Third-party due diligence is one of most critical components of an effective compliance program, particularly in the supply chain sector. Most supply chains today span the globe – or at the very least, multiple regions – and it is a rare thing to have a supply chain that doesn’t. Third parties include vendors, sales agents, customs agents, partners and various contractors and subcontractors. For large enterprises, the web can extend deep and wide, and include hundreds if not thousands of entities large and small.

Such an interconnected supply chain means that breaches and violations of all kinds can and do take place several steps removed from the central entity, but the central entity will be held liable by both the public and regulators. There are countless examples of problems arising in a far-off outpost that have come back to bite the parent company; California-based Panasonic Avionics Corp.’s FCPA violation, which cost more than USD 280 million in regulatory and criminal penalties, is but one example.

Compliance officers are aware of the problem. Assessing the risk that third parties pose to the parent company keeps supply chain managers and their compliance colleagues up at night. The question is not why do the due diligence, but how?

What are the steps that need to be taken? What are some tools that can help process the number of partners and the answers to the questionnaires? What questions should a compliance officer make sure to ask?