Skip to content

Third-party risk management and effective onboarding

A Refinitiv survey on companies’ third-party risk onboarding practices gave insight into some of the fast-growing areas of concern and why an effective onboarding programme is a valuable first step in wider third-party risk management strategies.

  1. Putting in place an effective third-party onboarding process is key to a robust risk management programme.
  2. Onboarding of third parties should include many more elements than just due diligence screening, including such elements as questionnaires and interviews, and reviews of any past misconduct and of ultimate beneficial owners (UBOs)..
  3. Partnering with an external vendor of third-party on-boarding workflow solutions makes sense and can help to create an effective compliance programme.

For more data-driven insights in your Inbox, subscribe to the Refinitiv Perspectives weekly newsletter.

Against a backdrop of ever-expanding legislation and a strict regulatory environment, companies need to remain cognisant of the potential risks that surround third-party relationships.

Third-party risk

Poor onboarding processes and a lack of oversight when onboarding third-parties can substantially raise the risk of inadvertently engaging with a third-party involved in or linked to financial or environmental crime. The potential consequences of this include enforcement action, financial penalties and even significant reputational damage.

In addition, engaging with unsuitable or unreliable third-parties can lead to financial loss and supply chain inefficiencies.

The good news is that formulating an effective third-party onboarding process delivers many benefits, from lowering risk by avoiding problematic third-party relationships to boosting the bottom line through consistently aligning with high-value business partners.

Read the white paper: Efficient, Effective Onboarding – The first step in third-party risk management

Effective onboarding

Companies appear to be well aware of the value of effective onboarding.

Refinitiv’s 2020 Third-Party Onboarding and Risk Management Survey found that nearly 70 percent of respondents agree that third-party onboarding processes are essential within their companies.

Determining the risk level or relative risk of a third-party is a central aim of the onboarding process, and best practice outlines that those third-parties with medium or high risk scores should undergo further assessment.

According to survey respondents, their onboarding processes resulted in an average of 19 percent of third-parties being rated as “high risk”, with 30 percent receiving a “medium risk” score. This means that nearly half (49 percent) of third-parties that undergo an onboarding process receive a risk score that flags the need for further scrutiny.

This undoubtedly highlights the value of thorough and well-planned onboarding processes as an essential part of wider risk management.

It is also important to remember that effective onboarding is broader than straightforward due diligence or screening, and should include other elements to mitigate risk including, but not limited to:

  • Questionnaires and interviews
  • Screening
  • Checks on names of owners and executives
  • A review of any past misconduct
  • A review of the ultimate beneficial owners (UBOs)
  • Credit checks and a review of financials
  • Investigations into possible interaction with the government
  • Investigations into the use of intermediaries/sub-contractors
  • Onsite and/or remote audits

Key elements to consider

Our white paper delves into the various elements of a typical onboarding programme, taking an in-depth look at common and essential aspects (such as questionnaires), as well as other important elements (such as interviews) that are typically limited to high risk or high-value third-parties.

Our survey participants had the following responses around what elements were included in their onboarding processes

The paper also examines the use of discreet and indiscreet tactics during third-party onboarding processes, and looks at the role of technology, before outlining key considerations relating to the analysis of gathered information.

Notably, a risk-based approach should be employed when formulating an onboarding strategy, as this will ensure that resources are used as wisely as possible.

Companies need to consider exactly which third-parties will be in scope. For example, company policy may require all third parties to be subject to formalised onboarding, or there may be exceptions for third-parties that are engaged on a one-off basis, or where the value of business channelled through them is very low.

Our paper also highlights that some of the fastest growing areas of concern when a third-party is being onboarded are those related to environmental, social and governance (ESG) risks.

While many companies have focused on the more traditional legal risks, such as bribery and fraud, there is a growing trend to focus on ESG and sustainability concerns.

An opportunity to differentiate

A third-party onboarding function that is agile and efficient can quickly become a key point of differentiation for companies.

An effective onboarding methodology not only makes it easier to meet regulatory demands, but also can deliver a range of benefits.

For example, those firms that treat this essential element of their strategy as a business development tool rather than a straight cost of risk management can not only minimise their risk exposure, but can also more easily identify high-value, ethical third-parties with the right business values.

Partnering with an external provider of onboarding workflows is a viable solution for many firms. Access to the right advice and leading-edge onboarding technology are both key to creating an effective compliance programme that is able to develop and change over time in the same way that business relationships change and evolve.

Read the white paper: Efficient, Effective Onboarding – The first step in third-party risk management