You can outsource your processes but not the risks involved in doing so.
As an organization, you are only as strong as your weakest link, and the lack of appropriate oversight and monitoring of third-party relationships may expose you to a wide range of risks.
Due to escalating threats emerging across the extended enterprise as well as changes in the legal and regulatory landscape, there is a growing need for organizations to effectively manage the risks posed by their third-party relationships and ensure that these third parties uphold the relevant laws, regulations and standards that they are subject to.
The enforcement of Section 17A of the Malaysian Anti-Corruption Commission (“MACC”) Act 2009 effective 1 June 2020 has heightened the impetus for third-party risk management.
Under the updated Act, all commercial organizations face the risk of being charged if any persons associated with the commercial organization (including its third parties) commits a corruption offence. If a commercial organization is found guilty under Section 17A, the penalty is a fine of not less than 10 times the value of the bribe or RM 1million, whichever is higher, or imprisonment for up to 20 years, or both.
To mitigate their third-party risks, organizations need to put in place comprehensive Third-Party Risk Management (TPRM) measures encompassing adequate due diligence, risk assessment and ongoing risk monitoring.
Introducing KPMG Third-Party Insights
KPMG in Malaysia developed Third-Party Insights to provide organizations with a digitally powered solution for third-party risk management. Our web-based third-party assessment application is equipped with cloud-based analytics which automates and simplifies the information-gathering and preliminary screening processes from the point of onboarding, registration, and during ongoing monitoring.