Due Diligence Best Practices to Support Your COVID-19 Recovery Efforts

The COVID-19 pandemic is altering global supply chains in ways that will not be recognizable when compared to the outbreak. Third parties up and down a company’s supply chain network are experiencing various levels of disruption, and many are unlikely to survive. Of those that do survive, many are likely to emerge in a different form. Geographic concentration, once seen as a supply chain strength, is increasingly identified as a weakness to be corrected. As a result, even with the various support efforts governments are enacting, COVID-19 is likely to have a lasting effect on global supply chain networks.

Because of these changes, companies that rely upon global supply chains will face increased pressure to more effectively and efficiently manage their third-party risk. On the one hand, they need to rapidly identify, screen and onboard new third parties to replace those that can no longer meet their firm’s needs due to COVID-19 disruptions. At the same time, however, companies need to continue to minimize their exposure to the legal and reputational risk inherent in relying upon third parties as part of their supply chain network. While regulatory agencies have stated that they will consider COVID-19 impacts when investigating violations, they have not given companies a blank check to disregard their regulatory obligations when it comes to third parties.

Supply Chain Networks After COVID-19

It is increasingly obvious that the supply chain networks that emerge from the COVID-19 crisis are likely to differ significantly from how they looked just a few short months ago.

• Many companies will likely no longer exist due to bankruptcy. A wave of bankruptcies and closures are hitting businesses across multiple industry sectors. While the airline, trucking and logistics industries are heavily hit, no industry is immune. Any small and medium-sized enterprises in your supply chain network that lack the cash reserves to outlast the outbreak are also in a precarious situation. In addition, any company that was in financial trouble heading into the crisis is unlikely to survive. As a result, many of your long-time supply chain partners may no longer be viable options in the future.
• Some of those companies that do survive will emerge in a different form. One strategy for surviving is to significantly modify your business structure or operations. Therefore, the frequency of divestitures and restricting is likely to increase. Certain business units or facilities may be shut down or sold off, impacting the vendor’s ability to meet your needs. Furthermore, capacity may be severely diminished due to employee layoffs.
• Certain third parties may have new ownership. In the current environment, investors and private equity firms will be looking for investment opportunities given the climate of distressed companies and cheap debt finance. Companies will also be desperate for quick infusions of capital to help stave off bankruptcy. The growth of government stimulus programs around the globe could even lead to the quasi- or actual nationalization of previously private companies. As a result, ownership of one of your current partners could change suddenly, potentially causing a third party’s risk profile to change as well.
• Many companies around the globe will continue to be at risk of periodic COVID-19 disruptions. Virologists are increasingly raising concerns that a second wave of the disease could occur later this year. These outbreaks and subsequent disruptions are likely to be localized and hard to predict, injecting additional uncertainty into supply chain networks. Third parties currently operating may be again suddenly taken offline in the future.
• Third parties that are geographically concentrated may become a liability. Until this crisis, having suppliers in the same region was viewed as a positive attribute. However, the pandemic has shown that having multiple tiers of suppliers co-located can rapidly undermine a supply chain if that jurisdiction suffers another similar disruption. Geographic diversification of third parties will therefore become a new mantra, especially for key supply chain partners.

Impacts Upon Third-Party Compliance Programs

These changes to global supply chain networks post COVID-19 are likely to create new pressures on third-party compliance programs, such as these following:

• The need to rapidly and efficiently screen and onboard large numbers of new third parties. As business units across the enterprise rush to replace previously relied upon supply chain partners, they will look to compliance teams to facilitate a rapid onboarding process. More than ever, compliance programs risk being accused of “holding up business” if they are unable to meet this internal demand.
• The need to conduct due diligence on third parties in potentially new, unfamiliar jurisdictions. As companies seek to increase supply chain resiliency, they will prioritize diversifying their vendor locations. To support this shift, compliance teams will need to know how to conduct and assess due diligence on subjects in jurisdictions they may not have covered previously.
• The ability to quickly and efficiently rescreen existing third parties. Knowing who you are truly conducting business with is not just sound business practice, but also a regulatory requirement in some jurisdictions. Therefore, ownership changes at an existing third party could cause that company’s risk profile to change. For example, a previously unproblematic supplier may now exposure a firm to risk if the supplier’s new owners are politically exposed or even sanctioned.
• The requirement to monitor existing third parties post-onboarding. Crises often cause companies to take drastic measures to bring products or services to market faster. The severity of the COVID-19 outbreak will likely lead to an increase in the number of companies around the globe involved in illicit activities, such as bribery, in order to improve their chances of recovery.
• The need to “do more with less.” Tightening budgets will be a major theme for most companies as they struggle to recover from this crisis. As a result, compliance teams will be pressured to identify ways to reduce their resources required while still ensuring their organization’s regulatory obligations.

Leveraging Due Diligence Best Practices to Help Your Firm Recover

Without a doubt, these pressures will increase the challenge facing compliance teams seeking to carry out their tasks. However, there are some due diligence best practices that compliance officers can draw upon to help their company recover while also ensuring that it remains compliant with third-party regulatory requirements.

Understand your current third-party ecosystem. More than ever, this is a necessary first step to minimizing your firm’s exposure to third-party risk. The more you know about your supply chain partners, the better you will be able to assess their risk profile and prioritize your limited resources when conducting due diligence. Here, it is necessary to have a basic understanding of all third parties across the enterprise, not just those dealing with specific business units.

Ensure a risk-based due diligence approach. A one-size-fits-all due diligence program is both ineffective and wasteful. Not all third parties are equally risky; therefore, they don’t all require the same level of screening. Develop an objective, relevant risk taxonomy for your third parties to help you assess their relative risk. At a minimum, consider using criteria such as industry sector, jurisdiction and type of the third party; the nature and size of your relationship; and, especially, the third party’s relationship, if any, with government entities. Use this taxonomy to segment your supply chain partners in risk-ranked categories so you can focus your limited resources on your riskiest relationships.

Conduct proactive due diligence on potential alternate third parties. Screening potential backup third parties could help your firm minimize the time to onboard an alternate should a current partner be adversely affected by the pandemic. It could also prevent your firm from scrambling at the last minute if any red flags arise during your onboarding process. At a minimum, consider prescreening backups for critical third parties, namely those that provide a mission-critical product or service.

Establish an ongoing monitoring plan. Third-party risk unfortunately never ends with the onboarding process, as risk profiles are likely to change over time — especially in the current environment. Stay ahead of any sudden red flags by continually monitoring your existing third-party relationships to rapidly identify emerging risk-relevant developments. Consider leveraging a technology solution to more efficiently and cost effectively monitor your pool of third-party partners.

Leverage technology to efficiently conduct your due diligence. Using a technology-driven third-party management system can save your program time and money. The more automated the process, the more accurate and objective the process, and the less resources and time required. A technology solution also ensures transparency in the hopefully unlikely event of an audit. Finally, a centralized system helps prevent inadvertent dissemination of proprietary or controlled information when compared to less secure communication channels, such as email.

Conclusion

Unfortunately, the reality is that COVID-19 will continue to impact companies and the global supply chains upon which they rely for the foreseeable future, even after the pandemic peaks. While a firm’s due diligence program is not the silver bullet to a successful emergence from this crisis, it can and should play a supporting role. Identifying and implementing ways to more rapidly, efficiently and cost effectively screen and monitor third parties not only further minimizes your company’s exposure to risk, but it also directly contributes to its recovery efforts.