Third-Party Due Diligence

January 24, 2022

In the early 2000s, when a company was asked if there was a compliance program in force, the answer would be the existence of a Code of Ethics or Conduct. If that was the case and there was a compliance program, the company could boast this as a hallmark.

However, compliance programs have evolved, encouraged by continuous improvement, i.e., the need to search the market for innovations which add value to compliance programs. With that in mind, policies, procedures, training, internal monitoring and so on were developed. As companies solidified their programs, it was noted that third parties could be a weak point and that, more often than not, said third parties could act on behalf of the company, not having the same concern in consolidating a compliance culture. Thus, risk assessment of third parties with which companies interact began to gain strength.

Although assessing risks of vendors of goods and services for the expressive majority of market segments is a rule, the financial sector, on the other hand, needs to assess the risks of its customers and investors (know your customer – KYC), as they can also be held responsible for money laundering in case of neglect to check the source of secured resources.

And how should this risk assessment be carried out? Effectively, each company ends up establishing their own rules, typically through policies and/or procedures, establishing the manners in which the assessment should be carried out and its risk matrix, generally classifying third parties according to pre-established criteria.

And the initial process for preparing said assessment became due diligence. So, what is it?

According to Investopedia, as website whose definition I consider among the most appropriate, due diligence is an investigation, audit, or review carried out to confirm facts or details of a matter under consideration. Therefore, it is through due diligence that an investigation is carried out regarding a vendor, customer, or business partner, the extent of which is usually measured according to the classification assigned to said vendor, customer, or business partner.

To the joy of professionals working in this area and which need to check vendors, customers, or business partners in advance – the latter especially in the initial phase of a merger or acquisition – the market understood the growing and stifled demand of this activity. Thus, a plethora of very efficient tools were made available to the market for the use of those tasked with risk assessment when contracting vendors or interacting with customers or business partners.

Indeed, due diligence tools access several databases that, according to user demand, can vary significantly, checking acts of bribery or corruption, fraud, and even personal problems of partners and their respective corporate relationships. Other tools go further, examining financial aspects, potential loss of intellectual property, insurances or lack thereof, cyber risks, reputational risks, etc.

Below are the main tools currently available on the market:

1. Aravo Software with massive coverage in third-party management, IT vendor risk management, and vendor risk and performance. Has Microsoft and Google as clients.
2. Bridger Insight Platform designed to perform due diligence, comply with global regulations, and reduce fraud risks.
3. Coupa Platform that analyzes vendors business activities and ensures their compliance with current regulations.
4. Dow Jones Platform that checks risks associated with bribery and corruption, source of wealth, sanctions, adverse media, litigation, ownership, slavery, and political exposure.
5. Gan Integrity System GAN's Integrated Compliance Management platform has the tools you need to work holistically with data, across processes, and collaboratively with people, across business departments.
6. IHS Markit Platform advertised as KY3P, which offers end-to-end vendor and third-party risk management. KY3P's key offerings include: (i) Third-party due diligence and monitoring; (ii) Onboarding and oversight; and (iii) Shared assessments.
7. Metricstream Platform that efficiently integrates all aspects of third-party management, from collection of information, continuous monitoring, compliance, risk mitigation, and vendor onboarding.
8. OneTrust Third-party risk assessment software that has (i) a global list of vendor risk assessments, and (ii) questionnaire response automation to help vendors automatically answer risk assessment questionnaires.
9. Prevalent Unified, automated, cloud-based TPRM platform with standardized risk assessment and vendor risk monitoring.
10. Red Flags Cloud-based business intelligence software that helps clients become data-driven, delivering due diligence results from any third party.
11. Refinitiv Platform that offers screening, monitoring, and risk assessment tools powered by a robust set of accurate and interconnected risk data, constituting a prerequisite for combating financial crimes such as bribery and corruption.
12. SignalX Platform that offers a set of services ranging from primary screening to advanced investigations. Its clients include banks, investment funds, private equity firms, law firms, hedge funds, venture capital firms, family offices, mergers and acquisitions, IPOs, and other businesses.
13. Thomson Reuters Clear Investigative platform that offers comprehensive data on vendors, including tools like Associative Analytics, Negative News, and World-Check using real-time data to present a complete picture of third-party relationships with potential suppliers, investors, vendors, and other targets.
14. Trace Trace International's Third-Party Management System (TPMS) offers due diligence on an unlimited number of third parties. Trace's existing due diligence clients can access their TPMS free of additional charge and consolidate their due diligence process.
15. Upminer Brazilian platform used by companies of all types to expedite information collection of legal entities and persons.
No items found.

RECENT POSTS

Você sabe o que é a No Surprises Act? Entenda sua importância

October 7, 2024

SEC Combate Retaliação de Empresas Contra Informantes

September 20, 2024

CFM Intervém na Relação do Médico com a Indústria Farmacêutica e de Produtos Médicos

September 12, 2024

Do you know what the No Surprises Act is? Understanding its importance

October 7, 2024

SEC Combats Corporate Retaliation Against Whistleblowers

September 20, 2024

The Brazilian Medical Association Intervenes in the Relationship between Physicians and the Pharmaceutical and Medical Products Industry

September 12, 2024

Contracts and artificial intelligence: legal and ethical considerations

November 13, 2024

Digital Signatures in Contracts (Part 2)

November 5, 2024

Contractual dispute resolution: choosing the right mechanism

October 16, 2024

LINKEDIN FEED

Newsletter

Register your email and receive our updates

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Newsletter

Register your email and receive our updates-

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

FOLLOW US ON SOCIAL MEDIA

Licks Attorneys' Government Affairs & International Relations Blog

Doing Business in Brazil: Political and economic landscape

Licks Attorneys' COMPLIANCE Blog

Third-Party Due Diligence

January 24, 2022
No items found.

In the early 2000s, when a company was asked if there was a compliance program in force, the answer would be the existence of a Code of Ethics or Conduct. If that was the case and there was a compliance program, the company could boast this as a hallmark.

However, compliance programs have evolved, encouraged by continuous improvement, i.e., the need to search the market for innovations which add value to compliance programs. With that in mind, policies, procedures, training, internal monitoring and so on were developed. As companies solidified their programs, it was noted that third parties could be a weak point and that, more often than not, said third parties could act on behalf of the company, not having the same concern in consolidating a compliance culture. Thus, risk assessment of third parties with which companies interact began to gain strength.

Although assessing risks of vendors of goods and services for the expressive majority of market segments is a rule, the financial sector, on the other hand, needs to assess the risks of its customers and investors (know your customer – KYC), as they can also be held responsible for money laundering in case of neglect to check the source of secured resources.

And how should this risk assessment be carried out? Effectively, each company ends up establishing their own rules, typically through policies and/or procedures, establishing the manners in which the assessment should be carried out and its risk matrix, generally classifying third parties according to pre-established criteria.

And the initial process for preparing said assessment became due diligence. So, what is it?

According to Investopedia, as website whose definition I consider among the most appropriate, due diligence is an investigation, audit, or review carried out to confirm facts or details of a matter under consideration. Therefore, it is through due diligence that an investigation is carried out regarding a vendor, customer, or business partner, the extent of which is usually measured according to the classification assigned to said vendor, customer, or business partner.

To the joy of professionals working in this area and which need to check vendors, customers, or business partners in advance – the latter especially in the initial phase of a merger or acquisition – the market understood the growing and stifled demand of this activity. Thus, a plethora of very efficient tools were made available to the market for the use of those tasked with risk assessment when contracting vendors or interacting with customers or business partners.

Indeed, due diligence tools access several databases that, according to user demand, can vary significantly, checking acts of bribery or corruption, fraud, and even personal problems of partners and their respective corporate relationships. Other tools go further, examining financial aspects, potential loss of intellectual property, insurances or lack thereof, cyber risks, reputational risks, etc.

Below are the main tools currently available on the market:

1. Aravo Software with massive coverage in third-party management, IT vendor risk management, and vendor risk and performance. Has Microsoft and Google as clients.
2. Bridger Insight Platform designed to perform due diligence, comply with global regulations, and reduce fraud risks.
3. Coupa Platform that analyzes vendors business activities and ensures their compliance with current regulations.
4. Dow Jones Platform that checks risks associated with bribery and corruption, source of wealth, sanctions, adverse media, litigation, ownership, slavery, and political exposure.
5. Gan Integrity System GAN's Integrated Compliance Management platform has the tools you need to work holistically with data, across processes, and collaboratively with people, across business departments.
6. IHS Markit Platform advertised as KY3P, which offers end-to-end vendor and third-party risk management. KY3P's key offerings include: (i) Third-party due diligence and monitoring; (ii) Onboarding and oversight; and (iii) Shared assessments.
7. Metricstream Platform that efficiently integrates all aspects of third-party management, from collection of information, continuous monitoring, compliance, risk mitigation, and vendor onboarding.
8. OneTrust Third-party risk assessment software that has (i) a global list of vendor risk assessments, and (ii) questionnaire response automation to help vendors automatically answer risk assessment questionnaires.
9. Prevalent Unified, automated, cloud-based TPRM platform with standardized risk assessment and vendor risk monitoring.
10. Red Flags Cloud-based business intelligence software that helps clients become data-driven, delivering due diligence results from any third party.
11. Refinitiv Platform that offers screening, monitoring, and risk assessment tools powered by a robust set of accurate and interconnected risk data, constituting a prerequisite for combating financial crimes such as bribery and corruption.
12. SignalX Platform that offers a set of services ranging from primary screening to advanced investigations. Its clients include banks, investment funds, private equity firms, law firms, hedge funds, venture capital firms, family offices, mergers and acquisitions, IPOs, and other businesses.
13. Thomson Reuters Clear Investigative platform that offers comprehensive data on vendors, including tools like Associative Analytics, Negative News, and World-Check using real-time data to present a complete picture of third-party relationships with potential suppliers, investors, vendors, and other targets.
14. Trace Trace International's Third-Party Management System (TPMS) offers due diligence on an unlimited number of third parties. Trace's existing due diligence clients can access their TPMS free of additional charge and consolidate their due diligence process.
15. Upminer Brazilian platform used by companies of all types to expedite information collection of legal entities and persons.
Related
No items found.

ABOUT US

Licks’ Blog provides regular and insightful updates on Brazil’s political and economic landscape. The posts are authored by our Government Affairs & International Relations group, which is composed of experienced professionals from different backgrounds with multiple policy perspectives.

Licks Attorneys is a top tier Brazilian law firm, speciallized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

ABOUT US

Licks Attorneys Compliance’s Blog provides regular and insightful updates about Ethic and Compliance. The posts are authored by Alexandre Dalmasso, our partner. Licks Attorneys is a top tier Brazilian law firm, specialized in Intellectual Property and recognized for its success handling large and strategic projects in the country.

QUEM SOMOS

O blog Licks Attorneys Compliance fornece atualizações regulares e esclarecedoras sobre Ética e Compliance. As postagens são de autoria de Alexandre Dalmasso, sócio do escritório. O Licks Attorneys é um escritório de advocacia brasileiro renomado, especializado em Propriedade Intelectual e reconhecido por seu sucesso em lidar com grandes e estratégicos cases no país.

Follow Us on Social Media

Offices

Rio de Janeiro

Av. Oscar Niemeyer, 2000
9th floor, Aqwa Corporate
Rio de Janeiro RJ - Brazil
20220-297
Phone: +55 21 3550 3700
Fax: +55 21 3956 9444
info@lickslegal.com

Sao Paulo

Rua George Ohm, 230
Tower A CJ 112/113
Sao Paulo SP - Brazil
04576-020
Phone: +55 11 3033 3700
info@lickslegal.com

Brasilia

SH/Sul Zone 06, Unit A,
Complexo Brasil 21, Block E,
Rooms 515 and 516 – Asa Sul
Brasilia DF - Brazil
70316-902
Phone: + 55 61 3772 3700
info@lickslegal.com

Curitiba

Rua da Glória, 251, #601
Centro Cívico
Curitiba - Brazil
80030-060
Phone: + 55 41 2391 0680
info@lickslegal.com

Tokyo

Chiyoda Kaikan Bldg, 6F, 1-6-17
Kudan Minami Chiyoda-Ku
Tokyo - Japan
102-0074
Phone:+81 3 6256 8972
Fax:+81 (03) 6740 1453
japan@lickslegal.com

© Copyright 2024 Licks Attorneys

Selo COVID-19 FIRJAN e Albert Einstein
Covid-19 Safe Certified Office