Skip to content

How does third-party risk impact supply chains?

Phil Cotter
Phil Cotter
Managing Director, Risk business at Refinitiv

In February 2020, a Refinitiv-commissioned survey asked almost 1,800 global third-party relationship, risk management and compliance professionals about the scale, impact, and challenges of third-party risk, and how it affects supply chains. What did the survey reveal to be the most significant threats facing corporate organizations?


  1. A Refinitiv-commissioned survey has revealed the challenges of hidden threats that respondents may face, in particular with regard to the impact on their supply chains.
  2. Around 60 percent are not fully monitoring third parties for ongoing risks, and 43 percent of third parties do not receive due diligence checks. The survey also identified gaps in compliance procedures and concerns over a lack of data.
  3. Also highlighted was the rising threat of green crime. Among institutional investors, 84 percent stated that ‘greenwashing’ — providing misleading environmental credentials — is becoming increasingly common.

A Refinitiv-commissioned online survey of global third-party relationship, risk management and compliance professionals in corporate organizations across 16 countries focused on understanding the scale, impact, and challenges surrounding third-party risk, and how they affect supply chains.

The challenges of third-party risk

Three-quarters of respondents felt that third-party relationships can deliver exceptional benefits. A significant 74 percent of respondents said that these relationships have enabled their companies to be more flexible and competitive.

Read the report — The real risks: Hidden threats within third-party relationships

Nonetheless, third parties introduce a host of potential risks and challenges. One challenge is the sheer size of many third-party networks. The average size of these networks among respondents was 9,375.

Given these numbers, it is unsurprising that many organizations fall short in their due diligence efforts.

43 percent of third parties do not undergo due diligence checks. The state of third-party risk in 2020

In fact, a staggering 43 percent of third parties do not undergo due diligence checks, indicating clear gaps in formal compliance. Moreover, this is 6 percent higher than the figure reported by the same countries in our 2016 survey, indicating that the due diligence challenge is growing.

The situation is graver with regard to ongoing monitoring. Sixty percent of respondents confirmed that they are not fully monitoring third parties for ongoing or emerging risk, while 62 percent do not even know the extent to which third parties are outsourcing work.

These gaps and omissions are highly concerning. Companies today operate in a stringent regulatory landscape, in which enforcement is becoming increasingly onerous. In 2019, companies received penalties totaling a record US$2.9 billion under the U.S. Foreign Corrupt Practices Act (FCPA), and many individuals within those companies were found to be liable for breaches.

COVID-19 global cumulative cases and fatality rate analysis stats graphs

To compound these challenges, the COVID-19 pandemic has exponentially increased the stress on global supply chains and provided fresh opportunities for criminals to exploit and defraud companies and government agencies.

Companies urgently need to find new ways to better identify and manage third-party risk.

Jürgen Stock, Secretary General, INTERPOL quote.

Listen: How to Manage Supply Chain Risk: COVID-19 Challenges and Digital Verification & Onboarding in 2020

How do gaps in data affect supply chains?

The survey also identified significant gaps in compliance procedures, as well as concerns over a lack of data.

Only approximately half (51 percent) of respondents were able to confirm that they have procedures fully in place for third-party compliance. Even fewer (42 percent) keep fully abreast of regulatory information.

Moreover, 37 percent of respondents cited a lack of data as the biggest problem they face in identifying risk within their supply chains. Access to reliable, holistic data is crucial for the effective identification and mitigation of risk.

This data gap, combined with the sheer volume of third parties that organizations must monitor, has led to resources becoming stretched. Nearly one-third of respondents (32 percent) said a lack of time and money constrained their ability to identify risks.

53 percent of respondents say that they would report a third-party breach internally and only 16 percent would report it externally. The state of third-party risk in 2020

How technology can help compliance

On a more positive note, once these data challenges have been addressed, leading-edge technology can optimize efficiency levels, save time, and curb costs for over-stretched compliance teams.

Refinitiv’s end-to-end approach to third-party risk management delivers a complete solution from initial screening and due diligence through to onboarding and monitoring third parties.

Our unrivaled breadth and depth of data, technology and human expertise can empower compliance teams to find and mitigate risk, even within vast global relationship networks.

Watch — How to manage supply chain risk: COVID-19 challenges, and digital verification and onboarding in 2020

The threat of green crime

In the survey, nearly two-thirds (65 percent) of respondents revealed that they know or suspect that their third parties may have been involved in a range of illegal, environmentally damaging activities.

Meanwhile, separate Refinitiv research gathered the opinions of 250 global institutional investors in February 2020. The vast majority (84 percent) believed ‘greenwashing’ — providing misleading environmental credentials — is becoming more common.

Respondents said that they regularly use the Illegal Logging Prohibition Act (64 percent) and Conflict Minerals Rule (67 percent) to inform decisions on third-party risk management.

However, despite apparent awareness of green regulations, a persistent stumbling block in addressing green crime is a lack of clarity on how to evaluate the environmental risks associated with third parties.

Refinitiv environmental, social and governance (ESG) data, which covers nearly 70 percent of global market cap and includes over 400 metrics, can help organizations monitor third-party environmental performance.

We are also driving awareness and global collaboration to accelerate sustainable finance, and have joined The Future of Sustainable Data Alliance (FoSDA), working in partnership with the World Economic Forum to use data to make advances in this critical area.John Cusack, Ambassador, United for Wildlife Financial Taskforce quote

Adopting an intelligent approach

The competitive pressures that organizations face in an increasingly globalized world can easily translate into heightened risk-taking. Sixty-three percent of respondents agree that the economic climate is encouraging organizations to take regulatory risks in order to win new business.

The good news is that, with reliable access to better data, the right technology and collaboration  — between organizations, NGOs, governments, and regulators — third-party risk can be successfully managed and mitigated.

This begins by building enhanced transparency and resilience into global supply chains, making them more robust. Thorough due diligence can play a pivotal role in achieving this by pinpointing the risks that threaten supply chain stability.

Herein lies an opportunity for forward-thinking organizations to address the ever-present challenge of third-party risk, and to transform a growing threat into a valuable competitive advantage.

The real risks: Hidden threats within third-party relationships. The state of third-party risk in 2020