RISK AND COMPLIANCE ISSUES ARISING FROM THIRD-PARTY BUSINESS RELATIONSHIPS

RC: Could you provide a general overview of the potential risk exposures that may arise when dealing with third-party business partners and vendors?

Bjelland: The list of potential risk exposures is quite extensive. There are privacy risks, transaction risks, technology risks, credit risks, compliance risks and risks to reputation. In addition, there are numerous other specific issues to consider that fall under the more general categories such as copyright and patent laws, and concerns related to ownership, liability, consumer protection and compliance monitoring and records retention. Finally, there are risks specific to an industry or type of business. Third-party risk exposure is relevant to all industries, not just financial, and each one of these has their own additional industry-specific risk issues to consider. For example, an oil company has to consider the additional risk of pollution-related liabilities in their contracts with third-parties, such as drilling contracts.

Hurrell: Recent research would suggest that the majority of the value chain in most companies is now provided by outside entities such as subcontractors, suppliers and distribution networks. This means that more than half the risk to the brand or reputation of a company is outside its direct control and often operating in countries which are relatively unfamiliar to the principal. This will have been very different only a few years ago, and some companies have been better at making the adjustments to risk management strategy demanded by their changed business models than others.

Oct-Dec 2013 Issue

Airmic

Berkeley Research Group

KPMG