In the early 2000s, when a company was asked if there was a compliance program in force, the answer would be the existence of a Code of Ethics or Conduct. If that was the case and there was a compliance program, the company could boast this as a hallmark.
However, compliance programs have evolved, encouraged by continuous improvement, i.e., the need to search the market for innovations which add value to compliance programs. With that in mind, policies, procedures, training, internal monitoring and so on were developed. As companies solidified their programs, it was noted that third parties could be a weak point and that, more often than not, said third parties could act on behalf of the company, not having the same concern in consolidating a compliance culture. Thus, risk assessment of third parties with which companies interact began to gain strength.
Although assessing risks of vendors of goods and services for the expressive majority of market segments is a rule, the financial sector, on the other hand, needs to assess the risks of its customers and investors (know your customer – KYC), as they can also be held responsible for money laundering in case of neglect to check the source of secured resources.
And how should this risk assessment be carried out? Effectively, each company ends up establishing their own rules, typically through policies and/or procedures, establishing the manners in which the assessment should be carried out and its risk matrix, generally classifying third parties according to pre-established criteria.
And the initial process for preparing said assessment became due diligence. So, what is it?
According to Investopedia, as website whose definition I consider among the most appropriate, due diligence is an investigation, audit, or review carried out to confirm facts or details of a matter under consideration. Therefore, it is through due diligence that an investigation is carried out regarding a vendor, customer, or business partner, the extent of which is usually measured according to the classification assigned to said vendor, customer, or business partner.
To the joy of professionals working in this area and which need to check vendors, customers, or business partners in advance – the latter especially in the initial phase of a merger or acquisition – the market understood the growing and stifled demand of this activity. Thus, a plethora of very efficient tools were made available to the market for the use of those tasked with risk assessment when contracting vendors or interacting with customers or business partners.
Indeed, due diligence tools access several databases that, according to user demand, can vary significantly, checking acts of bribery or corruption, fraud, and even personal problems of partners and their respective corporate relationships. Other tools go further, examining financial aspects, potential loss of intellectual property, insurances or lack thereof, cyber risks, reputational risks, etc.
Below are the main tools currently available on the market:
1. Aravo | Software with massive coverage in third-party management, IT vendor risk management, and vendor risk and performance. Has Microsoft and Google as clients. |
2. Bridger Insight | Platform designed to perform due diligence, comply with global regulations, and reduce fraud risks. |
3. Coupa | Platform that analyzes vendors business activities and ensures their compliance with current regulations. |
4. Dow Jones | Platform that checks risks associated with bribery and corruption, source of wealth, sanctions, adverse media, litigation, ownership, slavery, and political exposure. |
5. Gan Integrity System | GAN’s Integrated Compliance Management platform has the tools you need to work holistically with data, across processes, and collaboratively with people, across business departments. |
6. IHS Markit | Platform advertised as KY3P, which offers end-to-end vendor and third-party risk management. KY3P’s key offerings include: (i) Third-party due diligence and monitoring; (ii) Onboarding and oversight; and (iii) Shared assessments. |
7. Metricstream | Platform that efficiently integrates all aspects of third-party management, from collection of information, continuous monitoring, compliance, risk mitigation, and vendor onboarding. |
8. OneTrust | Third-party risk assessment software that has (i) a global list of vendor risk assessments, and (ii) questionnaire response automation to help vendors automatically answer risk assessment questionnaires. |
9. Prevalent | Unified, automated, cloud-based TPRM platform with standardized risk assessment and vendor risk monitoring. |
10. Red Flags | Cloud-based business intelligence software that helps clients become data-driven, delivering due diligence results from any third party. |
11. Refinitiv | Platform that offers screening, monitoring, and risk assessment tools powered by a robust set of accurate and interconnected risk data, constituting a prerequisite for combating financial crimes such as bribery and corruption. |
12. SignalX | Platform that offers a set of services ranging from primary screening to advanced investigations. Its clients include banks, investment funds, private equity firms, law firms, hedge funds, venture capital firms, family offices, mergers and acquisitions, IPOs, and other businesses. |
13. Thomson Reuters Clear | Investigative platform that offers comprehensive data on vendors, including tools like Associative Analytics, Negative News, and World-Check using real-time data to present a complete picture of third-party relationships with potential suppliers, investors, vendors, and other targets. |
14. Trace | Trace International’s Third-Party Management System (TPMS) offers due diligence on an unlimited number of third parties. Trace’s existing due diligence clients can access their TPMS free of additional charge and consolidate their due diligence process. |
15. Upminer | Brazilian platform used by companies of all types to expedite information collection of legal entities and persons. |