RISKY BUSINESS – RISK AND COMPLIANCE IN THIRD-PARTY RELATIONSHIPS

Companies may engage hundreds of third parties. Some are business partners or suppliers. Some are specialist providers that take on non-core functions or provide key services. Some even act on the company’s behalf. Working with third parties can help companies become more efficient and reduce costs.

But, while many companies benefit from using third parties, the choice is not without considerable risk. Companies today face a wide spectrum of risks from a variety of sources, including public and investor pressure around environmental, social and governance (ESG) issues, increased cyber threats, rising fraud, and regulatory compliance failings – all of which may be triggered through a relationship with a third party. As a result, many organisations are elevating third party risk management (TPRM) as a priority.

Less control

Companies can face a multitude of risks from their third parties, but according to Sam Johnson, counsel at Sidley Austin LLP, these are broadly seen in three areas. “The first is regulatory liability, such as under the US Foreign Corrupt Practices Act (FCPA) where the liability for acts committed by the third party pass through to the company which has engaged them,” he says. “Second is litigation, for instance where a company’s use of a non-compliant third party impacts the value of the company, resulting in shareholders suing for the loss in value of their shares. Third is reputational damage, for instance where non-governmental organisations (NGOs) name and shame companies suspected of using third parties which violate environmental laws.

Jul-Sep 2023 Issue

Richard Summerfield

Join our free mailing list to read the full article