Abstract: In this article, we have discussed the vitality of third-party risk management and due diligence in the modern business world; the risks that third-party risk management protects your business from; what are the standard signals of risks in an engagement with a third-party supplier; what’s the process of doing a third-party risk assessment; can third-party risk assessment be done in-house and what value can SignalX offer to your business in all of it.
The Modern Business Age and Third-Party Risk Management
Our Prime Minister Narender Modi during his speech at the G7 summit, happening in Bavaria (Germany), while addressing the Indian diaspora said, “(India) is witnessing one unicorn startup in every 10 days!” Low and behold, the new-age startups generate great value and have indeed changed the business landscape tremendously by making business operations cheaper, more transparent, better predictable and increasingly tech-driven.
And every other company (incumbent or budding) wishes to engage with these startups having innovative solutions and an exuberant workforce for one or more business processes like procuring raw materials, inventory management, packaging, distribution, cyber security, maintenance, marketing, etc. In such engagements, startups are referred to as third-party suppliers, vendors, contractors, partners, etc in the contracts’ lingo.
But the major hurdle that comes in establishing such engagements with startups is the accompanying risk. According to Failory, 90% of the startups fail while 70% of them fail within 2 to 3 years of business. What if your supplier is in that 90%? What if your supplier becomes insolvent before the contract expires and millions get stuck? What if they receive an unfavourable legal verdict that hampers your engagement with them? What if they hadn’t provided you with full disclosure on financials? And these questions are not limited to startups, they are relevant for any supplier, startup or incumbent, that you wish to engage.
These questions are critical to answer as they define your business’ stability and growth. And these and many other questions are answered under an exercise called Third-Party Risk Management and Due Diligence.
Why Should You Invest in Third-Party Risk Management?
In the present times, making a market-competitive product and running a successful business completely in-house is a difficult task. Plus, the cost benefits of hiring third-party suppliers are enticing. Hence, having a credible supplier network is vital and therefore a solid filter for onboarding your suppliers is indispensable.
We have clients’ stories where our due diligence reports helped save clients crores by replacing precarious suppliers in their supply chain thereby making the supply chain more resilient to any external disruption like COVID lockdown or global price inflation. We also have stories where a business entity ignored the process of third party risk management to save a few meagre sums of money and later incurred serious reputational and financial loss for engaging with a supplier who were being investigated or were buried under multiple litigations.
If I were to give you a list of reasons why you should do a solid third-party risk management, it would go like this:
- It helps you make better-informed decisions regarding your supply chain partners.
- Upgrade your supply chain and make it resilient to internal and external upheavals.
- Allows you to take peremptory actions against the suppliers that can potentially cause a default in the nearby future.
- Saves you the litigation cost of engaging a delinquent supplier and the cost of rehiring.
- Prevents the plausible reputational harm by engaging with a supplier with a questionable persona in the industry and amongst the masses.
- Provides you with requisite insights like peer comparison, operational credibility, and financial health for negotiating contracts with the subject supplier.
- Aids your contracts lifecycle management processes as the vendor due diligence for the third party risk management needs to happen periodically and you can accordingly renew your vendors’ contracts.
- Facilitates your on-site audits, information protection & privacy policy, and security and procurement functions.
- Avoid you getting on the radar of the law enforcement agencies and sanction authorities.
What are the Signals of Risks with a Third Party Supplier?
Long gone are the days when third-party risk management and vendor due diligence was limited to cyber security. In the present dynamic business environment, there are many other risks that must be assessed to be mitigated like 4th party risks, compliance risks, financial and operational risks, geopolitics risks, reputational risks, performance risks, credit risks, etc. Maybe all of these won’t be applicable to every supplier one wishes to onboard but most of them will.
SignalX analysts evaluate a supplier on 200+ checkpoints, but for the sake of simplicity and brevity, the major dimension for third-party risk management and the corresponding parameters of the same are as follow:
- Operational Credibility: Management consistency and workforce strength.
- Financial Health: Liquidity, Arrears, Leverage Position, Profitability.
- Credit History: Economic Defaults, Insolvency Risk, Credit Rating.
- Compliance Rigour: Indirect Tax Compliance, MCA Compliance, Labour Compliance
- Litigation History: Litigiousness, Criminal Background, Cases Against Target Supplier, Tax Litigations, Insolvency Risk.
- Defaulter and Blacklists: MCA Defaults, Market Regulator Defaults, SFIO, CBI and Other Defaults.
- Sanctions and Politically Exposed Person (PEP) Mentions: Trade Restrictions & Sanctions, Political Exposure of Target Supplier.
- Promoters and Related Party Quality: Legal Cases against Connected Parties, Regulator Defaults against Connected Parties, Trade Restrictions & Sanctions – Connected Parties, Political Exposure of Connected Parties.
- Market Sentiments: Adverse Media Customer, Complaints.
We rate each parameter on the scale of Critical Risk to No Visible Risk and try to give a clear picture of what doing the business with the subject vendor will look like in each of the mentioned dimensions. To view a complete third-party risk assessment and due diligence demo report, click here.
What’s the Method for Supplier Due Diligence? Can it be Done In-House?
The following steps are involved in the third-party risk assessment:
- Studying the statutory and regulatory regime of the jurisdiction.
- Examining MSAs & comprehensively laying out the commodity/service suppliers offer and understanding what all needs to be provided to the supplier e.g customer data, business processes information, client list, etc.
- Gather information on suppliers like their corporate structure, the connected parties, financial data, litigation track record, etc and then verify the information from external sources like suppliers’ past clients.
- Shortlisting the prospective suppliers and removing suppliers with risky political affiliations or any criminal/sanction record.
- Risk assessment to ascertain the suppliers’ resilience against various internal factors (manufacturing risk, business risk, mitigation & contingency, etc) and external factors (demand, supply, environmental, and business risk).
- Developing an ongoing monitoring system to track supplier’s litigation, financials, news, etc.
- Preparing an offboarding checklist for the supplier.
Supplier due diligence can often be a burdensome task because you have to gather information and maintain evidence on many individuals (directors), firms & companies (suppliers’ suppliers) and related parties while being an outsider to each of those entities. That too with limited personnel and finances that could have been better utilised by focusing on business growth.
How will SignalX Help you with your Third-Party Risk Management?
Being in the business of conducting third-party risk assessment and supplier due diligence for the past 3 years, we understand the unique business needs of every industry. To date, we have made 7,000+ due diligence reports for 100+ corporate hailing from various industries and even for top law firms in the country. Our holistic analysis is churned out into graphical reports to convert mundane information and data into actionable insights so that you don’t miss out on nuanced detail.
From Where do we Source Our Data?
We source the data from government institutions’ websites, regulatory bodies’ data, research of renowned think tanks, reports of top finance & auditing companies, credible media reports, and various other third-party datasets. To book a call with our executive who will solve any query that you might have regarding the product or process, click here.
