{{item.title}}
{{item.text}}
{{item.title}}
{{item.text}}
Organisations that are typically dependent on their vendors’ and suppliers’ ability to deliver in compliance with their requirements are likely to be affected as third-party providers may be dealing with issues related to remote working, supply chain interruptions, distribution delays, service level instability and many other potential developments.
Getting the required levels of critical information to support third-party compliance may not be possible with the standard tools, software and processes in place. These may prove inefficient or insufficient in terms of providing the depth, scope and frequency of information that is likely to be necessary.
To help you, we have created an overview of scenarios, suggested activities and guiding questions for responding to the crisis and recovering the business. As the progress of COVID-19 is hard to predict you might find your business switching between these two phases.
Organisations that are typically dependent on their vendors’ and suppliers’ ability to deliver in compliance with their requirements are likely to be affected as third-party providers may be dealing with issues related to remote working, supply chain interruptions, distribution delays, service level instability and many other potential developments.
Getting the required levels of critical information to support third-party compliance may not be possible with the standard tools, software and processes in place. These may prove inefficient or insufficient in terms of providing the depth, scope and frequency of information that is likely to be necessary.
As the duration of this crisis is still unknown, organisations should focus their continuous scrutiny of third-party compliance on critical points of failure.
Here are some questions to consider if it is essential to your value chain that third parties comply with your requirements:
Observations suggest that the following areas might be interrupted due to COVID-19.
Financial health and resilience |
Compliance with your requirements |
Business continuity resilience (cyber and operational) | |
Description | The economic cost of the crisis is steadily increasing. The financial health and resilience of critical vendors and suppliers is as important as ever. |
Your organisation’s third parties are likely to go through the same challenges in terms of internal controls, which in turn may impact their ability to comply with contractual terms and conditions. | With employees having to work offsite, some of your third parties may have to:
Additionally, key control owners you typically interact with may become unavailable. |
Consequences if interrupted | Third-party providers may fail to notify your organisation about major developments (e.g. bankruptcy) and your organisation will need to implement emergency workarounds should they still be applicable. |
Non-compliance may impact the quality and levels of supply and services delivered, which in turn will jeopardise your organisation. |
|
COVID-19 will affect organisations to different degrees, requiring several actions.
Details | The processes and channels for collecting third-party financial health, operational resilience and compliance information provide timely input. | Several third parties start to struggle and the processes and channels for collecting third-party compliance information are not sufficient to make informed decisions. | Key third-party providers start to struggle and/or key individuals fail to provide critical information. The processes and channels for collecting third-party compliance information fail. |
Functional impact |
|
|
|
Proposed actions |
|
|
|
The risks arising from the COVID-19 crisis are evolving fast and rippling through the value chain of organisations and their third-party providers’ value chains.
Financial risk should be considered as an immediate priority. It is often the starting point for other risks to impact organisations’ value chains.
Standard financial risk rating may not be relevant or reliable any longer. Adapting financial risk assessments to organisations’ own risk frameworks and monitoring financial risk on a more frequent basis may be necessary in the medium to long term.
If you find your business moving from the response to the recovery phase of the crisis the following key considerations and recommendations might be useful to you.
1. Review and redefine third-party risk framework | 2. Gap assessment | 3. Execute assessment | 4. Act on high-risk third parties | 5. Ongoing monitoring of third parties |
|
|
|
|
|
The next steps to deal with the “new normal” vary based on job roles and companies. We have created an overview with possible actions and suggestions on planning and getting ahead for upcoming phases of the crisis.
Short-term | Medium-term | Long-term | |
CFO Compliance officer Third-party compliance department |
|
|
|