GRMS Supplier Risk Management Programs
GRMS is the recognized leader in providing innovative Supplier Risk Management Programs that assist companies to reduce exposure to global business risk and liability in over 120 countries.
Listed below are the standard GRMS domestic and international supplier risk management programs which provide a comprehensive enterprise wide risk solution.
U.S.
Risk Components
Bankruptcy, Liens and Judgments Monitoring
A 5-year search for any bankruptcy records as well as for any civil judgments or tax lien records under the legal company name. These records are continuously monitored by GRMS’ system and will alert clients with any changes found.
Cyber Security Monitoring
GRMS and SecurityScorecard™ have collaborated to provide a powerful cyber-security rating service. SecurityScorecard non-intrusively collects data from publicly available commercial and open-source feeds across the internet for an outside-in, hacker perspective of a company’s cybersecurity posture. This data is then analyzed by SecurityScorecard data science experts who calculate scores across 10 key risk indicator categories as well as an overall security rating using an easy-to-understand A-F grading scale. GRMS continuously monitors the overall grade for any changes.
Digital Insurance Verification
GRMS has built live data integrations between GRMS and the companies providing proof of insurance. Using this technology, GRMS digitally pulls insurance verification data directly from the databases of insurance providers and continuously monitors the data against our client’s requirements essentially eliminating the need to request a Certificate of Insurance (COI).
If the supplier’s insurance provider is a member of our network, our client will have real-time verification of the Supplier’s insurance coverage and compliance. The GRMS Veritas platform will immediately alert our clients to any problems, including cancellations, expirations or reductions in coverage.
Diversity Status Monitoring
When a supplier indicates they are a diverse supplier, GRMS verifies that the supplier is properly certified for one or more diversity classifications.
GRMS will also track the expiration date of any certification collected as part of the ongoing risk assessment.
Experian Financial Stability Risk Score
Experian Financial Stability Risk Score (FSR) provides critical insight on the potential of a business going bankrupt or defaulting on its obligations. It provides a quick assessment of risk with an easy-to-understand 1 to 100 percentile score and a 1 to 5 risk class that segment businesses into risk categories. GRMS’ system continuously monitors this score and updates GRMS’ clients weekly with any material positive or negative changes.
Global Adverse Media Monitoring
GRMS and LexisNexis® have partnered to provide GRMS’ clients access to an extensive proprietary database of entities linked to illicit activities from over 30,000 news sources worldwide. GRMS’ adverse media profiles have been constructed by researchers based on media stories by reputable media sources in dozens of languages around the world and are continuously monitored.
By continually monitoring these news sources, clients may be provided with an early warning of potential issues ahead.
Global Criminality Monitoring
GRMS and LexisNexis have partnered to provide GRMS’ clients screening of the legal company name of the supplier against information collected from over 1,500 enforcement lists and court filings worldwide such as the FDA, US HHS, UK FSA, SEC and more. GRMS continually monitors over 1,500 government sources to provide updated information on companies that might represent risk to GRMS’ clients. These sources are continuously monitored by GRMS’ system and will alert clients with any changes found.
As part of GRMS’ service, GRMS will work with the supplier at no additional charge to try to adjudicate any false positives.
Global Watch List Monitoring
GRMS and LexisNexis® have partnered to provide GRMS’ clients continuously monitored real-time monitoring of the legal company name of the supplier against the most inclusive, government published Watch Lists available to determine if a supplier has been listed as barred or received any type of censor by financial, criminal and/or regulatory authorities globally.
GRMS monitors over 1,500 global governmental enforcement and sanctions sources with over 10 million records refreshed daily and is continuously enhanced with newly identified sources including SAM.gov, OFAC, US SEC, CIA, FBI, Homeland Security, Bank of England, United Nations 1267 Committee, OSFI, EU Terrorist, HM Treasury, Global Money Laundering Database, World Bank International Investment Disputes, International Court of Justice, Corrupt Government Officials Database, Interpol Most Wanted, FDIC, International War Crimes Tribunal, globally available SEC and Surveillance Commissions, Indonesian Capital Market Supervisory Agency, UK FSA and Lloyds of London.
As part of GRMS’ service, we will work with the supplier at no additional charge to try to adjudicate any false positives.
W-9 Tax Form Verification + TIN Matching (Optional)
GRMS collects and verifies the most current W-9 tax form from each supplier ensuring that it has been completed properly. Image of the tax form is securely stored online and is accessible 24/7. In addition, GRMS can validate whether the TIN and name combinations provided on the W-9 form match IRS tax filing records.
Program Enhancements *
Document Verification
GRMS can collect, manage and store any standardized document. Documents are matched to the client’s sample template and securely stored and accessed online. The system sends automated reminders to the supplier for missing, expired and non-compliant documents. In addition, GRMS can alert a client of any changes or modifications to the documents. Examples include NDAs, Supplier Quality Questionnaire, Purchase Orders, Contracts and Supplier Code of Conduct.
If applicable, GRMS will also track the expiration of any document provided as part of the ongoing risk assessment.
Health, Safety and Environmental (HSE)
GRMS offers a comprehensive HSE program that is much easier for contractors to complete and is far less expensive than Avetta and ISN.
Environmental, Social, and Governance
The GRMS Supplier Risk Assessment Program can help clients learn more about how their suppliers are addressing the three key pillars of ESG.
In addition, GRMS has partnered with Ecovadis, the world’s largest and most trusted provider of business sustainability ratings, with a global network of more than 90,000+ rated companies, to incorporate these ratings into the GRMS overall risk assessment.
Regulatory Compliance
Conflict Minerals Compliance Certification
The Dodd-Frank Wall Street Reform and Consumer Protection Act (HR 4173) requires that all publicly-traded manufacturing companies report annually to the SEC whether they use Conflict Minerals that are necessary to the functionality or production of a product that they manufacture or contract to have manufactured, and which originate from the Democratic Republic of Congo (the “DRC”) or an adjoining country (Angola, Burundi, Central African Republic, Congo Republic, Rwanda, Sudan, Tanzania, Uganda and/or Zambia). The GRMS Supplier Risk Assessment Program can be an integral compliance component for those companies that are required to comply with the law.
Federal Healthcare Fraud and Abuse Monitoring
Determines if the supplier is included on the U.S. Department of Health & Human Services OIG List of Excluded Individuals and Entities (LEIE). The list provides information to the healthcare industry regarding individuals and entities currently excluded from participation in Medicare, Medicaid and all other Federal healthcare programs. These sources are continuously monitored by GRMS’ system and will alert clients with any changes found.
The California Transparency in Supply Chains Act of 2010 (SB 657) Compliance Certification
The Act, which went into effect on January 1, 2012, requires retail and manufacturing companies with over $100,000,000 USD of worldwide sales operating in California to disclose what efforts they have taken to eliminate slavery and human trafficking from their supply chains. The GRMS Supplier Risk Assessment Program can be an integral compliance component for those companies that are required to comply with the law.
REACH Compliance Certification
GRMS can collect and manage certificates from each supplier which certifies their products are in complete conformance to the requirements of REACH’s 155 SVHC (Substances of Very High Concern), the European Community Regulation standard about chemicals and their safe use (EC 1907/2006).
RoHS Compliance Certification
GRMS can collect and manage Certificates of RoHS Compliance from suppliers to ensure the parts they manufacture meet the requirements of the current EU RoHS Directive 2011/65/EU and do not contain high concentrations of certain hazardous substances in electrical and electronic equipment.
Other Enhancements
International Organization for Standardization (ISO) Certification Management
GRMS can collect and manage ISO Certification such as Quality Management ISO 9001, Environmental ISO 14001 and OHSAS 18000.
Professional License Collection & Verification
Verify any state level licenses issued in the business entity’s name. This search will only be completed if the supplier company indicates that they possess a state level license.
GRMS will also track the expiration of any license verified as part of the ongoing risk assessment.
Corporate Linkage (Parent/Child)
GRMS has partnered with Experian® to leverage its unique data assets and unparalleled search and match capabilities to provide linkage on the largest corporate entities down to the small business with just a few locations. In addition, real-time database updates allows GRMS to refresh family trees quickly when changes, such as mergers or acquisitions, occur which ensures continued data accuracy and completeness.
Corporate Registration Verification
Verification of the corporate name, filing status, address, date of incorporation and registered agent of the company in the state which the supplier is domiciled.
Canada
Risk Components
Cyber Security Monitoring
GRMS and SecurityScorecard™ have collaborated to provide a powerful cyber-security rating service. SecurityScorecard non-intrusively collects data from publicly available commercial and open-source feeds across the internet for an outside-in, hacker perspective of a company’s cybersecurity posture. This data is then analyzed by SecurityScorecard data science experts who calculate scores across 10 key risk indicator categories as well as an overall security rating using an easy-to-understand A-F grading scale.
Digital Insurance Verification
GRMS has built live data integrations between GRMS and the companies providing proof of insurance. Using this technology, GRMS digitally pulls insurance verification data directly from the databases of insurance providers and continuously monitors the data against our client’s requirements essentially eliminating the need to request a Certificate of Insurance (COI).
If the supplier’s insurance provider is a member of our network, our client will have real-time verification of the Supplier’s insurance coverage and compliance. The GRMS Veritas platform will immediately alert our clients to any problems, including cancellations, expirations or reductions in coverage.
Diversity Status Monitoring
When a supplier indicates they are a diverse supplier, GRMS verifies that the supplier is properly certified for one or more diversity classifications.
GRMS will also track the expiration of any certification collected as part of the ongoing risk assessment.
Equifax Business Credit Report
With the Equifax Business Credit Report you’ll gain insight and a holistic view of your supplier’s business viability. The report includes such details as:
- Business Information Company name, legal name, years on file, address, phone and fax numbers, as well as firmographic information such as industry codes, employee size and sales volume.
- Predictive Scores – Equifax’s Commercial Delinquency Score predicts the likelihood that a company will be severely delinquent in paying an industry trade (non-financial) account within the next 12 months, whereas the Financial Trade Delinquency Score predicts the likelihood of severe delinquency on financial trade accounts within the next 12 months.
- Equifax’s Credit Index and Payment Index are proprietary risk indicators that provide a numerical assessment of a company’s current risk level using a variety of factors from public and proprietary sources plus measures of the payment habits of a company.
- Principal Guarantor displays a list of any additional businesses known to be associated with the business principal or guarantor, as reported within the Equifax database.
- Industry Trade Details highlights trade Credit Reference details including payment terms, pay habits, status codes and trends as reported by Equifax’s Trade Contributors.
- Financial Trade Details highlights financial Credit Reference details including information and payment habits for a business’s credit cards, lines of credit and fixed term loans as reported by Equifax’s Financial Trade Contributors. Includes credit available, utilization percentage, ratings and total debt outstanding.
- Guarantors lists individuals or companies that are guarantors of specific financial exposures such as lines of credit or loans listed in the Financial Credit segment.
- Derogatory Items Detailed Information is provided on returned cheques, collection claims, legal suits and judgments. Creditor and plaintiff are identified, as well as dates, amounts, and current status as reported by Equifax’s data sources.
Equifax Business Failure Risk Score
The Equifax Business Failure Risk Score (BFRS) is a risk-scoring model that can predict the likelihood of a company ceasing business within the next 12 months.
Global Adverse Media Monitoring
GRMS and LexisNexis® have partnered to provide GRMS’ clients access to an extensive proprietary database of entities linked to illicit activities from over 30,000 news sources worldwide. GRMS’ adverse media profiles have been constructed by researchers based on media stories by reputable media sources in dozens of languages around the world and are continuously monitored.
By continually monitoring these news sources, clients may be provided with an early warning of potential issues ahead.
Global Criminality Monitoring
GRMS and LexisNexis have partnered to provide GRMS’ clients screening of the legal company name of the supplier against information collected from over 1,500 enforcement lists and court filings worldwide such as the FDA, US HHS, UK FSA, SEC and more. GRMS continually monitors over 1,500 government sources to provide updated information on companies that might represent risk to GRMS’ clients. These sources are continuously monitored by GRMS’ system and will alert clients with any changes found.
As part of GRMS’ service, GRMS will work with the supplier at no additional charge to try to adjudicate any false positives.
Global Watch List Monitoring
GRMS and LexisNexis® have partnered to provide GRMS’ clients continuously monitored real-time monitoring of the legal company name of the supplier against the most inclusive, government published Watch Lists available to determine if a supplier has been listed as barred or received any type of censor by financial, criminal and/or regulatory authorities globally.
The Global Watch List screening currently monitors over 1,500 global governmental enforcement and sanctions sources with over 10 million records refreshed daily and is continuously enhanced with newly identified sources including SAM.gov, OFAC, US SEC, CIA, FBI, Homeland Security, Bank of England, United Nations 1267 Committee, OSFI, EU Terrorist, HM Treasury, Global Money Laundering Database, World Bank International Investment Disputes, International Court of Justice, Corrupt Government Officials Database, Interpol Most Wanted, FDIC, International War Crimes Tribunal, globally available SEC and Surveillance Commissions, Indonesian Capital Market Supervisory Agency, UK FSA and Lloyds of London.
As part of GRMS’ service, GRMS will work with the supplier at no additional charge to try to adjudicate any false positives.
W-8BEN-E Tax Form Collection
GRMS collects and verifies the most current W-8BEN-E tax form from each supplier ensuring that it has been completed properly. Image of the tax form is securely stored online and is accessible 24/7.
Program Enhancements *
Document Verification
GRMS can collect, manage and store any standardized document. Documents are matched to the client’s sample template and securely stored and accessed online. The system sends automated reminders to the supplier for missing, expired and non-compliant documents. In addition, GRMS can alert a client of any changes or modifications to the documents. Examples include NDAs, Supplier Quality Questionnaire, Purchase Orders, Contracts and Supplier Code of Conduct.
If applicable, GRMS will also track the expiration of any document provided as part of the ongoing risk assessment.
Health, Safety and Environmental (HSE)
GRMS offers a comprehensive HSE program that is much easier for contractors to complete and is far less expensive than Avetta and ISN.
Environmental, Social, and Governance
The GRMS Supplier Risk Assessment Program can help clients learn more about how their suppliers are addressing the three key pillars of ESG.
In addition, GRMS has partnered with Ecovadis, the world’s largest and most trusted provider of business sustainability ratings, with a global network of more than 90,000+ rated companies, to incorporate these ratings into the GRMS overall risk assessment.
Regulatory Compliance
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. GRMS can collect and manage statements from your suppliers regarding their GDPR compliance status.
REACH Compliance Certification
GRMS can collect and manage certificates from each supplier which certifies their products are in complete conformance to the requirements of REACH’s 155 SVHC (Substances of Very High Concern), the European Community Regulation standard about chemicals and their safe use (EC 1907/2006).
RoHS Compliance Certification
GRMS can collect and manage Certificates of RoHS Compliance from suppliers to ensure the parts they manufacture meet the requirements of the current EU RoHS Directive 2011/65/EU and do not contain high concentrations of certain hazardous substances in electrical and electronic equipment.
UK Modern Slavery Act 2015
The provision in the Act requires that any commercial organization in any sector, which supplies goods or services, and carries on a business or part of a business in the UK, and is above a specified total turnover (£36m), must produce a slavery and human trafficking statement for each financial year of the organization. The statement must set out what steps they have taken during the financial year to ensure that modern slavery is not occurring in their supply chains and in their own organization. The statement must be approved and signed by a director, member or partner of the organization. The GRMS Supplier Risk Assessment Program can assist in compliance with this legal requirement.
Other Enhancements
Intl. Org. for Standardization (ISO) Cert. Mgmt.
GRMS can collect and manage ISO Certifications such as Quality Management ISO 9001, Environmental ISO 14001 and OHSAS 18000.
GRMS will also track the expiration of any certification verified as part of the ongoing risk assessment.
Other Countries
Risk Components
Cyber Security Monitoring
GRMS and SecurityScorecard™ have collaborated to provide a powerful cyber-security rating service. SecurityScorecard non-intrusively collects data from publicly available commercial and open-source feeds across the internet for an outside-in, hacker perspective of a company’s cybersecurity posture. This data is then analyzed by SecurityScorecard data science experts who calculate scores across 10 key risk indicator categories as well as an overall security rating using an easy-to-understand A-F grading scale.
Diversity Status Monitoring
When a supplier indicates they are a diverse supplier, GRMS verifies that the supplier is properly certified for one or more diversity classifications.
GRMS will also track the expiration of any certification collected as part of the ongoing risk assessment.
Evidence of Insurance Management
GRMS collects Evidence of Insurance from each supplier and validates that the policies have a current expiration date. GRMS will remind suppliers to resubmit evidence of insurance 30 days prior to the expiration date. If the Evidence of Insurance is received in a non-english language, translation fees may be applied.
Experian Financial Stability Risk Score
Experian GDN Financial Stability Risk Score (FSR) provides critical insight on the potential of a business going bankrupt or defaulting on its obligations. It provides a quick assessment of risk with an easy-to-understand 1 to 100 percentile score and a 1 to 5 risk class that segment businesses into risk categories.
Experian Intl. Report and Profile
GRMS has partnered with Experian to provide GRMS’ clients access to Experian International Developed Reports and Profiles which provide insight into businesses operating in more than 225 countries, dependencies and territories. Information is drawn from numerous sources, including local credit agencies, government entities, financial institutions, suppliers and interviews with subject companies.
Most reports include:
- Company details and registration assets
- Credit risk rating and financial ratings
- Financial statements and legal notices
- Public records
- Ownership / corporate structures / director information
- Up to three trade references
Global Adverse Media Monitoring
GRMS and LexisNexis® have partnered to provide GRMS’ clients access to an extensive proprietary database of entities linked to illicit activities from over 30,000 news sources worldwide. GRMS’ adverse media profiles have been constructed by researchers based on media stories by reputable media sources in dozens of languages around the world and are continuously monitored.
By continually monitoring these news sources, clients may be provided with an early warning of potential issues ahead.
Global Criminality Monitoring
GRMS and LexisNexis have partnered to provide GRMS’ clients screening of the legal company name of the supplier against information collected from over 1,500 enforcement lists and court filings worldwide such as the FDA, US HHS, UK FSA, SEC and more. GRMS continually monitors over 1,500 government sources to provide updated information on companies that might represent risk to GRMS’ clients. These sources are continuously monitored by GRMS’ system and will alert clients with any changes found.
As part of GRMS’ service, GRMS will work with the supplier at no additional charge to try to adjudicate any false positives.
Global Watch List Monitoring
GRMS and LexisNexis® have partnered to provide GRMS’ clients continuously monitored real-time monitoring of the legal company name of the supplier against the most inclusive, government published Watch Lists available to determine if a supplier has been listed as barred or received any type of censor by financial, criminal and/or regulatory authorities globally.
The Global Watch List screening currently monitors over 1,500 global governmental enforcement and sanctions sources with over 10 million records refreshed daily and is continuously enhanced with newly identified sources including SAM.gov, OFAC, US SEC, CIA, FBI, Homeland Security, Bank of England, United Nations 1267 Committee, OSFI, EU Terrorist, HM Treasury, Global Money Laundering Database, World Bank International Investment Disputes, International Court of Justice, Corrupt Government Officials Database, Interpol Most Wanted, FDIC, International War Crimes Tribunal, globally available SEC and Surveillance Commissions, Indonesian Capital Market Supervisory Agency, UK FSA and Lloyds of London.
As part of GRMS’ service, GRMS will work with the supplier at no additional charge to try to adjudicate any false positives.
Global Tax Registration Certificate Collection
The Global Tax Registration Certificate Collection includes collecting and managing the supplier’s tax registration certificate for VAT, GST, CST, etc. and verify the number reported by the supplier matches the number on the certificate submitted.
Program Enhancements *
Document Verification
GRMS can collect, manage and store any standardized document. Documents are matched to the client’s sample template and securely stored and accessed online. The system sends automated reminders to the supplier for missing, expired and non-compliant documents. In addition, GRMS can alert a client of any changes or modifications to the documents. Examples include NDAs, Supplier Quality Questionnaire, Purchase Orders, Contracts and Supplier Code of Conduct.
If applicable, GRMS will also track the expiration of any document provided as part of the ongoing risk assessment.
Health, Safety and Environmental (HSE)
Health, Safety & Environmental (HSE) Questionnaire
GRMS can collect and manage client specific HSE Questionnaires from suppliers that are required to provide the document.
Environmental, Social, and Governance
The GRMS Supplier Risk Assessment Program can help clients learn more about how their suppliers are addressing the three key pillars of ESG.
In addition, GRMS has partnered with Ecovadis, the world’s largest and most trusted provider of business sustainability ratings, with a global network of more than 90,000+ rated companies, to incorporate these ratings into the GRMS overall risk assessment.
Regulatory Compliance
The General Data Protection Regulation (GDPR)
The General Data Protection Regulation 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas. GRMS can collect and manage statements from your suppliers regarding their GDPR compliance status.
REACH Compliance Certification
GRMS can collect and manage certificates from each supplier which certifies their products are in complete conformance to the requirements of REACH’s 155 SVHC (Substances of Very High Concern), the European Community Regulation standard about chemicals and their safe use (EC 1907/2006) which is a law entered into force on June 1, 2007 which will be phased in until 2018.
RoHS Compliance Certification
GRMS can collect and manage Certificates of RoHS Compliance from suppliers to ensure the parts they manufacture meet the requirements of the current EU RoHS Directive 2011/65/EU and do not contain high concentrations of certain hazardous substances in electrical and electronic equipment.
UK Modern Slavery Act 2015
The provision in the Act requires that any commercial organisation in any sector, which supplies goods or services, and carries on a business or part of a business in the UK, and is above a specified total turnover (£36m), must produce a slavery and human trafficking statement for each financial year of the organisation. The statement must set out what steps they have taken during the financial year to ensure that modern slavery is not occurring in their supply chains and in their own organisation. The statement must be approved and signed by a director, member or partner of the organisation. The GRMS Supplier Risk Assessment Program can assist in compliance with this legal requirement.
Other Enhancements
Intl. Org. for Standardization (ISO) Cert. Mgmt.
GRMS can collect and manage ISO Certifications such as Quality Management ISO 9001, Environmental ISO 14001 and OHSAS 18000.
GRMS will also track the expiration of any certification collected as part of the ongoing risk assessment.
