Obtain the data you need to make the most informed decisions by accessing our extensive portfolio of information, analytics, and expertise. Sign in to the product or service center of your choice.
As global supply chains become increasingly complex, it is more
important than ever to incorporate location risk into your vendor
risk assessment process.
From the outset, it is critical to define risk appetite and risk
treatment strategy based on location when considering third-party
portfolios. Depending on the nature of service, such considerations
go beyond the location of a company's headquarters, extending to
where data will be processed and stored.
Below are best practices for aligning vendor risk with various
types of elevated location risk:
Political violence or operational risk: If a
vendor provides services for you from a location with elevated
political violence or operational risk, extra attention should be
paid to the vendor's business continuity plan and disaster recovery
capabilities. Equally important is a review your own business
continuity plan in relation to vendors in locations like these.
Political risk: If a vendor provides services
out of a location where there is the potential for regulatory or
governmental policy affecting its ability to operate, extra
attention should be paid to contract terms pertaining to costs and
service-level agreements.
Economic risk: Firms should look at recession,
inflation, sovereign default, currency depreciation and capital
transfer risks in a vendor's location to cohesively form a view of
economic hurdles that could affect performance. Such risks may
especially impact sourcing strategy if your firm relies on
manufacturing or processing from a vendor in a specific
location.
Legal risk: Is there risk that the judicial
system in your vendor's location will not enforce contractual
agreements due to corruption, inefficiency or bias - or that the
government will cancel, amend or frustrate private foreign
contracts without due process? This should trigger a prompt review
of business continuity plans in relation to your vendor's service.
A review of information security objectives should also be made if
there is an elevated legal risk in territories where your
confidential data is stored.
Tax risk: When there is an elevated risk that
the tax burden for private enterprise will increase and affect your
vendor - or that taxes will be applied in an arbitrary or
non-transparent way - extra attention should be focused on costs
that may be passed on to you as a buyer. This may also impact your
sourcing strategy.
Security risk: Particular attention should be
paid to information, people and physical security control
objectives if a vendor performs your services or stores your
confidential data in a location with an elevated security risk.
Your business continuity plan, and that of your vendor, should be
reviewed. You may also consider a higher level of risk assessment
and implementing compensating controls.
Incorporating location risk into your third-party portfolio
assessments can help you understand your overall risk concentration
and react quickly to changes in global events. Continuous location
monitoring can be a smart way to manage vendor risk and incorporate
it into sourcing strategies as well as your pipeline of vendor
deals and renewals.
IHS Markit now includes country and city risk ratings as part of
our vendor risk assessments. Find out how we can help you
understand your exposure.
Posted 06 August 2020 by Alex Golbin, Global Head of Assessment Services, KY3P, IHS Markit and
Anna Boyd, Associate Director, Economics & Country Risk, IHS Markit
IHS Markit provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.