Where the assessment of risk indicates that further information is required, it is important to understand the types of information that are available and necessary to be able to make good business decisions about the third parties.
Questions at this stage include:
- What depth of further diligence should be undertaken, and what information should that contain,
- How should these further results be reviewed, including who should review them and what standardization of risk approach is available
- What actions will be taken to deal with any “Red Flags''.