Know your vendor - 5 best practices for your company
Vendors provide the mission-critical goods and services you need, but reliance on third-party partners involves risk. As the regulatory environment grows more complex, visibility into your global supply chain is vital to the long-term success of your business. Lack of visibility can expose you to interruptions in the procurement of raw materials, a decline in business revenue, costly fines, and reputational damage.
While monitoring risk across every business and corporate entity you rely on can be overwhelming, it doesn’t have to be. Companies can simplify and streamline the vendor-vetting process by implementing data technology solutions that immediately identify risks and allow teams across the enterprise to collaborate. Know-your-vendor (KYV) solutions reduce your risk exposure by providing critical insights on everyone who plays a role in your global supply chain.
Following five best KYV practices will further help ensure that you thoroughly vet potential vendors and protect your bottom line.
1. Conduct thorough vendor due diligence
The more you know about your vendors, the easier it is to assess the risk they may pose.
An essential part of a robust risk compliance program and vendor onboarding, vendor due diligence (VDD) protects your business from a vendor’s potential involvement in fraud, corruption, money laundering, terrorist financing, and other illicit activities. It requires vendors to submit information that confirms the company is legitimate and licensed to do the work you need and is conforming with the law and applicable regulations.
VDD involves collecting and evaluating information you can use to verify the identity of your vendors and understand their business activities. The VDD data you collect should also allow you to rank the financial, regulatory, and reputational risk potential vendors may pose and develop a risk profile for each vendor.
Financial risks extend beyond vendor onboarding
Vendor monitoring should be an ongoing practice. Companies need to identify and track any issue that could disrupt their supply chains during the life of the contract. Interruption of activity and breaks in the supply chain can negatively affect business revenue.
Regulatory risks can lead to penalties and supply chain disruptions
As governments and regulatory agencies around the world combat criminal activity, effective VDD processes need to ensure that your vendors are in compliance with the latest regulations and ethical business practices.
Reputational risks can emerge anywhere in the supply chain
Your vendor network is an extension of your enterprise. In the age of the 24/7 news cycle and viral social media posts, companies need to keep track of potentially damaging business practices in their supply chains. Negative news and false information can spread across the web in an instant.
Ongoing monitoring includes a close evaluation of financial transactions, operations, and adverse media. Tools that use third-party data sources to continually monitor risk allow you to track vendor activities in real time, without having to rely on manual processes or questionnaires.
2. Automate processes to gain efficiencies
Most countries around the world continually update sanctions lists. Companies that operate in many different jurisdictions must scramble to track down the latest version of each list and check it for matches. Manually consulting sanctions lists for bad actors is time consuming and labor intensive.
If your VDD process still relies on manual spreadsheets, implementing automated know-your-vendor technology will change the way you onboard and monitor vendors. Automated KYV systems allow you to:
- Upload an existing list directly into an automated tool and start monitoring immediately.
- Monitor your subjects on an ongoing basis and receive instant alerts about suspicious activity. If a subject is caught in a risky event that triggers an alert, you’ll know in real time.
- Focus on higher-level tasks that add value to your bottom line. Upload your list once, and the automated tool goes to work. You no longer have to manually update your list or check your subjects.
Eliminating manual data collection and monitoring can lower operating costs, reduce errors, and streamline workflows on an enterprise-wide level.
3. Know when you need to conduct enhanced due diligence
When it comes to risk, not all vendors are created equal. Enhanced due diligence (EDD) for higher-risk vendors provides a deeper understanding of vendor activity to reduce associated risks
VDD processes change depending on the size and complexity of the company. Due diligence for a publicly traded Fortune 1000 company looks different than it does for a small, private business. When onboarding smaller vendors, you need tools that allow you to uncover hidden risks. In the digital age, it’s easy to set up a private company that appears to be legitimate. A vetting process that relies on self-disclosure isn’t enough.
Vetting a company may reveal potential risks, but you need to know who runs the business. Protecting your reputation, your brand, and your bottom line requires vetting the owners and principals of the entity. You need to know the full story by examining the complete public records footprints of the business owners.
4. Mitigate risks with adverse media and public records screening
Monitoring public records can reveal risk indicators, such as arrests, bankruptcies, liens, judgments, synthetic identities, and fraud-based criminal activity. But news and other content found across the web — from supplier acquisition reports in industry publications to news articles in local media — can reveal additional risks. Adverse media screening technology powered by artificial intelligence and machine learning helps you identify potential illicit activity and proactively address risks — before your business is threatened.
Intelligent screening technology allows you to:
- Gain in-depth knowledge of suppliers and safeguard against any operational and reputational risks or sanctions.
- Capture updates on suppliers with ongoing adverse media monitoring of news and internet sources and searches of corporate registration data and litigation and regulatory databases.
- Detect and address critical risks in real time by tracking a wide range of local, national, and international sources, including news media, trade journals, legal publications, and content that may not be available on public websites.
- Easily understand relationships between parent and subsidiary companies, determine the level of risk associated with a person or business, and flag vendors for further investigation.
- Spot negative mentions about a vendor on social media platforms and assess potential negative affiliations with people and businesses.
5. Implement a comprehensive know-your-vendor solution
Thomson Reuters® CLEAR provides a complete solution for fully automating the vendor vetting process. For risk management and regulatory compliance teams who need to quickly locate, identify, and connect critical facts, CLEAR is powered by billions of data points and leverages innovative public records technology to bring all key content together in a customizable dashboard, allowing you to search data and view results in a layout that complements your workflow.
CLEAR’s scoring system lets users identify risks and rank their relevancy in real time. Designed to be simple to use and accessible to multiple users, CLEAR allows teams across the enterprise to collaborate and helps boost efficiency in due diligence processes.
Locate, identify, and connect the all facts you need with easy access to billions of best-in-class public records, proprietary data, and live data sources.
CLEAR Risk Inform
Get immediate risk insights for individuals and businesses in just one search.
CLEAR ID Confirm
Confirm identities and customize the entire process to fit your needs.
CLEAR Adverse Media
Simplify your institution’s fraud prevention screening capability and protect its reputation by ensuring any news and web data is properly reviewed.
Online investigation software
Managing supply chain risk starts with knowing who your vendors are. If you aren’t continually conducting thorough due diligence, you’re leaving your organization at risk.
Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a “consumer report” as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.