1. Evident ID
  2. Evident Third Party Risk Management Solution
  3. How-To

Understanding Business Risk Assessments in the TPRM Platform

Why Business Risk Assessments Matter

Business risk assessments are a critical part of a client’s third-party risk management (TPRM) strategy. They help uncover hidden or hard-to-document risks about an entity before onboarding. These risks—such as regulatory issues, false affiliations, or misleading business claims—may not appear in standard credentials or documents provided by the entity. By leveraging external authoritative sources, Evident helps our clients avoid reputational damage, financial loss, or legal exposure due to high-risk third parties.

 

What Are Business Risk Assessments?

Business risk assessments are a unique type of risk requirement in the TPRM platform. They are configured similarly to other requirements, but they function differently:

  • No document or credential is required.

  • No email requests are sent to the entity.

  • No extraction record is created.

  • The entity is not notified of any outcomes.

Instead, the assessment draws from external authoritative sources (e.g., Secretary of State websites, watch lists) and returns risk-related insights directly to the platform.

 

Configuration and Behavior in the TPRM Platform

  • Business risk assessments can be added to a risk profile like any other requirement.

  • They can be included in evaluation rules and appear on the decisioning screen with a compliance status.

  • The data appears on the entity details page as key-value pairs, organized alphabetically.

  • These results are integrated from our proprietary workflow, which allows the system to update data without relying on an extraction process.

 

Available Business Risk Requirements

Currently, the following five business risk requirements are available for configuration:

  1. Business Contact Affiliation: Confirms that listed business representatives are genuinely affiliated with the entity.

  2. Business Entity Resolution: Ensures the correct business is being evaluated—critical when entity names are similar or unclear.

  3. Business Registration: Verifies registration details, including physical address and age of the business.

  4. Business Regulatory Compliance/Watchlists: Checks for presence on sanctions or fraud-related watch lists, including telecom-specific risks (e.g., spam or fraudulent behavior).

  5. Business Web Presence: Evaluates whether the business has a verifiable online presence (e.g., privacy policy, terms of service, public website).

 

Why This is Unique to Evident

Evident's approach to business risk assessments is built on a proprietary workflow that uses trusted data sources and intelligent formulas to evaluate risk. This feature represents a key differentiator in our platform’s ability to detect non-obvious risk factors before onboarding.

 

Interpreting the Results

  • Clients will see compliance statuses for each configured requirement.

  • Clients may choose to grant exceptions, just as with other risk requirements.

  • No notifications are sent to the third party, even in the case of non-compliance.

 

Need Help?

If you have questions about setting up or interpreting business risk assessments, please reach out to your Customer Success Manager.

Articles in this section

Was this article helpful?
0 out of 1 found this helpful