Strategies for Third Party Risk Management

Trusting someone can be as difficult and risky in business as it is in our personal lives. Businesses thrive not only because they do the right things at the right time, but because they associate themselves with distributors, vendors, investors, contractors and affiliates that respect their goals, share their work ethic, are experienced and financially stable, and fulfill the businesses’ needs with reliable execution.

Regrettably, overreliance on others without a system of checks and balances may lead a business to fail in spite of good intentions. A business owner must constantly monitor and review business relationships to identify and minimize risks to the company without alienating these third parties.

Why is managing third party relationships important?

Because reliance on others has many benefits: delegation, additional revenue, innovation and invention, collaboration, risk sharing, B2B reciprocity marketing, and more. These benefits often outweigh the multiple risks that accompany business relationships: premature growth which leads to an inability to fulfill obligations, holding onto too much inventory, slow cash flow which increases AR, competition from globalization, data breaches, lack of mutual vision and rewards, talent poaching, design and patent theft, etc.

What are the best ways to manage third party relationships?

1. Have a risk management plan: what can happen, who will be in charge of what, how long the initial response takes, who needs to be informed. Next, establish a long-term monitoring process with specific goalposts. Don’t forget, a plan needs to contain a way to identify the risk, analyze and treat it, then monitor and review it.
2. Always do a background check on your partners: check their business credit score (for more information, check out our article on business credit scores), read news about them, verify that they have no lawsuits or pending lawsuits against them, or even hire a private financial investigator. Always check the Secretary of State’s website in your state to verify that your future business partner is incorporated and they are in good standing. If they’re not listed in that state, make a second search on the website of the Delaware Secretary of State. Many businesses choose to incorporate in Delaware because of a solid, reliable corporate law environment with a business-friendly attitude and streamlined processes.
3. Make sure you understand the contract fully and that it contains clear, enforceable provisions. You don’t want to find yourself in a financial bind where you provided a service but your business buyer has failed to pay because the contract doesn’t clearly state payment terms and cycles. What’s more, establish and insert a termination clause that would delineate how the termination of the relationship will be managed.
4. Make sure your employees understand the risks associated with various vendors, that they know the rules and regulations applicable to your business profile and follow internal policies and procedures to the letter.  Don’t keep your staff in the dark, they’re your eyes and ears on the job. Make sure they can recognize risk, know what the plan is, and how and when they need to act to mitigate problems if you’re not around.
5. Conform to all rules and regulations and ensure that your partners do, too. Hire an experienced lawyer to look at your contract or help you draft one, to explain tax laws and assist you in creating a comprehensive compliance plan. You can also create a compliance department or entrust this duty to someone you trust and create a compliance officer position, if you can afford it. If that’s not the case, then having periodic internal audits will keep your employees informed and alert and help you identify where you or interactions with business partners need to improve in order to minimize risks.
6. Be consistent and try to implement a transparent and well organized system for all third parties you deal with, in order to have an efficient, reliable workflow where it’s easy to detect errors and inconsistencies. Your business identity and path don’t have to, and shouldn’t, completely merge with that of your business associate. In order to be able to control the various business relationships, you must be able to demonstrably separate the agreements, activities and overall relationship.
7. Understand how the risks may evolve with each and every one of your vendors and adjust your plan accordingly. Companies change over time in order to adapt and survive. Having an overall plan is good, but each vendor needs some personalized attention with their specific risk management lifecycle. Be prepared to deal with leadership changes, brand reinvention, changes in legal structure (from an LLC to a corporation or vice versa, for example), and more. Assign an account or relationship manager for each of your business associates, if you can afford it.
8. Don’t ignore the social media of your business partners. You must check that they behave ethically, don’t divulge company secrets, and that their public image is beneficial for your brand, not detrimental. Imagine a socially irresponsible tweet or Facebook post that, even though deleted, has already made the rounds and been shared by thousands of people. Something like that can have a negative impact on your reputation long after it’s gone, if you are a known associate of that business.
9. Have periodic check-ins with your third-parties. Attending industry conferences, seminars, workshops or having a shared company outing may give you the insight you need to decide whether you want to continue the relationship, start a future collaboration or reach a terminus point in the business relationship.
10. Make sure your data security and software programs are protected.  Consider vulnerabilities and security along the full chain between the cloud services you use, the point internet traffic enters and leaves your building, office, wifi router, and personal computers.  Ensure all of these systems have strong, unique passwords in place that are themselves securely stored. Install and configure internet firewall and anti-virus/anti-malware software.  Consider which electronic documents (and computer hard drives) should be encrypted.  Adopt strict, written, need-to-know standards and policies for the flow of information and documents within your company and outside it, elevating privileges for specific parties as necessary and communicating such changes clearly. Don’t share your passwords and proprietary information outside of your company no matter how friendly your contractors are. Decide what your employees can share with investors and affiliates, and have controlled, customized access to data by employees company-wide.

If you know or learn when to be self-reliant and when to rely on others, how to reinforce mutual contribution and minimize liability, and how to trust safely, you have better chances of not only growing your business but also forming long-lasting business relationships and even personal friendships. By associating with the right people and enterprises, you can create an honest, reliable sub-network of support and shared profitability that can help you survive the worst of economic times.