Third-party risk management: why transparent company data creates defensibility

Companies face more significant third-party risk management obligations than ever before. 

A vital component of a third-party risk management programme is to understand who the suppliers, agents and other companies in their third-party ecosystem are at legal entity level – often across thousands of companies and multiple supply chain tiers. 

Legal entity data you can rely on is therefore critical. But not all data sources are equal and not all can scale.

Here, we explain why the provenance of transparent legal entity data enables more defensible third-party risk management and why such data is better suited to powering the tech tools that are helping compliance professionals scale their risk management effectiveness.

Challenge to do more with less

Today, third-party risk management is all about the need for companies to identify, assess and mitigate the risks posed by conducting business relationships with their third-parties at scale.

Michael Short, Managing Director and Co-founder at ethiXbase, whose platform helps automate key due diligence processes using OpenCorporates’ data, says the expectations for companies to manage third-party risk have accelerated in the last three years.

“Companies have to be cognizant of risks such as money laundering, fraud and foreign corruption, but must also carry out extra due diligence and background screening around forced labour and other social issues” he says.

The increasing size, complexity and interconnectedness of third-party ecosystems means that compliance departments are being asked to do more with less. 

But pressure also comes from:

  • Regulatory obligations
    In addition to the ever-present risk of falling foul of the Foreign Corrupt Practices Act (FCPA) or other anti-corruption regulation, expectations have increased concerning the need for companies to monitor their third parties on an ongoing basis – not just at a point in time. Legislation has also sprung up in the UK, Australia, and California, requiring companies to report on the steps they’re taking to mitigate modern slavery risk.
  • Rise of ESG
    Company stakeholders increasingly expect business to be conducted responsibly and for sound management of environmental, social and governance (ESG) issues. “Alongside the development of legislative and regulatory frameworks for reporting on sustainability within global supply chains, what has really changed is the groundswell of public support whereby the average consumer will pay more for products that are ethically sourced or produced”, shares Michael. 

Automation allows risk management to scale

Technology platforms are increasingly being adopted to redress the balance. The technology helps automate aspects of the due diligence companies need to conduct in order to inform their risk management efforts.

We recently shared an example of the ethiXbase 360 platform, which accesses legal entity data at scale via the OpenCorporates API.

Michael says traditional methods, such as sending compliance questionnaires to prospective and current suppliers is a headache for companies to scale, and that technology solutions instead “bring the ability to screen and report on vendors en masse”. “We do not have to ask third parties for information, we now get it from trusted data providers like OpenCorporates”, he explains.

Automating the risk management process brings many benefits to companies, including: 

  • Efficiency
    Staff no longer need to spend many hours manually collating data to verify information disclosed by third parties
  • New insights
    By using data on companies taken from official registries, via OpenCorporates, compliance officers can identify risks posed by a third party that might not have been detected if the process relied on self-attestation alone

Foundational role of transparent legal entity data

But technology platforms are often only as effective as the data they rely on. 

If it is not clear what that data represents, or when and where it was collected, then companies cannot be confident about how they use data. 

That’s precisely how the opaque legal entity data that has dominated until recently operates – as you’re often left with no data provenance, poorly-defined data models and unreliable data that can’t be traced back to an official source, because it often doesn’t come from one.

By contrast, every company record in OpenCorporates’ transparent database of legal entities clearly states when the data was last updated, along with where the data was collected from – providing a link back to the official source. 

This means risk management professionals can make more defensible decisions with it, and the technology platforms that support them are more explainable, auditable and can be deployed with greater confidence.

You may also be interested in…

Case study
Read how ethiXbase uses OpenCorporates’ data to help companies manage supply chain risks. Read case study >

OpenCorporates’ data
Explore the largest open database of companies in the world, which can be delivered at scale in bulk or via our API.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s