How to Assess & Manage Conduct When Outsourcing
Risk management is a must for any business, even those that work with third-party vendors. Vendors are used by many businesses, including those in regulated industries such as medical and financial. With so many companies outsourcing, it’s sometimes hard to tell who is not operating in compliance with laws and regulations. What can you do to ensure that your business is working with compliant vendors?
Know Every Vendor You Hire
Just because a company offers the product or service you need doesn’t mean it’s your best option. You need to learn more about how the company operates before you agree to take them on as a vendor. Learn about the company’s history, how they handle business, and where their experience lies. Do your homework beforehand so you can feel confident about the vendor.
Why does the conduct of a third party matter to your business? If you are using the products and services of vendors, this will reflect on your reputation. Poor conduct or a negative headline may be associated with your brand, which can cause big problems for you. You should also feel confident that the company has the financial stability, security, and consumer protections in place to meet your standards as well as those set forth by privacy laws. As you research vendors, keep in mind that if they get in trouble, you may find yourself in trouble along with them.
Vendor Accountability and Contracts
So how do you hold a vendor accountable? This is where the contract comes into play. Contracts are used to ensure accountability from vendors. They should outline all agreed-upon duties in detail along with responsibilities and guidelines for products, services, and conduct. Contracts should be created by legal experts to ensure proper language and protection.
The contract is only useful if you enforce it. Make sure your contracts are stored in an organized location that provides easy access for all necessary personnel, such as managers and auditors. You should be able to review start and end dates so you know when the document must be renewed.
Perform Annual Vendor Reviews
Review your vendors annually – or more frequently if you feel it necessary to do so. Even if you maintain a multi-year contract with the vendor, make sure you are performing reviews at least once each year. This will involve a review of their contract to make sure they are completing all tasks and duties as agreed upon and staying compliant with regulations and laws. If a breach of contract is found, then it may be time to end the agreement and find a new vendor.
If you maintain year-long contracts with vendors, then you could use this time to perform a review. It is recommended that you have a notification system in place to let all parties involved know that the contract renewal is approaching so everyone is on the same page and there are no surprises. If the vendor is not meeting the requirements set forth by the contract, then do not renew.
Dealing with High-Risk Vendors
Some vendors may pose a higher risk than others. When dealing with high-risk vendors, you will need to do more involved research and assessments to make sure your company is protected. Review the vendor’s operations in detail, including network infrastructure, compliance programs, internal controls, human resources, information security, operations management, communications and procedural documentation. Know their key policies and whether or not they are subject to and aware of the Dodd-Frank Act’s Unfair, Deceptive and Abusive Acts or Practices (UDAAP) and Section 5 of the Federal Trade Commission Act.
