that it “expects a bank to practice effective risk management regardless of whether the bank performs the activity internally or through a third party.”
SEC’s “covered person” provisions. In July 2013, the Securities and Exchange Commission finalized amendments to Rule 506, which require private investment funds to conduct due diligence to confirm no “covered person” has engaged in a “disqualifying event,” also known as the “Bad Actor” provisions. This new rule was broadened specifically to include third parties and various categories of business partners.
CFPB expectations for supplier due diligence. The Consumer Financial Protection Bureau (CFPB) has notified financial institutions they are expected to have an effective process for managing the risks of service provider relationships, including conducting thorough due diligence to verify that service providers understand and comply with the law.
Moreover, a wide range of compliance requirements affect corporations globally. Legislation against bribery and corruption — such as the U.K. Bribery Act and the U.S. Foreign Corrupt Practices Act — cause anxiety for all corporate executives whose companies do business in global markets.
Worse yet, suppliers further removed from the company’s immediate focus may
pose the biggest supply chain risk. A survey by the Business Continuity
Institute found that almost 40% of reported supply chain disruptions originated
with Tier 2 and 3 suppliers. The lesson? Organizations need greater visibility into supply chain problems that can come from virtually any supplier in the world at any time.
Importance of News and Public Records Updates
These operational and compliance risks are formidable, but the reality is every major corporation must develop new business relationships with third parties to survive. So what can a corporate executive to do to mitigate those risks?
The answer is that you must commit to aggressive due diligence in the vetting of your third-party suppliers, supplemented by ongoing monitoring. While financial scores and open Web searches can be useful, they can hardly be considered due diligence. Both sources rely on limited and often lagging indications of what is truly going on with your suppliers. It’s important to leveraged forward-looking, licensed media and public records databases to anticipate risk. By the time a company’s financial score has changed, it’s often too late for you to take action to minimize the impact on your company
- whether that impact is reputational, operational or legal.
A recent study by LexisNexis® and State of Flux using risk rated news identified early warning signs of bankruptcy in more than 80% of sampled companies. Warning signs could be clearly seen six months before companies reached bankruptcy, and these signs became more pronounced the closer the companies got to failure. Critically, the pattern of early warning signs was unique to failing companies and not seen in a sample of healthy companies. See summary results in figure below.
Business information services that monitor news and public records are powerful tools, enabling corporations to more thoroughly vet a supplier before entering into a relationship and subsequently conduct ongoing monitoring. This is an important strategy for conducting aggressive due diligence and protecting your company from problems arising from doing business with third-parties that fail to perform appropriately.
LexisNexis is offering SIG Members a complimentary due diligence report and analysis on a company of your choice. This exclusive offer not only provides access to a complimentary report covering premium licensed global news and business sources, Experian financial scores, legal and public records information, but also offers insights on the resources your organization needs for a deep look at the potential risks you can uncover within your supply chain. Upon request, a LexisNexis supply management specialist will review the findings and the process used to generate the report with you.
If you would like to take advantage of this exclusive SIG member benefit offer, please submit your request to Geoff Talbot at
firstname.lastname@example.org with the name of the company you want assessed along with any supporting questions to help target the assessment to address your concern(s).