How to make third-party risk management less painful

Written by Dun & Bradstreet on Thursday September 6, 2018

 It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.

– Warren Buffet


Managing a compliance programme can be extremely disruptive to an organisation. Firms must not only run checks on potential customers, but also ensure that third-party risk is a key part of their comprehensive compliance programme, to avoid exposure to bribery and corruption and the associated reputational ramifications.


In addition, with business pressure to move quickly and efficiently a common driver, the onboarding process is a key area where competitive advantage can be gained or lost. Verifying third-parties, determining risk and creating visibility for your stakeholders are all key to an effective programme – but this can still be a manual process which does not make the best use of your human capital.


Approaching the programme in an organised manner will help you manage your resources effectively, ensuring that you are protecting your company and your brand, while not overwhelming your team.


Third-party risk management


A multi-step compliance programme will deliver tangible results from loss avoidance related to global penalties/fines and third-party risk, but will require content, processing, analysis and adherence at each step:


  •  Identify & Verify: Identify the specific entity and its relationships and verify data against that business, taking a risk-based approach
  • Beneficial Ownership: Establish ownership of the business and determine ultimate beneficial owners. Leverage that information based on your company’s risk tolerance
  •  Screen: Screen entities for sanctions, politically exposed persons, reputational risk and litigation risk
  •  Assess Risk: Assess the risk of the entity to determine whether the business passes your compliance policy
  •  Reporting: Demonstrate and document adherence to established policies
  • Monitor: Keep watch on the businesses in your portfolio for any changes to circumstance events and compliance flags that may change how you assess the entity


However, collecting all the information required to manage your compliance programme is not only time consuming but can be costly.


So, how exactly do we propose to make this less painful?


Leveraging best practices and automation can allow the management of your compliance programme to be effective and achievable. During the webinar, we will cover best practices and ways to automate your compliance programme across these four key areas:


  •  Policy and adherence – All parties, internal and external, need to understand what is required, how to comply and what are the consequences of non-compliance. A compliance policy is only as good as its execution.
  •  Using a risk-based approach – A risk assessment process to identify, segment, mitigate, and monitor risks and risk factors will assist in identifying where you need to focus, and will also enable you to create a programme that is both designed around your company’s risk tolerance and cost effective for your organisation.
  •  ID and verification – Knowing exactly who you are doing business with – not just the company, but the people behind it – and leveraging multiple sources to verify self-reported information is the starting point for every compliance programme.
  •  Automating data collection – Automate the collection of data from your customers, suppliers and third parties in a flexible way.


This piece was written for the ICA by Amy Hayenhjelm and Neil Isherwood of Dun & Bradstreet

Dun & Bradstreet’s Amy Hayenhjelm and Neil Isherwood will be discussing ‘How to make third-party risk management less painful’, on 26 September as part of our #BigCompConvo webinar series. Register here for the webinar to hear practical recommendations for faster and efficient onboarding and the successful management of third party compliance.

Join Amy and Neil on Wednesday 26 September 2018, 14:00 BST to learn more. Register here.

If you would like to take part in the ICA’s Big Compliance Conversation and contribute to a like-minded community, please get in touch at


Please leave a comment

You can leave the name empty should you wish to remain Anonymous.

You are replying to post:



Email *

Comment *

Search posts

View posts by Author