Companies are gradually realising the choppiness of third party risk, says Refinitiv
Link copied to
COVID-19 has been a rare shock to the global business world but intelligence firm Refinitiv thinks it should be a wakeup call for businesses globally.
While “black swan” events like COVID-19 are rare, third party risks to supply chains have always existed.
Refinitiv believes that firms have not been doing enough due diligence on third parties and now is the time to change.
“Despite regulation and stronger enforcement action, organisations in APAC are struggling to gain visibility over third-party risks and take appropriate action,” Refinitiv Asia Pacific managing director Alfred Lee said.
“With increased regulatory focus on issues such as green crime and illicit financial flows, companies cannot afford to fall behind in their risk management capabilities.”
Refinitiv conducted a survey of 1800 corporate risk compliance professionals globally. It found that 43 per cent of third party relationships were not subject to any form of due diligence.
Specifically among Australian respondents, only 54 per cent undertook due diligence checks on third parties.
The survey also found 15 per cent said they had sufficient knowledge of the risks associated with pandemics. Only 11 per cent of Australians concurred.
However Refinitiv believes companies are gradually realising the financial ruin they could face.
The survey’s findings illustrating this included:
Evidently companies will react if caught unaware. Over 90 per cent said spending on risk management increased after an enforcement action.
But Refinitiv argues they need to go from being reactive to proactive. It noted law enforcement agencies were paying much closer attention than ever before.
“Organisations face greater regulation and stricter enforcement actions,” Phil Cotter, managing director, risk business at Refinitiv.
“In 2019, companies received penalties totalling a record $US2.9bn ($4.4bn) under the US Foreign Corrupt Practice Act (FCPA), with several officers and directors of those companies being found individually liable for breaches.
“It is clear from our report that many companies today are not doing enough to protect themselves against the risk of involvement in criminal activity and resulting regulatory enforcement.”