According to a KPMG International report, Astrus Insights
, despite this regulatory scrutiny many companies, especially in the financial services sector, are still vulnerable because of reliance on traditional methods of investigating business relationships. Organizations at times conduct their third-party due diligence with only a basic sanctions check and a search for adverse press to identify key risks.
However, according to the new report, organizations conducting only an Internet and sanctions search may be missing up to 84 percent of potential integrity risks.
“Much of the risk that companies face today is the result of the activities of third parties with whom they are doing business,” said Richard H. Girgenti, US leader for KPMG’s Forensic. “Regulators are increasingly holding companies accountable for knowing who their customers are and the actions of their agents, vendors and joint venture partners. KPMG is committed to investing in the technology, and talent and experience globally to help companies navigate one of their most challenging risks.”
Astrus Insights details how other factors; such as background details of the organization, its shareholders, directors, ultimate beneficial owners and litigation information; also need to be considered to understand the full scope of the integrity risk. The report, named after Astrus, a KPMG due diligence solution which gathers corporate intelligence from hundreds of data sources, provides insights based on analysis of nearly 8,000 integrity due diligence reports, covering 172 countries. Astrus helps organizations perform comprehensive and cost-effective integrity due diligence on their global third-party relationships.
Prevalence of Risk
More than two in ten (23 percent) of the subjects examined in Astrus Insights were given an overall risk rating of red, meaning they were associated with significant risks such as allegations or incidences of corruption, fraud, money-laundering or other illegal practices.
Two thirds (66 percent) of reports received an amber grade, meaning risk issues were identified, but these were of a less serious consequence such as opaque ownership structures, association with politically exposed persons or significant involvement of the subject in civil litigation. Only 12 percent of reports received a green rating of “all clear” from an integrity risk perspective.
“Analysis of what makes a third-party a ‘red’ risk provided some surprising results and challenged some widely held assumptions about the nature of third-party risk and how to manage third-party due diligence,” said Murphy. “It was interesting to note that it was the negative information related to the directors or shareholders of the business, and not the organizations, who presented the highest incidents of significant risk.”
Global Hot Spots for Risk
Central Asia, Central and Eastern Europe (including Russia), and Middle East and North Africa stand out as the three regions posing the highest third-party risks with significant integrity risk exceeding 50 percent of the overall risk rating. Russia remains a significant investment destination and area of interest for due diligence. Fifty-seven percent of reports on Russian subjects were rated red, signifying considerable risk.
Analysis of the reports by sector shows that the Financial Services (FS) sector presents by far the highest third-party integrity risks. Over 40 percent of all reports in this sector received a red rating.
Three other sectors: Technology, Media and Telecommunications; Energy, Natural Resources and Chemicals; and Miscellaneous (e.g. general trading companies) presented higher than average risk levels, with over 20 percent of reports rated red. In 30 percent of these reports, bribery or corruption were determining factors for the red rating.
But regardless of sector, fraud associated with the third-party risk was the most prevalent type of risk driving red-rated reports. This held true across seven of the 11 industry sectors analyzed.
“Despite the additional resources organizations are putting into compliance and monitoring, there are still a lot of gaps and criticisms from regulators about the quality of due diligence companies are producing,” said Laura Durkin, KPMG’s US Astrus Leader. Astrus was designed to close many of those gaps in a cost effective way by using not only data & analytics, but also face-to-face investigations, primary sources and experts from around the globe.”
According to KPMG, the key drivers of regulations that require companies to know their Third Party Intermediaries include:
- Anti-Bribery & Corruption: Foreign Corrupt Practices Act, UK Bribery Act, Fraud & Misconduct
- Anti-Money Laundering: terrorist financing, customer due diligence
- Emerging Markets Risk: conflict minerals, environmental, external sourcing, social issues(CSR)
- Business Risk Assessment: jurisdictional, industry and government/political exposure
- Relationship Management: supply chain, M&A, reputational risk
The analysis underscores the importance of bolstering traditional methods with screenings and investigations that include Deep Web content and a global network of professionals able to follow-up with face-to-face interviews, research and investigation when necessary.
Deep Web information is not always indexed via traditional search engines and often omitted from Internet-based searches. Surface Web content which does not require log-ins and global online public data records, including global sanctions and regulatory enforcement lists, are often the sole methods companies use to vet third parties. Astrus Insights outlines why this is typically not an adequate approach.
“Exclusively conducting an Internet search for integrity risk is the equivalent of having only a 45 degree view of the Grand Canyon,” said Graham Murphy, KPMG’s US and Global Astrus Market Development Leader. “Increased enforcement around Foreign Corrupt Practices Act (FCPA), anti-money laundering, terrorist financing, conflict minerals, and other regulations require organizations to adequately scrutinize clients, vendors, agents and business partners or face exposure to reputational damage, operational risks and financial and criminal liability.”
About KPMG LLP
KPMG LLP, the audit, tax and advisory firm (www.kpmg.com/us), is the U.S. member firm of KPMG International Cooperative (“KPMG International”). KPMG International’s member firms have 152,000 professionals, including more than 8,600 partners, in 156 countries.
Astrus is a secure, online due diligence solution which provides a robust and cost-effective way to obtain tailored insights and assess risks associated with customers, agents, vendors and other counterparties. Astrus offers enhanced integrity due-diligence, high level sanction, politically exposed person screenings as well as, negative media searches. Such reviews could then be supplemented as necessary with full scope, on the ground corporate intelligence investigations as required.
Contact: Anayo Afolabi