In third-party risk management, technology is the solution that needs to be embraced. It’s the quickest way for organizations to advance their programs and appease government agencies.
Research from NAVEX Global shows that more than two-thirds of organizations say creating a culture of ethics, integrity and respect is their top objective. But when it comes to assessing third parties – which is increasingly important, given expanding supply chains around the world – more than a third are still using paper or stitched-together programs.
Without question, the findings from the its 2018 Third-Party Risk Management Benchmark Report could be viewed with a pessimistic lens. I wouldn’t blame anyone for saying that the findings outlined above are a sign that organizations say the right things (or that they have the right motivations) but really don’t deliver on compliance. At least, not when it comes to assessing third parties.
In other words, a reasonable person might think the conflict is a sign that many organizations are all talk. But I think we’re looking at findings that signal the cusp of a wave of investment in compliance technology (barring a major economic slowdown).
Third-party risk affects everyone & regulators know it
This year’s survey report is based on results from 1,200 respondents who influence or manage their organization’s ethics and compliance programs; of which more than 500 answered additional questions specific to third-party risk. Of course, almost all companies must work with outside partners and they need to commit to making sure they’re behaving lawfully and ethically. It’s too late if you’re apologizing (to the public or to regulators) amid allegations that one of your suppliers uses child labor, for instance.
It’s important to have a risk-based approach to third-party management. Such an approach can help prevent misconduct and avoid government investigations and enforcement actions. Regulators can and will levy large financial penalties for third-party compliance failures, but good-faith efforts to manage third parties can lessen penalties.
Paper & stitched software systems
Thirty-five percent of organizations in the survey said they used internally built systems comprised of paper or stitched software. Meanwhile, 31 percent of compliance programs were deemed either reactive or basic. This year, instead of asking organizations to provide self-assessments, NAVEX Global based the maturity rankings on questions about program elements (risk-management practices, technologies used to manage third-party risks and methodology to assess the third-party risk management program’s effectiveness). That means the data more accurately reflects the market.
What this should all tell us is that technology is the solution that needs to be embraced. It’s the quickest way for organizations to advance their programs and appease government agencies. No regulator will be satisfied if an investigation reveals a $500 million company is using paper systems to assess third parties. It’s simply not a way to show that you’re committed to the concept of an ethical culture.
This takes us back to the finding about those overall program objectives. If indeed creating a culture of ethics, integrity and respect is their top objective, we could start seeing the results very soon when it comes to a new wave of investing in third-party systems.
But don’t think of it as a put-up-or-shut-up moment. Think of it as the coming together of the goals and practices that organizations apparently know they need to embrace.
By Michael Volkov
- Impact of digitized environments & modern workplaces on internal investigations - April 15, 2020
- Whistleblower hotlines decrease the cost & duration of corporate fraud schemes - March 18, 2020
- Entering the era of operational resilience - February 27, 2020