Categories
Innovation in Compliance

Third-Party Management: A Risk-Based Approach – Part 5: Alexander Cotoia on Use Cases

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Associate at the Volkov Law Group. In this Part 5, I visit with Alexander Cotoia, a Regulatory and Compliance Manager at the Volkov Law Group, to consider how recent FCPA enforcement actions point toward the use cases for a robust third-party risk management system.

In 2022, the overwhelming majority of FCPA-related enforcement actions involved third parties and required organizations to reprioritize third-party risk management. In this episode, we consider case studies involving ABB Limited, GOL Airlines, and Oracle, which all demonstrated the importance of understanding bribery and corruption schemes, making voluntary disclosures, and reassessing third-party risk management.

Key Highlights

·      How can organizations reprioritize third-party risk management as a core compliance function?

·      What strategies can organizations use to avoid FCPA violations and maximize cooperation credit?

·      How can organizations effectively assess the risks posed by potential business partners?

 Notable Quotes 

1.     “Don’t put yourself in a position of being uncooperative with either the SEC or DOJ. Reassess your framework for third-party risk management holistically and hone in on the nature and quality of the information that’s being collected to objectively evaluate the totality of risks posed by a potential business partner to the organization.”

2.     “You really can’t afford to be complacent, especially as we have a new emerging consideration suspecting sanctions and export controls that have become core enforcement priorities of the federal government.”

3.     “The critical question asked from a functional perspective is, is it adequate to objectively evaluate the totality of risks posed by a potential business partner to the organization?”

4.     “You have to understand that third-party risk, especially as it pertains to anti-bribery and corruption concerns, is a universal constant.”

 Resources

Alexander Cotoia on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Innovation in Compliance

Third-Party Management: A Risk-Based Approach – Part 3: Kairi Isse on Implementation and Maintenance

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, I will visit with Michael Parker, the Director of Consulting and Advisory Services; Stephanie Font, Director, Operations Optimization Group; Kairi Isse, Group Manager of Managed Services Group, Productions; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Regulatory Compliance Manager from the Volkov Law Group. In this Part 3, I visited with Kairi Isse on the implementation of your third-party risk management program after the contract is executed.

Learning about the risk posed by third-party vendors to a company’s compliance program can be an eye-opening experience. However, through an AI-based ongoing monitoring search tool with customizable features and auditable trails, for third-party risk management, an organization can ensure that their compliance programs are effective and reduce their risks of fines and reputational damage during the implementation stage after a contract is executed.

Key Highlights

·      How can modern companies effectively manage third-party risk and protect their reputation?

·      What are the best ways to monitor third parties in a stable vendor ecosystem?

·      How can AI and machine learning make third-party management more efficient and effective?

Notable Quotes 

1.     “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”

2.     “The key to effective risk management is the ongoing follow-up to ensure all the controls are in place and, if needed, are changed.”

3.     “It’s not the most data; it’s the right data.”

4.     “Everything is audited in there; there are audits for the third-party profiles, and there are audits for each case.”

 Resources

Kairi Isse on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Daily Compliance News

March 17, 2023 – The SVB Fallout Edition

Welcome to the Daily Compliance News. Each day, Tom Fox, the Voice of Compliance, brings you compliance-related stories to start your day. Sit back, enjoy a cup of morning coffee, and listen to the Daily Compliance News. All from the Compliance Podcast Network. Each day we consider four stories from the business world, compliance, ethics, risk management, leadership, or general interest for the compliance professional.

Stories we are following in today’s edition of Daily Compliance News:

·       Vendor risks after SVB collapse.  (WSJ)

·       CFOs evaluate cash strategies after SVB failure.  (WSJ)

·       SVB Failure: Arrogance, incompetence, or both? (Bloomberg)

·       SEC’s role in protecting from financial collapses. (Reuters)

Categories
Compliance Into the Weeds

Log4j-the Merger of Cyber, 3rd Party and Operational Risk

 

Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. This week, Matt and Tom take up the Log4j imbroglio. Some of the issues we consider:

·      Why is this matter of such importance to compliance and audit?

·      Is your IT security out-sourced? If so how do you perform 3rd party due diligence on these companies?

·       What is the intersection of 3rd party, cyber and operational risk?

·      How can you implement at 3rd party risk management program in cyber?

·      Have you audited a 3rd party in the cyber realm?

Resources
Matt in Radical Compliance