Categories
Blog

Reprioritizing Your Third-Party Risk Management Program-Risk Mitigation

With the ever-changing landscape of regulations and laws, it is becoming increasingly difficult for companies to keep up and remain compliant. In this 5-part blog post series, sponsored by Diligent, I will consider the full range of third-party risk management. Today, we consider the risk mitigation and I visit with Michael Parker, Director of Advisory and Consulting Services for Diligent, to discuss how to approach the Board of Directors around the crucial issue of third-party risk management and risk mitigation. Parker has been in the compliance industry for six years and has experience working with the Department of Homeland Security, Apple Computer, and over 300 clients in the compliance and legal space.

Parker dives into how Diligent’s platform helps companies assess risk and comply with compliance laws such as the FCPA, UK Modern Slavery Act, Uyghur Forced Labor Prevention Act and more. Join us in this five-part series to learn how Diligent’s platform can help reduce risk and ensure compliance.

Here are the steps you need to follow to also get risk mitigation:

  1. Screening – Screening for anti-bribery and anticorruption, politically exposed persons, state owned entities, watch lists, embargoes, etc.
  2. Risk-Based Approach – Evaluating the dossier of information to lead to a decision to approve or deny doing business with the third party.
  3. Documentation – Documenting activities, notes, attachments, and actions taken to show due diligence was done to mitigate risk.

Screening – Screening for anti-bribery and anticorruption, politically exposed persons, state owned entities, watch lists, embargoes, etc.

Screening is an essential first step in anti-bribery and anticorruption, politically exposed persons, state owned entities, watch lists, embargoes, etc. The process begins by collecting and inputting data into a single source of truth platform such as Diligent’s Third Party Risk Management System. This platform allows for a risk-based approach to screening, in which the compliance professional can assess the risk of doing business with a third party. This assessment includes screening for anti-bribery and anti-corruption, politically exposed persons, state owned entities, watch lists, and embargoes, as well as more recent regulations such as the German Supply Chain Act and the UK Modern Slavery Act. It also provides the ability to document and audit activities, allowing for better visibility and accountability from an internal and external perspective. Finally, the platform is constantly updated to ensure that it is compliant with any new laws or regulations that are implemented.

Risk-Based Approach – Evaluating the dossier of information to lead to a decision to approve or deny doing business with the third party.

The second step in the third-party risk management process is to take a risk-based approach in evaluating the dossier of information. This dossier typically includes the results of the screening process, any due diligence questionnaires, and any additional investigations that have been conducted. All these items should be compiled into a single source of truth and reviewed to ensure that the organization has done its due diligence in assessing the third party.

The risk-based approach should be tailored to the specific organization and its risk profile, as well as the specific third-party that they are doing business with. This evaluation should also take into consideration any changes in laws, regulations, and sanctions that may have been recently implemented. The diligence program should also be able to screen for a variety of different risks, such as anti-bribery, anti-corruption, human trafficking, politically exposed persons, state-owned entities, watchlists, and embargoes.

Once the evaluation is complete, the organization should have a clear understanding of the risks associated with doing business with the third party and can make an informed decision as to whether to approve or deny the business relationship. This risk-based approach should be documented for auditability in case of any potential future inquiries or investigations.

Documentation – Documenting activities, notes, attachments, and actions taken to show due diligence was done to mitigate risk.

Documentation is an essential part of risk mitigation and due diligence. It is important to maintain an audit trail of activities, notes, attachments, and actions taken related to third party risk management. This allows companies to easily access information and prove that they have taken the necessary steps to mitigate risk. A platform such as Diligent’s Third Party Risk Manager can be used to keep track of all the necessary documentation. All activities, notes, and attachments can be stored in a single source of truth, which provides visibility and auditability for the board. Additionally, the platform is regularly updated to ensure that it is up to date with the latest regulations and laws. This allows companies to remain compliant and mitigate risk. All these elements come together to form a dossier of information, which can be used to approve or deny business with third parties. Documentation is a key part of any risk management program and is essential for due diligence.

Over this five-part blog post series will explore reprioritizing you third-party risk management program. It is essential to properly evaluate third-party risk and to document all activities, notes, and attachments to remain compliant and mitigate risk. With the right platform and approach, companies can keep up with the ever-changing regulations and laws and protect their businesses from potential issues. With dedication and hard work, business owners can stay ahead of the curve in risk management and compliance.

For more information, check out Diligent here.

Listen to Michael Parker on the podcast series here.

Categories
Because That's What Heroes Do

Picard-Season 2, Episodes 7- 8

In this podcast series, two complete MCU fans, Tom Fox, founder of the Compliance Podcast Network, and Megan Dougherty, co-founder of One Stone Creative, indulge in a passion for all things in the Marvel Cinematic Universe by re-watching each movie and then podcasting on every movie in the MCU. However, we will go in a different direction over the next three episodes and review Picard Season 2. In this podcast, we take up episodes 7-8.

Key Highlights

Episode 7-Synopsis [1:16]

Episode 7-Commentary [2:37]

Episode 8-Synopsis [8:13]

Episode 8-Commentary [9:33]

Next time, we will conclude our deep dive into Picard Season 2 by looking at episodes 9-10.

Categories
Sunday Book Review

March 19, 2023 – The Russian Oligarch Edition

In the Sunday Book Review, I consider books that interest the compliance professional, the business executive, or anyone curious. It could be books about business, compliance, history, leadership, current events, or anything else that might interest me. In today’s edition of the Sunday Book Review, we consider some of the top recently released by Russian oligarchs:

Categories
Because That's What Heroes Do

Picard-Season 2, Episodes 5-6

In this podcast series, two complete MCU fans, Tom Fox, founder of the Compliance Podcast Network, and Megan Dougherty, co-founder of One Stone Creative, indulge in a passion for all things in the Marvel Cinematic Universe by re-watching each movie and then podcasting on every movie in the MCU. However, we will go in a different direction over the next three episodes and review Picard Season 2. In this podcast, we take up episodes 5-6.

Key Highlights

Episode 5-Synopsis [1:16]

Episode 5-Commentary [2:41]

Episode 6-Synopsis [15:54]

Episode 6-Commentary [17:14]

Next time, we will continue our deep dive into Picard Season 2 by looking at episodes 7-8.

Categories
Kerrville Weekly News Roundup

Kerrville Weekly News Roundup: March 18, 2023

Welcome to the Kerrville Weekly News Roundup. Each week, veteran podcaster Tom Fox and his colleagues Andrew Gay and Gilbert Paiz get together to go over a couple of their favorite stories from the past week from Kerrville and the greater Hill Country. Sit back, enjoy a cup of morning coffee and listen in to get a wrap up of the Kerrville Weekly News. We each consider two of our favorite stories and talk about the upcoming weekend’s events which will enjoy or participate in this weekend. The Kerrville Weekly News Roundup offers an informative and entertaining look at the news in the Texas Hill Country. Head over to Texas Hill Country Podcast Network and join Andrew Gay and Tom Fox as they round up the week’s news, discuss current events, and make sure you don’t miss out on any of exciting news at Kerrville.

Gilbert is on Spring Break this week so Tom and Andrew reporting their top stories to you. Some of the following stories which caught their attention over the past week.

·      The Tragic Aftermath of a House Fire in Kerrville

·      The Museum of Western Art in Kerrville, Texas

·      Peterson Hospital System honored

·      Celebrating Saint Patrick’s Day During March Madness​

Resources

Tom Fox on LinkedIn

Gilbert Paiz on LinkedIn

Andrew Gay on LinkedIn

Texas Hill Country Podcast Network

Categories
Daily Compliance News

March 18, 2023 – The Corrupt Client Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

  • My client is the speaker. (Law360)
  • The US sanctions the former Bosnia Intelligence Chief for corruption. (Balkan Insights)
  • Lessons from the Householder conviction. (Cincinnati Enquirer)
  • Jes Staley to be deposed over Epstein connections. (Reuters)
Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Tying it all Together for Joint Ventures

I want to emphasize again the risks JVs pose under the FCPA. Mike Volkov has stated, “A joint venture requires the integration of disparate company cultures. It can be successful and is usually one of the significant reason for the joint venture itself.” Both parties should assess each other and decide that the JV is a good fit, meaning that each side will benefit. Too much time is spent on looking at the JV partner’s compliance toolbox (i.e., policies, procedures, and controls), and not enough time is spent on identifying compliance strengths and weaknesses. You must bring it all together with one format.

Indeed the 2020 Update to the Evaluation of Corporate Compliance Programs posed the following questions under the category, “Process Connecting Due Diligence to Implementation” What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post- acquisition audits, at newly acquired entities? Remember a “newly acquired entity” can be a joint venture.
Three key takeaways: 

  1. It all starts with a Relationship Manager.
  2. Have company oversight of all JVs. Couple this with a COC for a second set of eyes.
  3. Audit, monitor, and remediate (as appropriate) your JVs on an ongoing basis.
Categories
The Night Sky

Leslie Jones on the Local Impact of the Eclipses on the People of Kerrville and Kerr County

Welcome to The Night Sky: A Podcast on the Eclipses Comes to Kerrville a podcast which celebrates that for two days over the next 18 months, Kerrville, TX will be the Eclipse Capitol of the World. This podcast, hosted by Andrew Gay and Tom Fox will celebrate these two eclipses and discuss how the town of Kerrville will prepare for an influx of a quarter million (or more) visitors. This podcast is produced by the Texas Hill Country Podcast Network.

This episode, featuring guest Leslie Jones, is an especially exciting one. Jones provides fascinating insight into the coming total solar eclipse that will be visible in Kerrville, Texas. She explains how the city is planning to serve as a hub of information, while the eclipse itself will pass between Goat Creek Road and the city. This is an event that only happens once in a lifetime and one that should be marked on everyone’s calendar. During the podcast, Leslie provides some advice on what to do in preparation and encourages listeners to let him know if they decide to view the eclipse. The podcast also mentions that the Kerrville Independent School District will be calling school on the date of the eclipse, April 8th, so parents should be prepared to have their children out of school.

Key Highlights Include

·       Visiting Kerrville for the 2023 Total Solar Eclipse [01:47]

·       The Total Eclipse in Texas: A Once-in-a-Lifetime Event [05:37]

·       The Role of Kerrville in Future Planning [09:04]

·       Preparing for KIC’s School out on April 8th [12:47]

·       Planning a Private Event in Your Community [16:24]

Notable Quotes

1.     “An annular eclipse happens when the moon covers the sun’s center leaving the sun’s visible outer edges to form a ring of fire and or an analyst around the moon.”

2.     “The total solar eclipse that we are going to have in April of 2024 you have to have your glasses on leading up to totality. During totality, you don’t you can take them off to experience and then obviously when totality ends, and it starts leaving, you’ll need to put those glasses back on. Because again, you’re staring at the sun. So that’s bad. It’s bad for your eyeballs.”

3.     “This is literally a once in a lifetime event for us here in Texas.”

4.     I know. It’s pretty exciting. Wow.”

Resources

Leslie Jones on LinkedIn

Andrew Gay on LinkedIn

Tom Fox on LinkedIn

Categories
Daily Compliance News

March 17, 2023 – The SVB Fallout Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

·       Vendor risks after SVB collapse.  (WSJ)

·       CFOs evaluate cash strategies after SVB failure.  (WSJ)

·       SVB Failure: Arrogance, incompetence, or both? (Bloomberg)

·       SEC’s role in protecting from financial collapses. (Reuters)

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Post Acquisition Integration

Your company has just made its largest acquisition ever and your CEO says that he wants you to have a compliance post-acquisition integration plan on his desk in one week. Where do you begin? Of course, you think about the 2020 FCPA Resource Guide, 2nd edition but you also remember that the established time frames in the enforcement actions involving Johnson & Johnson (J&J), Pfizer Inc. and DS&S and the Halliburton Opinion Release.

While there are time frames listed in these DPAs, they are a guide of timeframes, not a ‘how to’ guide and many compliance professionals struggle with how to perform these post-acquisition compliance integrations. The 2020 Update to the Evaluation of Corporate Compliance Programs asked the following questions, What has been the company’s process for tracking and remediating misconduct or misconduct risks identified during the due diligence process? What has been the company’s process for implementing compliance policies and procedures, and conducting post- acquisition audits, at newly acquired entities?

Whatever compendium of steps you utilize for post-acquisition integration, they should be taken as soon as practicable.

Three key takeaways: 

  1. Planning is critical in the post-acquisition phase.
  2. Build upon what you learned in pre-acquisition due diligence.
  3. You need to be ready to hit the ground running when a transaction closes.