<h1>Overview of Third Party Due Diligence</h1>

Companies often associate with third parties like suppliers, agents, consultants, and contractors to improve their business. 
 
Associating with third parties can help improve the quality of products and services companies offer to their customers, meeting ever-fluctuating demands, and reducing the burden of doing the activities themselves. On the flip side, associating with third parties could also get a company into trouble if they are found dealing with the wrong third party.  
 
In times where merely trusting someone blindly is considered unlikely, third-party due diligence is gaining importance. This due diligence should be conducted before entering into any form of contract or agreement with the third party.  
 
Depending on the third party’s country of origin or the type of services they offer, conducting an even more stringent the third party due diligence becomes imperative. No matter how small or large the third party, conducting due diligence before formally associating with them is imperative for a business to be sure of who exactly they are dealing with. 

<h2>Importance Of Conducting A Third-Party Due Diligence </h2> 
 
<b>Know Who You Are Associating With </b>
Before finalizing any third party, it is important to know who exactly you are dealing with and the type of services they offer. Companies must collect basic information such as registration number, date of incorporation, address, owners/ promoters/ directors of the company, business/industry they operate in, customers, and source of funds.  
 
Companies should also go a step ahead and verify if this information is correct and recent as per government records and public filings. 
 
<b>Protect Yourself From Risks </b>
Dealing with third parties can be risky as they might be indulging in money laundering, bribery, corruption, and other unlawful activities.  
 
A robust third party due diligence helps the company identify the risks associated with dealing with such third parties and accordingly how to manage these risks should affect business operations. 
 
<b>Protect Your Reputation </b>
They say it takes years to build a brand image and only seconds to lose it. Some third parties have a bad reputation and associate with them could severely affect the strong reputation your company has built over the years. 
 
You need to ensure that you are associating with a third party with a good reputation as your customers will be trusting your judgment in dealing with only credible third parties. 
 
<b>Adherence To Regulations </b>
Another reason to conduct during due diligence is to ensure the third party is following the relevant country’s regulations in terms of legality of the business, labor laws and employment, anti-bribery, anti-corruption, and money laundering.  
 
Contracting with a third party that employs child labor or exploits their employees by paying less than minimum wages is not a third party you would want to be associated with. 
 
<b>Avoid Dealing With Blacklisted Third Parties & High-Risk Individuals </b> 
Before associating with third parties, companies should check if that third party is blacklisted, part of a government sanction list, or law enforcement notices. Further, companies can also cross verify if the owners/ promoters/ directors of the third party are high-risk individuals or politically exposed persons. Dealing with such third parties or individuals could affect your company's reputation and business.  
 
Although conducting these checks might be cumbersome, consider it as an investment to protect your company and your brand. For when things go awry with your third party, your company would have to deal with the after-effects. 
 
<h3>Implementing A Third-Party Due Diligence Framework </h3>
 
<b>Risk Assessment </b>
After gathering and verifying the third party information, companies need to conduct a risk assessment in order to categorize third parties into Low, High, and Risk rating. Further, companies also need to consider the third party’s country of origin which could form the deciding factor whether to associate with them or not. 
 
<b>Monitor Performance </b>
Once the third party has been selected, companies can implement a process to monitor the third party’s performance on a continuous/ regular basis. companies can 
create an inventory of all their new and existing third parties, whether vendor onboarding has been completed or is up to date, products or services are provided in accordance with the contract at defined rates, and penalties are charged for non-adherence to the timelines or agreement. 

<b>Policies And Procedures In Place </b>
Companies also need to have a well-defined framework which includes policies that clearly outline the company’s policy for the third party due diligence, vendor onboarding, and monitoring vendor performance. Companies also need to be document processes that state how the policies need to be implemented and the roles/ responsibilities of the persons involved. 
 
<b>Awareness Among Staff </b>
Creating policies and procedures is of no use unless the staff is aware of the policies and training on the processes. Periodic and regular training must be provided to employees so that they are well aware of what to check, any specific points to cross verify, and raising concerns on a timely basis to highlight any discrepancies before the third party is finalized and an agreement is signed. 
 
<h4>Third-Party Due Diligence & Third-Party Risk Management </h4>
Creating a checklist when conducting Third-Party Due Diligence which covers checkpoints on Company information, Financials, Cyber-Security Policies, and Procedures, Political Connections, Reputation, and BCP/ DR plans would go a long way in understanding the third party before official onboarding them. 
 
What starts out as the third party due to diligence initially transforms into third party risk management eventually as once the third party is on board, the company needs to start monitoring the third party performance, managing the risks that are associated with them, ensuring adherence to contractual agreements, conducting audits to ensure compliance with the processes or the requirement for which the third party was hired. 
 
Companies who have outsourced activities to third parties to avail their expertise, save on time, resources, or to assist them with services need to be doubly sure of who they are dealing with. Data breaches caused by third-party firms, business being affected due to the absence of a BCP/DR plan in place at the third party, and simply over-reliance on third parties could bring your business to a standstill in the event of an emergency. Third-party risks, due diligence, and risk management can no longer be taken for granted. It took one pandemic for the world to realize how truly prepared they were for the tough times ahead.  

<h5>How Riskpro can help you? </h5>
Riskpro offers Third-Party Due Diligence, Third-Party Risk Management (TPRM) consulting, and TPRM software. For more details or a software demo, contact us at info@riskpro.in  
 
Author 
Anita Jagasia  
Manager – Riskpro India 
info@riskpro.in 
December 2020