Third-party due diligence: Are supplier questionnaire(s) the answer?

8 minute read

Numerous laws (U.K. Bribery Act guidance document,[1] German Supply Chain Act,[2] Foreign Corrupt Practices Act resource guide,[3] OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas,[4] French vigilance law,[5] U.K.’s Modern Slavery Act,[6] EU’s Corporate Sustainability Directive[7] ) require companies to conduct due diligence in their supply chains to prevent forced labor, child labor, violations of human rights, or prevent corruption in third parties. Also, when outsourcing certain data-processing activities to third parties, the company must make sure that these parties abide by General Data Protection Regulation standards and, hence, must conduct some due diligence to ensure this is the case.

Companies can do an initial risk assessment of these third parties and, based on each risk domain (corruption, human rights, sustainability, IT security, data privacy), define methodologies to create “low,” “medium,” or “high-risk” third parties. The higher the inherent risk, the more due diligence is needed.

None of the previously mentioned laws explicitly define what documents need to be reviewed as part of due diligence. The following evaluates the various scenarios companies could apply to conduct (enhanced) due diligence.

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field