Astrus insights KPMG’S analysis of third-partyintegrity risks


Global transactions and regulatory scrutiny increasingly require firms to examine their business relationships in order to assess risk, undertake informed negotiations, and comply with regulatory
mandates. Failure to adequately evaluate clients, vendors, agents and business partners, and to know how they operate, can expose organizations to reputational damage, operational risk and government investigations, as well as monetary penalties and potential criminal liability.

In this first edition of Astrus Insights, KPMG International has analyzed the findings of around 8,000 integrity due diligence reports that our member firms have conducted on third-parties across the globe to understand what lessons can be learned about the nature of risks to which organizations are exposed through their third-party business associations.

The results of the analysis of these reports challenge some of the widely held assumptions about due diligence practices and the nature of third-party risk.

The key findings from the analysis is that over 20 percent of subjects were given an overall risk rating of red, meaning they were associated with significant risks (such as allegations or incidences of corruption, fraud, money laundering or other unethical or illegal practices). Sixty-six percent of reports were rated amber overall, meaning risk issues were identified, but these were not necessarily serious (such as opaque ownership structures; association of the subjects with politically exposed persons; significant involvement of the subject in civil litigation). Only 12 percent of reports received a green rating and the “all-clear” from an integrity risk perspective.