Ever-increasing regulatory requirements — from anti-money laundering to anti-bribery and corruption — are driving the need for organisations to manage and gain better insight into their third party relationships, to mitigate risk and respond to regulatory requirements in a timely manner.
Organisations at times conduct their third-party due diligence with only a basic sanctions check and a search for adverse press to identify key risks. However, according to a new report from KPMG International, organisations conducting only an Internet and sanctions search may be missing up to 84 percent of potential integrity risks.
Astrus Insights details how other factors; such as background details of the organisation, its shareholders, directors, ultimate beneficial owners and litigation information; also need to be considered to understand the full scope of the integrity risk. The report provides insights based on an analysis of nearly 8,000 integrity due diligence reports covering 172 countries.
“Exclusively conducting an Internet search for integrity risk is the equivalent of having only a 45 degree view of the Grand Canyon,” said Graham Murphy, KPMG’s US and Global Astrus Market Development Leader. “Failure to adequately assess clients, agents and business partners exposes organisations to reputational damage, operational risk and government investigations. Added to that is the potential for monetary penalties and criminal liability.”
Astrus is a web-enabled integrity due diligence solution offered by KPMG member firms around the globe which helps organisations leverage data from numerous global sources to perform comprehensive and cost-effective integrity due diligence on their global third-party relationships.
Prevalence of Risk
More than two in ten (23 percent) of the subjects examined in Astrus Insights were given an overall risk rating of red, meaning they were associated with significant risks such as allegations or incidences of corruption, fraud, money-laundering or other illegal practices.
Two thirds (66 percent) of reports received an amber grade, meaning risk issues were identified, but these were of a less serious consequence such as opaque ownership structures, association with politically exposed persons or significant involvement of the subject in civil litigation. Only 12 percent of reports received a green rating of “all clear” from an integrity risk perspective.
“Analysis of what makes a third-party a ‘red’ risk provided some surprising results and challenged some widely held assumptions about the nature of third-party risk and how to manage third-party due diligence,” said Murphy. “It was interesting to note that it was the negative information related to the directors or shareholders of the business, and not the organisations, who presented the highest incidents of significant risk.”
Global Hot Spots for Risk
Central Asia, Central and Eastern Europe (including Russia), and Middle East and North Africa stand out as the three regions posing the highest third-party risks with significant integrity risk exceeding 50 percent of the overall risk rating.
Russia remains a significant investment destination and area of interest for due diligence. Fifty-seven percent of reports on Russian subjects were rated red, signifying considerable risk.
Analysis of the reports by sector shows that the Financial Services (FS) sector presents by far the highest third-party integrity risks. Over 40 percent of all reports in this sector received a red rating.
Three other sectors: Technology, Media and Telecommunications; Energy, Natural Resources and Chemicals; and Miscellaneous (e.g. general trading companies) presented higher than average risk levels, with over 20 percent of reports rated red. In 30 percent of these reports, bribery or corruption were determining factors for the red rating.
But regardless of sector, fraud associated with the third-party risk was the most prevalent type of risk driving red-rated reports. This held true across seven of the 11 industry sectors analysed.
“With Google and mobile technologies at our fingertips, data is ever-present but understanding is not,” says Petrus Marais, KPMG’s Global Forensic Leader. “While access is easier than ever, the sheer volume of data has made conducting risk investigations at the scale needed today more much more complicated.”