Ever-increasing regulatory requirements — from anti-money laundering to anti-bribery and corruption — are driving the need for organizations to manage and gain better insight into their third party relationships, to mitigate risk and respond to regulatory requirements in a timely manner.
Organizations at times conduct their third-party due diligence with only a basic sanctions check and a search for adverse press to identify key risks. However, according to a new report from KPMG International, organizations conducting only an internet and sanctions search may be missing up to 84 percent of potential integrity risks.
Astrus Insights details how other factors; such as background details of the organization, its shareholders, directors, ultimate beneficial owners and litigation information; also need to be considered to understand the full scope of the integrity risk. The report provides insights based on an analysis of nearly 8,000 integrity due diligence reports covering 172 countries.
“Exclusively conducting an internet search for integrity risk is the equivalent of having only a 45 degree view of the Grand Canyon,” said Graham Murphy, KPMG’s US and Global Astrus Market Development Leader. “Failure to adequately assess clients, agents and business partners exposes organizations to reputational damage, operational risk and government investigations. Added to that is the potential for monetary penalties and criminal liability.”
Astrus is a web-enabled integrity due diligence solution offered by KPMG member firms around the globe which helps organizations leverage data from numerous global sources to perform comprehensive and cost-effective integrity due diligence on their global third-party relationships.
Prevalence of Risk
More than two in ten (23 percent) of the subjects examined in Astrus Insights were given an overall risk rating of red, meaning they were associated with significant risks such as allegations or incidences of corruption, fraud, money-laundering or other illegal practices.
Two thirds (66 percent) of reports received an amber grade, meaning risk issues were identified, but these were of a less serious consequence such as opaque ownership structures, association with politically exposed persons or significant involvement of the subject in civil litigation. Only 12 percent of reports received a green rating of “all clear” from an integrity risk perspective.
“Analysis of what makes a third-party a ‘red’ risk provided some surprising results and challenged some widely held assumptions about the nature of third-party risk and how to manage third-party due diligence,” said Murphy. “It was interesting to note that it was the negative information related to the directors or shareholders of the business, and not the organizations, who presented the highest incidents of significant risk.”
Global Hot Spots for Risk
Central Asia, Central and Eastern Europe (including Russia), and Middle East and North Africa stand out as the three regions posing the highest third-party risks with significant integrity risk exceeding 50 percent of the overall risk rating. Russia remains a significant investment destination and area of interest for due diligence. Fifty-seven percent of reports on Russian subjects were rated red, signifying considerable risk.
Analysis of the reports by sector shows that the Financial Services (FS) sector presents by far the highest third-party integrity risks. Over 40 percent of all reports in this sector received a red rating.
Three other sectors: Technology, Media and Telecommunications; Energy, Natural Resources and Chemicals; and Miscellaneous (e.g. general trading companies) presented higher than average risk levels, with over 20 percent of reports rated red. In 30 percent of these reports, bribery or corruption were determining factors for the red rating.
But regardless of sector, fraud associated with the third-party risk was the most prevalent type of risk driving red-rated reports. This held true across seven of the 11 industry sectors analyzed.
“With Google and mobile technologies at our fingertips, data is ever-present but understanding is not,” says Petrus Marais, KPMG’s Global Forensic Leader. “While access is easier than ever, the sheer volume of data has made conducting risk investigations at the scale needed today more much more complicated. Our global network of professionals has honed their capabilities over decades of providing advisory services to leading organizations. Using insights from tools, such as Astrus, we can ensure that we are able to arm organizations with the ability to make better and more informed business decisions.”
For further information, contact:
+1 416 777 8749
Astrus is a secure, online due diligence solution which provides a robust and cost-effective way to obtain tailored insights and assess risks associated with customers, agents, vendors and other counterparties. Astrus offers enhanced integrity due-diligence, high level sanction / politically exposed person screenings as well as, negative media searches. Such reviews could then be supplemented as necessary with full scope / on the ground corporate intelligence investigations as required.
About KPMG International
KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We operate in 156 countries and have more than 152,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.