Effective third-party risk management (TPRM) programs encompass an end-to-end, integrated approach to managing a variety of risks throughout the lifecycle of third-party relationships – from up-front due diligence to ongoing monitoring. 

It is imperative organizations have greater visibility into their universe of third parties – upstream and downstream. It is critical for organizations to understand risks and threats, and to protect their reputations.

Across all industries, examples of third parties include, suppliers, vendors, customers, distributors, agents, freight forwarders, customs brokers, and more. When it comes to third-party risk management, organizations should focus on all types of third parties equally.

Moody’s is uniquely positioned to help organizations take a strategic approach to third-party risk management, unify and automate third-party due diligence, and monitor in an ongoing manner the performance of third parties. 

We help organizations bring together people, processes, and technology to create greater organizational transparency and visibility of risk across each tier of the universe of third-party relationships.

  • Gain visibility of risks associated with third parties 
  • Unify your approach to third-party due diligence, onboarding, and risk monitoring 
  • Identify risks to mitigate the threat of fines or penalties, reputational damage, or negative financial impact 

Third-party onboarding & risk monitoring

Organizations must comply with a variety of laws, regulation, and agency guidance relating to third-party risk management – from up-front due diligence; to other measures intended to prevent financial, environmental, and social crimes; to ongoing monitoring. 

Third-party risk management continues to grow in importance and remains a complex area of operations. Third-party risk is dispersed across industries and geographies, and differs according to the nature of the business relationship. 

Third-party risk can reside anywhere in the supply chain – upstream or downstream – and related to different types of risk, (e.g., bribery and corruption, cybercrimes, fraud, human rights violations, forced labor, shell company detection, etc.) 

Moody’s solutions are tailored to help your business understand all kinds of third-party risk. 

Regulatory compliance risk
Create and maintain third-party risk profiles for key areas of compliance (e.g., bribery and corruption, cybercrimes, fraud, human rights violations, modern slavery, shell company detection, etc.) 

Company profiles
Verify and enhance the data provided by third parties to complete due diligence

Reputational risk
Access adverse media data about third parties to understand existing and new risks

A Moody's data story

Visualizing third-party complexity to manage risk

In a changing economy, managing third-party risk is critical. The ongoing shift in US companies' supply chains away from China toward alternative markets, such as India, Mexico, and Vietnam, highlights how organizations are diversifying supply chains to try and mitigate risk. However, these shifts can introduce different challenges and new areas of risk.

Moody’s Navigating supply chain challenges as the U.S. and China reshape trade ties visual, interactive Data Story provides information and insights to help organizations visualize complexities in today’s world of interconnected risk. 

Explore the data story, and if you have any questions, please get in touch any time. 

View data visualization

Digitally transform due diligence

Develop a third-party due diligence solution that’s flexible and tailored to your organization.

Digitally transform risk policies for third-party onboarding and risk-monitoring processes 

Unify due diligence with a comprehensive workflow of compliance due diligence checks for anti-bribery and corruption, cybercrimes, fraud, human rights violations, forced labor, shell company detection, and more.

Integrate Moody’s award-winning datasets to verify third parties, large or small, anywhere in the world.

Make risk-based decisions with greater corporate transparency. 

Moody's Maxsight™
Digitally transform risk policies, create a workflow of data checks, and collaborate on cases for unified risk management

Orbis
Access powerful comparable data on private companies with information on +580 million entities worldwide

Grid
Curate risk-relevant data into profiles for individuals or entities, from a database with politically exposed persons (PEPs), sanctions, adverse media news

Live registry data
Conduct entity verification with data and documents from our access to government registers globally

Key considerations

Modeling third-party risk management

A model that helps unify people, processes, and technology creates greater visibility about where risks lie.

Here are five factors to think about when creating the right model for third-party due diligence and risk management across your vendor network. 

5 factors for effective TPRM

Our findings

Moody’s research into third-party risk management

Moody’s recently carried out primary research with a number of global corporations to delve into their processes and priorities for third-party risk management (TPRM).  

Specifically, we wanted to find out:
  • How is the term TPRM understood by organizations?  
  • How do organizations approach TPRM and supplier due diligence today? 
  • What are the challenges organizations face when onboarding and managing suppliers?   
  • What does best practice look like and what steps are taken to mitigate risk? 
  • What are customers’ attitudes toward TPRM, openness toward solutions, and perceptions of the benefits of improved monitoring? 
The rising tide of third-party management
We interviewed 41 risk and compliance professionals from leading global organizations.

We’re pleased to share the findings of our research. Download your copy of Third-party risk management: Understanding risks to safeguard reputations

"Businesses want to protect their reputations, maintain compliance, and look for competitive advantage in their third-party networks. It’s a challenge we recognize."
Webinar

Meeting the rising tide of third-party risk management to safeguard your reputation

Increasingly complex regulations, financial penalties, and media scrutiny are bringing third-party risk management and supplier due diligence into sharp focus and moving it up on organizations’ agendas.

Exploring the questions, priorities, and challenges of third-party risk management, Moody’s commissioned original research into this topic and shared the findings of this work in this on-demand webinar.

Paul Nola, of Context Consulting, who conducted the research on behalf of Moody’s, gave a full review of the input from global brands that represent industries from fashion to food to finance. 

Following Paul’s debrief, our panel discussed:
  • Priorities driving investment in third-party risk management   
  • Reasons why companies have limited visibility of third-party and supply-chain risks 
  • How to gain visibility into the complex tiers of a counterparty network  
  • How third-party risk management can deliver competitive advantage 
Safeguard your reputation

Listen to the podcast

KYC Decoded

Podcast 1
Third-party risk management: knowing the right thing ≠ doing the right thing

Former international sales executive Richard Bistrong served time in a federal prison camp after being targeted by a US Department of Justice investigation of a UN supply contract. He now dedicates his life to educating organizations on the importance of effectively designed ethics and compliance programs and TPRM programs, particularly in areas of risk, such as bribery and corruption. 

In this episode of KYC Decoded, Richard and Bill Hauserman, Moody’s KYC head of the Financial Crime Compliance Practice for the Americas, talk about: 

  • How expertise, data, and technology should work together to push due diligence forward 
  • The impact of culture on compliance strategies and mitigating risk 
  • The qualities professionals need to maintain integrity and deal with illicit actors 
Podcast 2
Third-party risk management: control, culture, and competitive advantage

Amid sanctions concerns, ESG commitments, and the potential for reputational harm, third-party risk management is a priority. But, if done right, TPRM can also be a competitive advantage.

In this episode of KYC Decoded, Vincent Scales, Director of Third-Party Risk Management at Verizon, and Enrico Aresu, Moody’s KYC Compliance and Financial Crime Practice Lead for the DACH region and central eastern Europe, discuss: 

  • Context for increased commitment to TPRM 
  • Known vs. unknown risk in supply chains 
  • The difference a compliance culture can make 
  • Gaining advantage with Governance Risk and Compliance (GRC) platforms 
5 steps in supplier due diligence

Five steps in supply chain due diligence

Source: Moody's

SUPPLY CHAIN REPORT

More resources

Supplier risk management resources

Moody’s has resources on supplier risk management to help you unify your approach to the problem and gain visibility over risk in your supply chain to protect your business and its reputation. Read on and get in touch if you have any questions. 

Get in touch to discuss your approach to supplier due diligence – we would love to talk to you.

