Shortcuts taken in UK supplier vetting – 31% of third parties considered “high-risk”

A third of all new supplier onboarding tackled in the UK over the last 12 months wasn’t executed by the book, according to a new Dow Jones report. Half of procurement professionals surveyed by the company believe that corners are being cut because of the time it takes to vet suppliers and, alarmingly, 41% say senior-level relationships also influence the legitimacy of supplier vetting.

The research sought feedback from 250 UK-based procurement professionals across five sectors: engineering and construction, oil and gas, IT and technology, media and telecoms, and manufacturing.

For complex global supply chains to work seamlessly, third parties, such as suppliers and distributors, need to be subject to the correct level of due diligence or products may not be up to scratch, orders could be delayed, and late low-quality goods could result in business lost.

Third parties are also the single greatest area of bribery risks for corporate companies, anti-corruption charity Transparency International UK found in its 2016 report. Third-party bribery risk is the risk of offering, paying or receiving a bribe through any third-party acting on a company’s behalf.

due diligence or products may not be up to scratch, orders could be delayed, and late low-quality goods could result in business lost.

However, third-party risk is now moving higher up on corporates’ agendas, Guy Harrison general manager of Dow Jones Risk & Compliance tells GTR in an interview at the firm’s London office. Dow Jones Risk & Compliance is a provider of third-party risk management and regulatory compliance solutions. He explains that there are two reasons for this: increased enforcement and the fact that regulators are “slapping massive fines” on companies failing to do due diligence on their suppliers, and because CEOs are being held more personally accountable for vetting failures. Dow Jones is unable to comment on the impact third-party risk has on firms’ ability to access finance.

GTR: We’ve seen solutions introduced to make upstream suppliers more transparent. How viable do you think that is considering that global supply chains can be very lengthy?

Harrison: Where do you draw the line – is it your supplier’s supplier, how far? People have more work than they can possibly do with their current infrastructure setups and so they’re cutting corners as a result. Much risk does sit in the fourth, fifth and beyond-party relationships, and not just an immediate third-party.

Our platform deals with more complex supply chains – as far as the customer wants to take it. At its most simple level, when a company is onboarding a third-party, it puts some basic information into the system about that third-party which will enable it to come up with an initial risk rating. There isn’t a single view of what constitutes the risk rating of a customer because [risk rating] inconsistency is a big problem within the industry.

GTR: What’s stopping these procurement teams from being able to do proper checks?

Harrison: Firms can’t do everything to the nth degree. There aren’t the resources in a normal commercial organisation to do that, so they must take risk-based approaches and they must focus on the areas that have the most risk.

Therefore, you might go further into the supply chain in certain jurisdictions or business relationships or with specific products than you would do in other areas. So, for example, if you’re a Brazilian company, you probably won’t see Brazil as a high-risk jurisdiction because you are based there, you know it and you’re comfortable. But if you are a UK company, you might well see Brazil as high-risk.

There is a lot of risk that sits in extended supply chains, and firms need to adopt tools to help them assess this risk and investigate those outer layers of the supply chain.

GTR: Do you think blockchain or other technology might ease the transparency of the vetting process?

Harrison: Honestly, I’m a bit sceptical on some of the applications of these bleeding edge technologies because people are wanting to go from A to Z without the intervening steps. If you’re managing your third-party risk on emails and on spreadsheets, then that’s clearly inadequate, and you need to put in place one of the tools out there.

Some of these technologies, like blockchain, can be used as an excuse to put off what’s possible now because they [corporates] are waiting for the next generation of things to come along. These companies would say ‘we won’t do what’s immediately available to us because we’re waiting for the industry blockchain solution’. That’s not an acceptable approach in the current marketplace.

GTR: What are companies currently doing to reduce their third-party risk

Harrison: Firms are focusing on technology in order to do more with less, with emphasis also being put on the quality of information fed into those processes. The other thing people are looking at is bringing up the standard of compliance right the way across an organisation, not just within the areas in their immediate purview.