Business relationships with third parties also regularly give rise to risks. This is completely independent of whether they are customers, suppliers, service providers, subcontractors, sales agents, brokers, franchisees or other business partners. The need to adequately address these risks arises from a number of requirements. These include:
- ESG requirements (for example, the Corporate Sustainability Reporting Directive (CSRD) and ESG ratings).
- Supply chain due diligence laws
- Anti-corruption laws (for example, the Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act)
- Money Laundering Act, Banking Act (for example, prevention of money laundering and terrorist financing including Know Your Customer)
- Foreign trade law (e.g. national and international sanctions regimes)
- EU General Data Protection Regulation (DSGVO)
- Information security requirements (for example, the IT Security Act, KRITIS)
Challenge: Monitor complex structures efficiently and avoid liability
Compliance with these regulatory requirements is challenging in many respects. On the one hand, the legal framework is subject to constant change. On the other hand, national projects often run parallel to supranational legislative processes, for example at the European level. Companies with third-party relationships must always keep an eye on these developments and the resulting requirements.
In addition, companies are confronted with increasingly complex networks and structures in relation to their supply chains, subcontractors and other third parties. Interconnections between these third parties and other companies and individuals are not readily apparent. Contacts with political decision-makers, information on ongoing legal disputes and critical press coverage also need to be monitored, because compliance-relevant risks can result from all these interconnections and third-party relationships.
If violations occur in this context or business relationships with questionable third parties become known, companies and their decision-makers expose themselves to considerable financial and reputational risks. A holistic approach is required to manage these risks.
Our solution: The KPMG Integrity Screening Service
Your supplier comes under fire for environmental violations? A customer is suddenly on a sanctions list and may no longer be supplied? A service provider is sued abroad for labor protection-related misconduct?
With the KPMG Integrity Screening Service, you can identify reputation- and ESG-relevant issues at an early stage. The entire lifecycle of the business relationship with your third parties is covered and continuous monitoring is enabled - 24 hours a day, 365 days a year.
Barbara Scheben
Partner, Audit, Regulatory Advisory, Head of Forensic, Head of Data Protection
KPMG AG Wirtschaftsprüfungsgesellschaft
Alexander Geschonneck
Partner, Forensic, Global Head of Forensic
KPMG AG Wirtschaftsprüfungsgesellschaft
The KPMG Integrity Screening Service offers the following options:
- Initial screening during onboarding: retrospective investigation of relevant facts over an individually definable period of time according to selected key topics.
- Ongoing monitoring: System-based monitoring of previously designated entities and their affiliated companies and employees with a view to negative facts (negative news/adverse media), monitoring of sanctions lists and politically exposed persons (PePs)
- Occasion-based research: Individual background research using a combination of tool-based search algorithms and manual corporate intelligence investigations on ad hoc factual behavior
Results will be provided in a format and rotation to be agreed upon.
Sources in over 85 countries and in more than 60 languages are used. These include:
- Media publications: Sources of news or online databases including paid content.
- Business registries: sources that provide company data and basic information such as company addresses, owners, incorporation dates, etc.
- Regulatory databases: sources that provide information from government regulatory agencies about the company. This includes ongoing investigations, referrals, and penalties issued.
- Watchlists: structured watchlists that focus on issues such as international sanctions, politically exposed persons, and government-owned companies
- People Registries: sources that provide information about individuals based on phone book entries, voter registries, consumer credit applications, etc.
- Cyber Security Score: ratings of companies based on their cyber security posture
- ESG Rating: ratings from recognized service providers to assess and evaluate ESG-related metrics.
A continuous supply of information as the basis for your decision-making process
The resilient information provided puts you in a position to make informed and appropriate decisions and initiate measures (dialog, audits, remediation measures and, if necessary, termination of the business relationship). This is an essential building block for complying with internal company, national and also international regulations.
In addition, you gain an edge in knowledge by continuously monitoring relevant risks and covert networks of your third parties. Integrity, reputation and compliance risks arising from your business relationships, transactions and business activities can thus be identified and mitigated.
We would be happy to explain the KPMG Integrity Screening Service, a component of our ESG Integrity Portfolio, in more detail and work out a pricing model for you. Please contact us.