Technology must keep up with third-party risk

Third-party risk management has never been as top-of-mind with business leaders around the world as it is today.

A barrage of negative headlines about well-known organisations dealing with third-party-related violations, along with legislation such as the US Foreign Corrupt Practices Act and the UK Bribery Act, tighter regulations, stricter enforcement and more severe sanctions are helping catapult this issue to the top of the must-address list for C-suites, boards and compliance professionals alike.

In addition to pressure brought on by increasingly stringent legislation and regulations, and the penalties they can bring, consumers and employees are demanding greater transparency and more rigorous corporate social responsibility.

According to research by the European Commission, 56 per cent of the public believe corruption has increased in recent years. The Dow Jones State of Anti-Corruption Compliance Survey of compliance professionals from more than 350 companies worldwide found that 71 per cent had stopped or delayed working with a business partner because of concerns about anti-corruption regulations.


Compliance professionals managing third-party risk are faced with greater challenges than ever before. Baseline screening and enhanced due diligence for all an organisation’s third parties, including product sourcing, contracted services and outsourced process providers, has become the “new normal”.

For many organisations this spike in workload and the complexity of the information needed to stay within the bounds of the law means that manual processes are already, or soon will be, no longer viable. Time and resource constraints mean many risk management programmes cannot perform continuous monitoring manually – and therefore the results of risk assessments are both incomplete and quickly outdated.


A growing number of companies from all sectors are realising that third-party risk management software transforms the risk management function from an archaic, ineffective process to a centralised, predictive and exponentially more effective and efficient function.

Automated approaches allow organisations to right-size their resources, taking a limited approach for low-risk business partners and applying more resources to those with the highest risk levels, while continuously monitoring all third parties for changes in risk exposure.

Technology-enabled approaches also help ensure customisable, defined risk-mitigation policies. This streamlines and standardises the risk mitigation actions that need to happen among internal staff and third parties around the world, even across business units and geographies, to address any red flags effectively.


With an automated third-party risk platform, such as that offered by NAVEX Global, leaders of organisations can gain peace of mind knowing their global due diligence programmes are comprehensive and scalable. The platform also creates a permanent audit trail to prove compliance to boards of directors, auditors, regulators and shareholders. In addition, housing all third-party identity, discovery and due diligence information in one online repository enables greater consistency, and dramatically drives down overall costs.

The increasing complexity of third-party risk management is growing. However, those organisations that make an investment in ensuring they are familiar with the latest regulations and have a system in place to manage risk can be confident they are compliant, protected and better able to grow – and prosper in today’s global economy.

For more information please visit