Blog

Third-party Due Diligence – Red Flags, Regulations and 5 Ways to Enhance It

Richard Marley
July 19, 2021
6 minutes read
70

The majority of businesses depend upon a third-party in one way or the other. Contractors, suppliers, intermediaries, vendors and several other third-parties have become effective means of business expansion and building networks. As convenient as it sounds, there are several risks associated with the idea. According to a Deloitte survey, 87% of organisations have faced some disruption due to vendors which has motivated them to employ third-party due diligence before onboarding suppliers.

Considering the increase in fraudulent activities, regulatory authorities are emphasizing the need for robust third-party due diligence protocols to keep perpetrators at bay, making business operations smoother. Here’s a brief of why companies need third-party due diligence and how the system can be improved.

What is Third-party Due Diligence?

To avoid potential risks that a third-party poses on organisations, businesses conduct third-party due diligence to make sure they are in touch with a legitimate third-party. Also known as vendor due diligence, the process lets companies evaluate all possible risks associated with an entity during onboarding and on an ongoing basis.

When Do Businesses Need Third-party Due Diligence?

There are several red flags that help enterprises identify third-parties as high-risk. Here are the top ten red flags that all regulatory bodies have identified.

The third party belongs to a high-risk jurisdiction
Poor business reputation
Has been in the headlines for corruption or money laundering
Has dissolved contracts with other companies for illegal activities
Associated with a government body
Requests for offshore payments
Meetings with a government official
A government authority is the major shareholder
Lack of compliance and code of conduct
Rumours say that there is an undisclosed shareholder

Compliance Requirements for Third-party Due Diligence

Given the high level of risk your company might face because of a third party, financial watchdogs across the globe have proposed a framework for third-party due diligence.

FATF’s Recommendation 17

With reference to Article 10 and 11, Article 17 of the Financial Action Task Force (FATF) makes it mandatory for financial institutions to evaluate third-parties before doing any business with them. As per the Recommendation, a financial institution that depends upon a third party must obtain all information described in Article 10 of the 40 recommendations of the watchdog. Moreover, the financial institution must conduct all possible identification procedures to prove authenticity/legitimacy of the entity. Lastly, the FI must ensure whether the intermediary is complying with all the regulations or not.

FinCEN’s Final Rule

The Final Rule from FinCEN amends the Bank Secrecy Act (BSA) and prevents criminals from accomplishing their illicit goals through financial institutions. The Rule clarifies due diligence requirements for third-parties and FIs. Here are the four primary requirements as stated in the law:

Identification and verification of the client’s identity
Verification of beneficial owners is compulsory
Development of customer risk profiles based on the nature of the business relationship
Identification and reporting of suspicious activities through ongoing customer due diligence

FINTRAC’s Section 32

The Canadian regulatory body FINTRAC, emphasizes businesses to conduct third-party due diligence:

If a large cash transaction is reported (above $10,000)
If a large virtual currency transaction is conducted (this is subject to the 24-hour rule)
If a casino disbursement has to be reported
For an account opening application

Top 5 Ways to Enhance Third-party Due Diligence

Perpetrators are always searching for loopholes in due diligence procedures so they can enter the business ecosystem. However, with these five tips, you can have a top-notch vendor due diligence system that can help you run a risk-free business.

1. Understand the Laws First

Understanding the laws is an integral part of developing a due diligence process for third-party screening. Your due diligence protocols must effectively comply with all the state’s and global regulations. Taking a look at the regulations will help you structure the perfect solution, onboard legitimate vendors, effectively complying with the laws, and preventing fraud.

2. Classify the Risks

Every third-party you onboard will not come with the same risk. Compliance risk, transactional risk, reputational risk, strategic risk, and operational risk are the most common types of risks that come with vendors. Classify the risk to better understand the due diligence protocols and conduct identity verification based on the associated risk.

3. Define the Perfect Process

Have you evaluated the due diligence process yet? The process of your due diligence system lets you onboard legitimate third-parties effortlessly. How about an AI-driven screening solution that has a frictionless process and can verify all your suppliers, vendors and other third parties in less than a minute against 1700+ global watchlists? You just have to integrate the API and relax. The rest is on us.

4. Verify Third-party on the Business Relationship

A well-defined and automated screening process is the heart of the onboarding process. However, to ensure efficiency of the system, you must define your relationship with the third-party. Is it a supplier you want to screen? How long has it been since the intermediary was onboarded?

5. Audit the Due Diligence Process

Never forget to audit the process and its outcomes. The verification results are crucial for a business. Set certain metrics to define the onboarding criteria and evaluate the accuracy of the system on these parameters for higher authenticity of the onboarding process.

Get the Best of the Best with Shufti Pro’s Business Verification

Shufti Pro is a globally acclaimed identity verification service provider that is offering customer due diligence and identity verification solutions in 230+ countries and territories supporting more than 3000 identity document types. Considering the high level of risk third-party poses to an organisation, Shufti Pro screens intermediaries against global watchlists like PEPs, OFAC, and UN. The process takes about 30 seconds to complete, and you have a legitimate client onboard in the blink of an eye.

Verify, screen and onboard the right business partners with Shufti Pro. Want to know more about customer due diligence? Get in touch with our experts.

Talk to Experts

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
HKMA Issues Guide for Regtech Adoption in Customer Monitoring
What is Third-party Due Diligence?
When Do Businesses Need Third-party Due Diligence?
Compliance Requirements for Third-party Due Diligence
Top 5 Ways to Enhance Third-party Due Diligence
Get the Best of the Best with Shufti Pro’s Business Verification
The second guide published by the HKMA will allow banks to test their internal measures and infrastructure capabilities for the adoption of Regtech solutions.

As part of a two-year roadmap, the Hong Kong Monetary Authority (HKMA) has published its second issue, the Regtech Adoption Practice Guide, to promote the adoption of regtech solutions in the banking sector. The new issue follows the first guide, which focused on the adoption of cloud-based regtech solutions.

In January, the HKMA published case studies that highlighted the benefits of adopting regtech solutions, particularly for meeting Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) compliance targets.

The new guide adds to the previous publication and focuses more on the benefits of adopting regtech solutions in the area of customer monitoring – a task that is necessary for banks to perform to stay AML/CFT compliant.

The guide states that these solutions are of the essence, as manual processes are becoming a thing of the past. Additionally, regtech solutions can enable banks to stay up-to-date and collect necessary information related to customers and their transactions.

“This information is essential to understanding whether the purpose and intended nature of the customer’s activities are commensurate with its risk profile and the nature of the business relationship”, the guide states.

The HKMA adds that while the adoption of advanced technologies such as machine learning and cognitive solutions is still in its emergent stage, they are the prime areas of growth.

HKMA Issues Guide for Regtech Adoption in Customer Monitoring – Regulation Asia: HKMA Issues Guide for Regtech Adoption in Customer Monitoring Regulation Asia https://t.co/GdiOxrrPNY pic.twitter.com/I6UF1tJGRc

— Financely (@financelygroup) July 27, 2021

The Guide also highlights the major bottlenecks and pain points that banks face during customer monitoring, which regtech solutions can easily address. Key developments in the industry and possible regtech applications are also outlined.

The Guide consists of practical guidelines that banks can follow to automate ongoing monitoring of customers.

The Regtech Adoption Practice Guide can be viewed here.

Suggested Read: RegTech facilitates effortless AML Compliance

Third-party Due Diligence – Red Flags, Regulations and 5 Ways to Enhance It

What is Third-party Due Diligence?

When Do Businesses Need Third-party Due Diligence?