GK Advisory is launching a publication focused on practical solutions to real world issues of anti-bribery, anti-money laundering, and sanctions compliance, addressed to corporate counsels and compliance officers. The publication will be in the format of frequently asked questions and answers.
Topics covered will be drawn from GK Advisory’s experience in advising its client base as well as the practice of the Concilium Network member firms. is an Israeli member of the Cwhich is a global consortium of independent law firms with compliance, investigations, and government enforcement defense experience. We will also encourage the recipients of the publication to submit issues for discussion that are relevant to their day-to-day operations.
Monitoring Fourth Party Risk – What Are You Supposed to Do?
The need to apply risk-based due diligence to a company’s third-party relationships (suppliers, distributors, finders, consultants, service providers, partners) is well established. Third party management, including due diligence, ongoing monitoring, training, audits, or annual compliance certifications, form an integral part of a well-designed compliance program. What should be done though about your third parties’ vendors (i.e., your fourth parties)?
Answer: Regulators’ expectations have increased with respect to identification and oversight of fourth parties. If your third-party vendor supports critical operations and business functions within your company, you need to identify key fourth parties that it will be using. Since you do not have a direct relationship with the fourth parties, you should be asking your critical third party the following questions:
- does it have a current agreement with a fourth party?
- will fourth parties be interacting with your clients, customers, or be in touch with government officials on your behalf?
- did it perform due diligence on fourth parties? What were the findings?
These and other questions should help you understand the purpose of fourth parties, scope of their involvement, risks associated with them and ways of managing the risks.
Topics covered will be drawn from GK Advisory’s experience in advising its client base as well as the practice of the Concilium Network member firms. is an Israeli member of the Cwhich is a global consortium of independent law firms with compliance, investigations, and government enforcement defense experience. We will also encourage the recipients of the publication to submit issues for discussion that are relevant to their day-to-day operations.
Monitoring Fourth Party Risk – What Are You Supposed to Do?
The need to apply risk-based due diligence to a company’s third-party relationships (suppliers, distributors, finders, consultants, service providers, partners) is well established. Third party management, including due diligence, ongoing monitoring, training, audits, or annual compliance certifications, form an integral part of a well-designed compliance program. What should be done though about your third parties’ vendors (i.e., your fourth parties)?
Answer: Regulators’ expectations have increased with respect to identification and oversight of fourth parties. If your third-party vendor supports critical operations and business functions within your company, you need to identify key fourth parties that it will be using. Since you do not have a direct relationship with the fourth parties, you should be asking your critical third party the following questions:
- does it have a current agreement with a fourth party?
- will fourth parties be interacting with your clients, customers, or be in touch with government officials on your behalf?
- did it perform due diligence on fourth parties? What were the findings?
These and other questions should help you understand the purpose of fourth parties, scope of their involvement, risks associated with them and ways of managing the risks.
