New research from Refinitiv has found that despite greater regulation and stronger enforcement action, many organisations are struggling to gain visibility over third-party risks.

The fourth third-party risk survey found that on average, 43 per cent of third parties do not receive due diligence checks, an increase of six per cent compared to the responses found in the 2016 survey.

When it came to reporting a third-party breach, 53 per cent of respondents would report internally, while only 16 per cent said they would report it externally. Additionally, 61 per cent said they believe that prosecution would be unlikely if the organisation breached third-party-related regulations.

Refinitiv stated that COVID-19 is set to have a substantial impact on the risk landscape, particularly in terms of supply chain and third-party risk. "Global supply chains can create competitive advantages for businesses and cut costs for consumers, but they also carry significant risk," noted the report.

However, 62 per cent of respondents noted they did not know the extent to which third parties are outsourcing work.

“COVID-19 has exposed the fragility of supply chains and demonstrated how critical due diligence is to identify and manage multiple risk scenarios, whether it be country risk, jurisdiction risk, or the concentration risk of over-exposure to vendors or geographies," said Phil Cotter, managing director of the risk business at Refinitiv.

"As a result, businesses are likely to build greater visibility and resilience into their supply chains in the future so they can more thoroughly assess and mitigate supply chain risks and increase actions taken in all aspects of third-party due diligence."

The survey also found that 63 per cent of respondents agree that the current economic climate is encouraging organisations to take regulatory risks in order to win new business.

The findings were based on a survey completed by nearly 1,800 global third-party relationship, risk management and compliance professionals in corporate organisations. The research was conducted in February across 16 countries, including: UK, US, Brazil, China, India, Australia, Germany, France, Singapore, Spain, Hong Kong, South Africa. Russia, Saudi Arabia, the Netherlands and Canada.

In the UK specifically, 45 per cent of respondents said that they know/suspect that third parties they conduct business with have been involved in illegal activities.

A further 53 per cent said they did not know the extent to which third-parties are outsourcing their work, while 49 per cent said that they would report a third-party regulatory breach internally - compared to only 21 per cent who would report it externally.

Share Story: