Hi TPRM Colleagues -
As we collectively continue to leverage 3rd parties (specifically vendors) it would be great to understand what organizations are doing to understand, assess and measure vendors' reputational risk.
* What areas are included in this reputational review (i.e. financial, external intelligence, ESG, etc)?
* As a result of your reviews/assessments, what findings do you consider to be high/moderate/low reputational risk? What "hot spots" are continued areas of concern?
* What other considerations should we be considering to better understand our vendors and their external reputation?
I really appreciate your thoughts and best practices in this area.
Thanks Again - Steve
When it comes to a vendor's reputation, there are both objective and subjective reputation assessment methods that you can use. Starting with objective methods is always best.
Objective methods include reviewing the legal and litigation history of your vendor. A company that is constantly in court may have systemic issues that could damage your company's reputation. A useful tip: Do a Web search on the letter V and the company name, like this: "v companyname" and include the quotation marks in the search. This brings up any records of lawsuits.
Second, the financial history of the company
Third, regulatory issues. If the vendor is regulated or serves a regulated industry, you must review for any regulatory actions. And don't forget sanctions checking for the company, and company principals
You mentioned ESG, and reviewing the company's ESG reporting and disclosures can be useful, provided the vendor has this information. Use this information carefully, as there are no specific standards with which to measure their results.
Other objective methods include the Better Business Bureau and similar sites. A search of the EDGAR database (https://www.sec.gov/edgar/search-and-access)
Subjective methods include doing a web search for negative news, searching review sites such as Yelp, and looking at the company's LinkedIn profiles (including those of management.)
Those are my thoughts, but I would love to hear from other members as well.