Dan Hartnett
In our latest insight series, we explore the regulatory drivers for customer and third-party risk management and unpack how organisations can remain compliant with their evolving regulatory obligations. This time we focus on supply chain risk and the critical role of Enhanced Due Diligence (EDD).
- Explore the third-party risk space, looking at some key regulatory drivers for customer and third-party risk management.
- Uncover key regulatory developments and how organisations can remain compliant with evolving obligations.
Risk in global supply chains
Global supply chains are the lifeblood of international industry, connecting the many dots between raw material and finished product. As these networks grow, they allow organisations to develop, diversify and deliver in line with changing business and consumer needs. At the same time, however, complex supply networks can inadvertently expose a company to third-party risk.
The third-party risk landscape is changing. Not only are new types of risk emerging, but continuing global economic uncertainty means that, at an organisational level, “do more with less” pressures are growing. Compliance teams are tasked with identifying a range of potential risks, understanding each third party’s comprehensive risk profile – far beyond traditional risks such as bribery and sanctions – and doing all of this at speed, so as not to slow the pace of business.
Identifying risk is not always straightforward, particularly given that a traditional siloed approach to risk management means that there is often a lack of visibility across increasingly complex global supply networks. Many companies also struggle to access the full range of data that is needed to help them understand potential sustainability and/or ethical issues that may be buried deep within their supply chains.
Against this backdrop, the regulatory landscape governing the third-party risk space has become substantially more robust. Moreover, there is increasing consumer awareness of third-party risk across the globe, and this means that organisations must ensure that they identify, manage and mitigate risk within their supply chains at all times.
Key regulatory developments
Changing supply chain due diligence laws around the globe mean that organisations must now proactively manage third-party risks across their supplier networks. In reality, this translates into conducting more due diligence on more supply chain partners.
While there have been several supply chain due diligence regulations introduced over the years, a recent and highly pertinent example is that of the EU Corporate Sustainability Due Diligence Directive (CSDDD), which was adopted in March 2024.
Since third parties can inadvertently introduce a range of ESG-related risks, from human rights abuses to environmental violations and more, the new requirements will hold companies accountable for the social and environmental impact of their supply chains.
Once the changes come into effect, in-scope companies will need to proactively manage their own ESG risks, disclose sustainability-related information, and take steps to ensure that their supply chain partners meet required ESG standards around the human rights, climate change and environmental consequences of their decisions.
While the changes are not immediate and will be introduced in phases – depending on company size and turnover – the updated requirements will translate into an increased administrative burden and higher compliance costs. This is in addition to requirements from long standing anti-bribery regulations, such as the U.S. Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act of 2010.
Remaining compliant through EDD
To effectively manage supply chain risk and comply with the CSDDD and other relevant regulations, companies need to adopt a risk-based approach to due diligence and seek to identify, mitigate or put to an end any sustainability-related potential or existing adverse impact caused by one of their suppliers. A key component of such an approach is EDD for when heightened risk is suspected or detected.
Targeted EDD delivers detailed background information on a subject and drills down to uncover any additional information necessary to build a complete picture of risk. Robust EDD enables more informed decisions about whether to engage with a third party, and the controls that should be put in place. It is especially relevant where the decision involves critical suppliers or those in high-risk sectors or jurisdictions.
A well-structured EDD report for third-party risks should:
- Deliver detailed background information about the potential or existing supplier
- Draw from a variety of credible sources around the globe
- Include insights beyond those offered by initial screening alone
- Cover a broad set of typical third-party risks, from traditional bribery risks to newer forced labour abuses
- Extend beyond the main subject to include key affiliated personas (e.g. directors and owners) and entities (e.g. subsidiaries)
- Identify global risks and interpret these within the relevant local context
- Deliver clear risk scoring to help identify heightened risk at speed
In addition, next-generation EDD leverages advanced technology to improve research quality and efficiency, enabling companies to make well-informed decisions about potential business partners quickly and cost effectively.
The right EDD report can also help teams to pinpoint higher risk third parties more efficiently. This further lowers programmatic costs and supports a robust risk-based approach, which in turn speeds up third-party onboarding processes.
While a changing regulatory backdrop will continue to redefine supply chain compliance obligations going forward, by leveraging the right data and tools organisations can equip themselves to pinpoint potential risk with greater speed, improve accuracy and lower costs – all while securing their supply chains and remaining on the right side of a dynamic regulatory curve.
Legal Disclaimer
Republication or redistribution of LSE Group content is prohibited without our prior written consent.
The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.
Copyright © 2024 London Stock Exchange Group. All rights reserved.
The content of this publication is provided by London Stock Exchange Group plc, its applicable group undertakings and/or its affiliates or licensors (the “LSE Group” or “We”) exclusively.
Neither We nor our affiliates guarantee the accuracy of or endorse the views or opinions given by any third party content provider, advertiser, sponsor or other user. We may link to, reference, or promote websites, applications and/or services from third parties. You agree that We are not responsible for, and do not control such non-LSE Group websites, applications or services.
The content of this publication is for informational purposes only. All information and data contained in this publication is obtained by LSE Group from sources believed by it to be accurate and reliable. Because of the possibility of human and mechanical error as well as other factors, however, such information and data are provided "as is" without warranty of any kind. You understand and agree that this publication does not, and does not seek to, constitute advice of any nature. You may not rely upon the content of this document under any circumstances and should seek your own independent legal, tax or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the publication and its content is at your sole risk.
To the fullest extent permitted by applicable law, LSE Group, expressly disclaims any representation or warranties, express or implied, including, without limitation, any representations or warranties of performance, merchantability, fitness for a particular purpose, accuracy, completeness, reliability and non-infringement. LSE Group, its subsidiaries, its affiliates and their respective shareholders, directors, officers employees, agents, advertisers, content providers and licensors (collectively referred to as the “LSE Group Parties”) disclaim all responsibility for any loss, liability or damage of any kind resulting from or related to access, use or the unavailability of the publication (or any part of it); and none of the LSE Group Parties will be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, howsoever arising, even if any member of the LSE Group Parties are advised in advance of the possibility of such damages or could have foreseen any such damages arising or resulting from the use of, or inability to use, the information contained in the publication. For the avoidance of doubt, the LSE Group Parties shall have no liability for any losses, claims, demands, actions, proceedings, damages, costs or expenses arising out of, or in any way connected with, the information contained in this document.
LSE Group is the owner of various intellectual property rights ("IPR”), including but not limited to, numerous trademarks that are used to identify, advertise, and promote LSE Group products, services and activities. Nothing contained herein should be construed as granting any licence or right to use any of the trademarks or any other LSE Group IPR for any purpose whatsoever without the written permission or applicable licence terms.
