Your TPRM Program Must Account for Geopolitical Risk

4 minute read

March 2023

by Julia Winer

Global conditions, from civil unrest and political turmoil to questionable government practices, can affect operations in immediate and unexpected ways. As such, you need to be able to anticipate how the geographical location of your partners may impact your organizational risk profile. 

Geopolitical risk, or the additional risk a vendor carries based on their location or the location of the service being performed, can have far-reaching consequences, including regulatory violations and financial instability. The status of your vendor’s country of origin must be a factor when evaluating any third party — both at the time of onboarding and throughout the entirety of the relationship. 

Geopolitical risk is dynamic and regionalized. The more jurisdictions that are included in your vendor ecosystem — including nth parties — the more layers of complexity are added to your risk exposure. Your challenge is to consider a vendor’s physical location(s) and weigh their geopolitical stability against the benefit of working with them. 

How should you vet vendors for geopolitical risk? 

When vetting vendors, your geopolitical risk checklist should include: 

A broad overview of the vendor’s location. Determine if there are any major disruptions happening in the vendor’s location, such as political and social unrest, natural disasters, regulatory shifts, or supply chain disruptions. What locally accepted norms and business practices (e.g. bribery) may be non-compliant for your business? How will their location impact communication and your ability to respond to problems quickly?

An inventory of relevant regulations. You must understand which regulatory bodies have jurisdiction in the region and how they impact your partnership. Ensure that both you and your vendors are compliant with the relevant regulations.

A review of current political conditions. How stable is the political situation in your vendor’s operating country? Consider the likelihood of political or civil unrest interrupting your services. An international conflict such as the Russia-Ukraine war has major impacts on the markets surrounding vendors in that area and carries risks of situations like asset freezing or massive production disruption. 

How can you identify and manage geopolitical risk? 

Identifying geopolitical risk in your vendor population gives you the information you need to manage and monitor your third parties at the appropriate level. 

Consider the areas below when monitoring geopolitical risk levels amongst your vendor population: 

  1. Check in with global regulations.

You can broaden your risk visibility by analyzing global regulations and using them to maintain your business standards across your partnerships. For example, environmental, social, and governance (ESG) regulations often overlap with geopolitical risk concerns. 

The German Supply Chain Due Diligence Act, the California Transparency in Supply Chains Act, 2015 the UK’s Modern Slavery Act, and the proposed EU Due Diligence Act are all examples of standards that mandate corporate responsibility, green environmental practices, and ethical sourcing. ESG standards are new, so they vary greatly from one region to another. However, you can use them as a baseline for doing business with global partners. It can be a best practice to ask vendors specific questions about the regulations that are relevant to your business, regardless of their location. 

Sanction lists are also useful in staying current with global conditions as they arise, and different territories keep track and update their lists, including the UN’s Sanctions List, EU Sanctions, OFAC/USA Sanctions, and Australia Sanctions/DFAT. Monitor these lists in tandem with your vendor population to ensure that you don’t engage with risky vendors. 

  1. Use vendor intelligence to monitor your vendor population.

Externally validated content, such as ESG ratings, Ultimate Beneficial Owner (UBO) screening, and cybersecurity scores can help you prioritize geopolitical risk among your vendor population. You can use the ProcessUnity Vendor Intelligence Suite to screen and monitor potential vendors during onboarding, and you can identify each vendor’s UBO by tapping into Dun & Bradstreet’s Vendor Identity Intelligence for an accurate look at their organizational governance. 

This is especially helpful when a foreign vendor’s leadership and reputation is unclear. Other tools like Vendor Screening Intelligence with Refinitiv helps you gain insight into a vendor’s incident history and overall stability. Meanwhile, Vendor ESG Intelligence with EcoVadis provides a rating on the vendor’s corporate sustainability. 

This way, you can monitor and mitigate geopolitical risk as you do business with a geographically diverse portfolio of vendors. You shouldn’t have to abstain from business with a specific vendor because of geopolitical concerns. Rather, you should be aware of the risk and take the necessary steps to monitor it depending on the criticality it presents to your organization. 

  1. Always keep an eye on cyber risk.

Today, political and social unrest often go hand-in-hand with cyberattacks. Cybersecurity is another area that you need to be cognizant of when monitoring your vendors. Though it may not seem directly tied to a physical location, cybersecurity concerns are increasingly associated with a vendor’s geopolitical status, too. 

For example, let’s take another look at the Russia-Ukraine conflict, where malicious actors have hacked Ukrainian banks and other entities as a new form of warfare. Cyberattacks pose great geopolitical risk potential as the cybersecurity landscape is becoming the new theatre of international conflict. 

This growing threat makes Vendor Cyber Intelligence essential for monitoring and managing geopolitical risk by ensuring that your vendors uphold cybersecurity standards at the level required to defend against threats. 

Ultimately, geopolitical risk shouldn’t prevent you from doing business with foreign partners. With the right controls, your vendors shouldn’t have trouble delivering on the products and services that are essential to your organization. It’s all about maintaining in-depth visibility over your vendor population to proactively identify and monitor risk. 

Learn how ProcessUnity Vendor Risk Management can help you gain visibility into your vendor’s geopolitical risk profile. 

Related Articles

About Us

ProcessUnity is a leading provider of cloud-based applications for risk and compliance management. The company’s software as a service (SaaS) platform gives organizations the control to assess, measure, and mitigate risk and to ensure the optimal performance of key business processes. ProcessUnity’s flagship solution, ProcessUnity Vendor Risk Management, protects companies and their brands by reducing risks from third-party vendors and suppliers. ProcessUnity helps customers effectively and efficiently assess and monitor both new and existing vendors – from initial due diligence and onboarding through termination. Headquartered outside of Boston, Massachusetts, ProcessUnity is used by the world’s leading financial service firms and commercial enterprises. For more information, visit www.processunity.com.