Third-party Due Diligence – Red Flags, Regulations and 5 Ways to Enhance It

  • Richard Marley
  • July 19, 2021
  • 6 minutes read
  • 230

The majority of businesses depend upon a third-party in one way or the other. Contractors, suppliers, intermediaries, vendors and several other third-parties have become effective means of business expansion and building networks. As convenient as it sounds, there are several risks associated with the idea. According to a Deloitte survey, 87% of organisations have faced some disruption due to vendors which has motivated them to employ third-party due diligence before onboarding suppliers. 

Considering the increase in fraudulent activities, regulatory authorities are emphasizing the need for robust third-party due diligence protocols to keep perpetrators at bay, making business operations smoother. Here’s a brief of why companies need third-party due diligence and how the system can be improved. 

When Do Businesses Need Third-party Due Diligence?

There are several red flags that help enterprises identify third-parties as high-risk. Here are the top ten red flags that all regulatory bodies have identified. 

  • The third party belongs to a high-risk jurisdiction 
  • Poor business reputation 
  • Has been in the headlines for corruption or money laundering 
  • Has dissolved contracts with other companies for illegal activities
  • Associated with a government body 
  • Requests for offshore payments
  • Meetings with a government official 
  • A government authority is the major shareholder 
  • Lack of compliance and code of conduct
  • Rumours say that there is an undisclosed shareholder 

Suggested: High-Risk Transactions – How Can Enhanced Due Diligence (EDD) Help? 

Compliance Requirements for Third-party Due Diligence

Given the high level of risk your company might face because of a third party, financial watchdogs across the globe have proposed a framework for third-party due diligence. 

FATF’s Recommendation 17 

With reference to Article 10 and 11, Article 17 of the Financial Action Task Force (FATF) makes it mandatory for financial institutions to evaluate third-parties before doing any business with them. As per the Recommendation, a financial institution that depends upon a third party must obtain all information described in Article 10 of the 40 recommendations of the watchdog. Moreover, the financial institution must conduct all possible identification procedures to prove authenticity/legitimacy of the entity. Lastly, the FI must ensure whether the intermediary is complying with all the regulations or not.  


FinCEN’s Final Rule

The Final Rule from FinCEN amends the Bank Secrecy Act (BSA) and prevents criminals from accomplishing their illicit goals through financial institutions. The Rule clarifies due diligence requirements for third-parties and FIs. Here are the four primary requirements as stated in the law:

  1. Identification and verification of the client’s identity
  2. Verification of beneficial owners is compulsory 
  3. Development of customer risk profiles based on the nature of the business relationship 
  4. Identification and reporting of suspicious activities through ongoing customer due diligence 

FINTRAC’s Section 32 

The Canadian regulatory body FINTRAC, emphasizes businesses to conduct third-party due diligence:

  • If a large cash transaction is reported (above $10,000)
  • If a large virtual currency transaction is conducted (this is subject to the 24-hour rule)
  • If a casino disbursement has to be reported 
  • For an account opening application

Top 5 Ways to Enhance Third-party Due Diligence 

Perpetrators are always searching for loopholes in due diligence procedures so they can enter the business ecosystem. However, with these five tips, you can have a top-notch vendor due diligence system that can help you run a risk-free business. 

1. Understand the Laws First 

Understanding the laws is an integral part of developing a due diligence process for third-party screening. Your due diligence protocols must effectively comply with all the state’s and global regulations. Taking a look at the regulations will help you structure the perfect solution, onboard legitimate vendors, effectively complying with the laws, and preventing fraud. 

2. Classify the Risks

Every third-party you onboard will not come with the same risk. Compliance risk, transactional risk, reputational risk, strategic risk, and operational risk are the most common types of risks that come with vendors. Classify the risk to better understand the due diligence protocols and conduct identity verification based on the associated risk.

3. Define the Perfect Process

Have you evaluated the due diligence process yet? The process of your due diligence system lets you onboard legitimate third-parties effortlessly. How about an AI-driven screening solution that has a frictionless process and can verify all your suppliers, vendors and other third parties in less than a minute against 1700+ global watchlists? You just have to integrate the API and relax. The rest is on us. 

4. Verify Third-party on the Business Relationship 

A well-defined and automated screening process is the heart of the onboarding process. However, to ensure efficiency of the system, you must define your relationship with the third-party. Is it a supplier you want to screen? How long has it been since the intermediary was onboarded? 

5. Audit the Due Diligence Process

Never forget to audit the process and its outcomes. The verification results are crucial for a business. Set certain metrics to define the onboarding criteria and evaluate the accuracy of the system on these parameters for higher authenticity of the onboarding process. 

Get the Best of the Best with Shufti Pro’s Business Verification

Shufti Pro is a globally acclaimed identity verification service provider that is offering customer due diligence and identity verification solutions in 230+ countries and territories supporting more than 3000 identity document types. Considering the high level of risk third-party poses to an organisation, Shufti Pro screens intermediaries against global watchlists like PEPs, OFAC, and UN. The process takes about 30 seconds to complete, and you have a legitimate client onboard in the blink of an eye. 

Verify, screen and onboard the right business partners with Shufti Pro. Want to know more about customer due diligence? Get in touch with our experts.