Study warns of complacency in third-party vetting

Supplier vetting policies within UK corporates are poorly understood and inconsistently applied, according to a study looking at the third-party risk management practices.

The study, conducted by Dow Jones Risk & Compliance in August, examined 250 companies across the engineering and construction, oil and gas, IT and technology, media and telecoms, and manufacturing sectors.

The report’s authors say that as much as a third of new supplier onboarding undertaken in the last 12 months is likely to have been executed incorrectly, as over half of the procurement professionals surveyed said they were not confident that existing suppliers had been vetted properly.

With procurement professionals anticipating a doubling of third-party relationships in the next three years, these are particularly concerning figures.

General manager of Dow Jones Risk & Compliance, Guy Harrison, said compliance cannot be taken lightly. "With global supply chains becoming ever more complex, managing regulatory and reputational risk necessitates a rigorous approach to the vetting and onboarding of third-party vendors and suppliers. This research reveals significant gaps in the implementation of third-party risk management processes, as well as a lack of business-wide understanding about the risks such processes are designed to address,” he said. “With enforcement action on the rise, compliance simply isn’t the place to cut corners. UK businesses need to address blind spots around third-party risk management as a matter of urgency.”

Jim Lord, former FCPA prosecutor, added: “This survey suggests that compliance officers need to have visibility over the entire third party onboarding process and not just leave it to procurement to get it right. A consistent risk-based approach implemented throughout the organisation with oversight from compliance is a critical component of having ‘adequate procedures’ in place.”


Report findings: Cutting corners with compliance (Source: Dow Jones Risk & Compliance)

Conducted in August, the study examined 250 companies across the engineering and construction, oil and gas, IT and technology, media and telecoms, and manufacturing sectors.

• 31% of the third parties that businesses work with are considered ‘high
risk’

• 50% say that the time required to vet suppliers results in corners being cut to do business faster

• A third of all new supplier onboarding undertaken in the last 12 months was likely to have been executed incorrectly

• Over half of procurement professionals are not confident that existing suppliers have been vetted properly

• 41% say senior-level relationships influence the level of supplier vetting

• Less than half (45%) have regular and training certification programmes to ensure the code of conduct for third-party risk management is fully understood and applied

    Share Story:

Recent Stories


Financial institutions were early adopters of cyber security and insurance. Are they still on top of the game?
Managing huge amounts of sensitive data online makes financial institutions a prime target for hackers. As such, the sector was an early cohort for insurers in creating cyber cover. Since then, the market has evolved almost beyond recognition. It continues to challenge itself to this day, complying with rigorous regulatory demands and implementing avant-garde enhancements to keep abreast of the ever-changing risks. Published June 2021

Manufacturing: An industry at risk amid great technological change
Of the many sectors of business, manufacturing companies are among the most at risk from cyber threats. How has the sector evolved to make it so vulnerable and what does the task of managing cyber exposure in a manufacturing company look like? CIR’s latest podcast with Tokio Marine HCC sought to answer all these questions and more. Published April 2021