In today’s edition of Daily Compliance News:
The Financial Crimes Enforcement Network (FINCEN) issued a policy on government-wide priorities (“Priorities”) for anti-money laundering (AML) and countering the financing of terrorism (CFT). The Priorities identify and describe the most significant AML/CFT threats that the US is facing – the Kitchen is there to take a closer look at what goes into this recipe.
Welcome to a special six-part podcast series, sponsored by Exiger, on the TRADES Framework, a conceptual, strategic and practical guide for Third-Party and Supply Chain Risk Management designed by Exiger to help organizations achieve supply chain resiliency and optimize risk management at any phase of maturity. Exiger was founded to fight financial crime, fraud and terrorist financing by introducing technology-enabled solutions to the market’s biggest supply chain, risk, investigation, litigation, and compliance challenges. A global authority on risk and compliance, Exiger serves the world’s largest banks, Fortune 1000 companies and government agencies and regulators. In this first episode, we consider transparency with Skyler Chi and Tim Stone.
The TRADES Framework is an important evolution in a rapidly evolving ecosystem of third party and supply chain risk management. There are a wide variety of risks that could be in your Supply Chain, including both distributor risks and vendor risks. The urgency of establishing best practices in this area was driven home most forcefully during the Coronavirus pandemic as governments at all levels were trying to secure the vaccines, Personal Protective Equipment (PPE) and pharmaceuticals that were needed. There has also been legislative initiatives with such laws as the German Supply Chain Act starting to gain momentum. Of course modern slavery issues that were talked about before as well and the ESG revolution.
Tim Stone related that “T is for “Transparency of Current State”. There are different levels of transparency. He focused on Entity Level where the goal is to identify the full third-party ecosystem. Another way to think about it is “taking stock”. This stage involves illuminating your current state of affairs and identifying your vendor ecosystem.
The next step is how to build this initial tier of reliably accurate, validated, and de-duplicated entities that are mapped to business units, products, and use-case. You want as comprehensive a supplier and third-party ecosystem as possible. So how do you gain this transparency?
The first step is to identify, your internal supply data elements. You need to review your organization’s contracts and other paperwork, as well as engaging stakeholders across an organization in a fact-finding exercise, to arrive at a golden source of suppliers and vendors, and then mapping those entities to the products, business units, and use-cases across the organization. Next you should review external supply data elements.
“Transparency” is also about illuminating risk, which here means identifying the risks posed by the entities in a client’s supply chain. These risks are either inherent or imposed. Determining inherent risk, is where Exiger’s AI-powered due diligence platform, DDIQ, shines. DDIQ finds and categorizes risk information about focal companies and people. The platform searches hundreds of structured (e.g., watchlists) and unstructured (e.g., media) data sources and performs thousands of targeted queries – using proprietary search strings associated with different risk types and specific risky entities – to isolate and categorize risk information about a focal entity.
Next is imposed risk, which is “an aggregate view of a company’s upstream reliance on certain countries, such as China, for its receipt of goods. This extent of a higher risk country’s upstream footprint in a company’s supply chain is indicative of greater risk.” It also includes risk through downstream supply chain risk analysis to isolate where a company’s products are ultimately ending up.
Transparency also speaks to the governance and accountability associated with third-party (TP) and Supply Chain Risk Management (SCRM). There is a Strategic Level and a Program Level. As Skyler related you should create and document a TP&SCRM mission statement and purpose explanation, understand how mature your program is and create a baseline analysis of the program’s maturity. You then develop and maintain policies and procedures, which provide guidance and determine the right risk-area stakeholders and governance forums.
From this point, you should work to determine communication and workflows to operate the TP&SCRM program. This can be done through several steps, including data sourcing and right-sized technology aligned to the TRADES framework to ensure a single source of truth for each third party, supply chain, and overall program; continuous evaluation and improvements of the framework and periodic refreshes or reviews to assess industry/risk changes and best practices. Finally, it would lead to the creation of principles and guidance to help company stakeholders take risk-related decisions and actions.
Join us in our next episode, where we discuss the Risk Methodology with Theresa Campobasso and Matt Hayden.
Resources
Exiger TRADES Framework
Exiger Website
Skyler Chi
Tim Stone
In this Episode of the FCPA Compliance Report, I am joined by Jason Mefford, a top thought leader in internal controls. We discuss his podcast Jamming with Jason, his online academy cRisk Academy and a unified theory of risk management. Highlights include:
Resources
Jason Mefford on LinkedIn
Jamming with Jason
cRisk Academy
In today’s edition of Sunday Book Review:
In today’s edition of Daily Compliance News:
In this episode, the Kitchen explores a recent DOJ settlement with a US government contractor that was brought about through a whistleblower, under the False Claims Act. Next, we take a peek at what is cooking in Switzerland, as the government joins the rest of the world and issues sanctions against Belarus.
In this podcast we consider the TOS episode Journey to Babel as a starting point for the consideration of the medicine portrayed in the Original Series. The Enterprise transports ambassadors to a conference to discuss the admission of Corridon, a star system composed of many mutually combative races, to the Federation. Corridon contains a nearly unlimited supply of dilithium crystals, but its small population and lack of strong government has allowed illegal mining operations by outsiders seeking to exploit its natural resources.
To Kirk’s surprise, Sarek the 102.437-year-old ambassador from Vulcan and his his wife Amanda, who is human, are Spock’s parents. Sarek reveals that he has had three previous Vulcan heart attacks and has been taking Bengacydrine to combat it. He requires an open-heart operation, but the ship’s stores do not have a sufficient supply of blood, especially of Sarek’s rare Vulcan T negative blood. Despite the fact that Spock’s blood is a mixture of human and Vulcan factors, he provides a blood transfusion to Sarek after McCoy uses an experimental stimulant to increase the rate of blood production. The Enterprise is then attacked by alien ship while Sarek and Spock are on the operating table, endangering both their lives. Spock, who is recovering from the operation, surmises that the perpetrators were from Orion, since Orions are known to have been smuggling dilithium from Corridon and are anxious to prevent interference.
Highlights include:
1. Why is the TriCorder such a significant piece of medical technology, even up to today?
2. What are the diagnostic aspects of the TriCorder?
3. What is augmented reality and how is it being used in medical treatment today?
Does your employee helpline need a brand that’s distinct from your company’s? The Integrity Team at Reckitt makes a compelling case for it on today’s episode. After finding that their traditional Helpline awareness approach was fading into the background, they made a splash with a brand-new visual identity for their helpline. They share the results, plus Reckitt’s vision for a healthier world by 2030.
