Consider this scenario: You evaluate a new third-party vendor operating in a high-risk country for corruption risk and other liability concerns such as environmental impact or workforce compliance. Once evaluated, the vendor becomes subject to certain controls based on the risk tier established. You monitored those controls but, six months into the relationship, beneficial ownership of the party changes and the initial risk ranking is no longer valid. The new owners have a record of human rights abuses in their factories and have been associated with bribery charges.
