Tag: compliance

Categories
31 Days to More Effective Compliance Programs

One Month to a More Effective Compliance Program for Business Ventures-Franchisor Liability


There remains a question about franchisor liability under the FCPA. Franchising has been a successful model in the U.S. and now many corporations are looking at overseas expansion opportunities. Franchise law has become well developed across the U.S., with many states developing laws to protect the rights and obligations of both parties in a franchise agreement.
There are no reported FCPA enforcement actions regarding franchisors. However, the factors in a franchise relationship would appear to lead to clear FCPA responsibility of the franchisor for its overseas franchisee’s actions. Additionally, court interpretation of the FCPA has held that it is applicable where conduct is used “to obtain or retain business or secure an improper business advantage” which can cover almost any kind of advantage, including indirect monetary advantage even as nebulous as reputational advantage. As everyone knows, the FCPA prohibits payments to foreign officials to obtain or retain business or secure an improper business advantage. Nevertheless, many U.S. companies view franchisees as different from other types of more direct sales representatives, such as company sales representatives, agents, resellers or even JV partners, for the purposes of FCPA liability.

The Master Franchise model is typically the most used model in international franchise expansion. It generally revolves around a Master Franchise agreement between the U.S. based franchisor and a franchisee in a specific geographic territory. This franchisee then contracts with third-party sub-franchisees within the specified territory. Typically, the U.S.-based franchisor will have no contractual relationship with the international sub-franchisees. The master franchisee acts as the franchisor in the local market and recruits, trains, and provides other support in the local area on behalf of the U.S. franchisor. Here the FCPA exposure is both direct and indirect.
While some believe that a franchisor may not have direct involvement in conduct prohibited by the FCPA, as there may not be the requisite corrupt intent required under the statute. However, unless a franchisor has an adequate compliance program in place, a franchisor may well find itself in the shoes of Frederic Bourke and sustain a finding of conscious indifference.
Three key takeaways: 

  1. Consider the different types of international franchise agreements to help assess your compliance risk.
  2. There are no reported FCPA enforcement actions involving international franchisors, yet.
  3. Franchisors must conduct thorough research in both the foreign market they hope to enter and on their potential franchisees.
Categories
2 Gurus Talk Compliance

2 Gurus Talk Compliance – Episode 2

What happens when two top compliance commentators get together? They talk compliance of course. Join Kristy Grant-Hart and Tom Fox for their new podcast, 2 Gurus Talk Compliance! But it is not simply Kristy and Tom talking compliance. In this podcast series Kristy and Tom review  other top commentators in compliance as well. In this podcast, we will consider all things compliance, corporate ethics, ESG, governance, and whatever else is on our minds and the minds of other experts in the field. Kristy and Tom explore all of these topics with expertise and wit.

2 Gurus Talk Compliance will include a deep dive into the latest headlines, as well as ask hard hitting questions and provide valuable insights on the current happenings of the world. Don’t miss out this week, as Tom and Kristy look at how the new DOJ pilot program and update to the evaluation of corporate compliance program guidance will affect dailiness operations.

 Highlights Include

·      Moral hazard for DOJ/Compliance

·      Global Corporate Governance Trends for 2023

·      Assessment of Monaco/Polite Speeches and new ECCP

·      Compliance in the Metaverse

·      Five hard leadership bills to swallow.

·      Former Blue Bell CEO Pleads Guilty

·      $9 Million Cow Manure Ponzi Scheme

·      Lessons Learned from Ericsson’s DPA Breach

·      Serious Fraud Office Abandons Prosecution

·      2023 Evaluation of Corporate Compliance Programs

 Notable Quotes

1.      “The effect on the economy is much more severe than I would have ever thought. The market tanked, basically, for 3 days. And of course, the market runs on perceptions. Pretty much like bank runs run on per perceptions.”

2.     “We had some assets disappear over the weekend. We’ve had the federal government come in at backstop that amount, full amount, not just limited to the 250000 per person or entity that the FDIC ensures I think banking regulations will probably change forever because of this event.”

3.      “A couple of weeks ago, we had 2 major speeches by deputy attorney general Lisa Monaco and Kenneth Polite, at the ABA white collar conference that were followed by the release of an updated 2023 version of the Evaluation of Corporate Compliance Programs, a new policy regarding monitors as well, and the announcement of a pilot program.”

Resources 

  1. Moral hazard for DOJ/Compliance 
  2. Global Corporate Governance Trends for 2023 
  3. Assessment of Monaco/Polite Speeches and new ECCP
  4. Compliance in the Metaverse
  5. Five hard leadership bills to swallow
  6. Former Blue Bell CEO Pleads Guilty to Misdemeanor Over Listeria Outbreak
  7. Central Valley Man Pleads Guilty to Nearly $9 Million Cow Manure Ponzi Scheme
  8. Lessons Learned from Ericsson’s DPA Breach: An Internal Investigation Nightmare
  9. U.K. Serious Fraud Office Abandons Prosecution of Former G4S Executives
  10. DOJ Announces Major Changes To Corporate Compliance Program Evaluation

Connect with Kristy Grant-Hart on LinkedIn

Spark Consulting

Connect with Tom Fox on Linkedin

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Distributors as Business Venture Partners

Many compliance practitioners generally view distributors as a part of their third-party risk management program, with most of their attention on the pre-contract phase of the risk management process. Typically, most of the efforts are spent on due diligence with less on managing the relationship after the contract is signed. However, many facets of a corporate relationship with a distributor are closer to those of other business venture partners.

One of the issues in any compliance program is the compensation paid to a business venture partner as FCPA exposure arises when companies pay money – either directly or indirectly – to fund bribe payments. In the traditional intermediary scenario, the company funnels money to a business venture partner, who then passes on some or all of it to the bribe recipient. Often, the payment is disguised. Rethinking approaches to evaluating distributor activities is but one of the ways that the increased number of enforcement actions, 2020 FCPA Resource Guide, 2nd edition and DOJ’s 2020 Update to the Evaluation of Corporate Compliance Programs, have provided insight into how the government interprets and enforces the FCPA. This information, in turn, allows companies to get smarter about FCPA compliance. With a manageable amount of forethought, companies who rely on distributors can create, install and maintain systems which allow them to spend fewer resources to more effectively prevent violations. Moreover, these systems generate tangible proof of a company’s genuine commitment to FCPA compliance, by more fully operationalizing this aspect of their compliance program.
Many companies have been involved in FCPA enforcement actions because of distributors. This sales side channel does not receive the focus equal to that of commissioned sales agents. Yet it can present an equally large compliance risk. By using this DAR approach, you will have created a well-thought out process which will operationalize your compliance program around distributor compensation, in a manner which documents your decision-making calculus.
Three key takeaways: 

  1. The creation of well-thought out process which operationalizes your compliance program around distributor compensation, in a manner which documents your decision-making calculus is key.
  2. Require multiple levels of approval for an out of range distributor discount.
  3. Tracking distributor discounts globally makes your company more efficient.
Categories
Innovation in Compliance

Third-Party Management: A risk-based approach – Part 4: Adam Bailey on Reporting

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, we will consider a risk-based approach to third-party risk management. Over this series, I will visit with Michael Parker, the Director of Advisory and Consulting Services; Stephanie Font, Director of the Optimizations Group; Kairi Isse, Managed Services Group Manager; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, from the Volkov Law Group. In this Part 4, I visit with Adam Bailey to look at the role of the Board in risk, audit, compliance, and ESG and the reporting from executive teams and GRC practitioners to take risks and seize chances.

Bailey has worked to help organizations better manage their risk by providing insight and clarity to boards of directors. He strived to enable executive teams and GRC practitioners to assess and manage strategic risks, ultimately connecting boards, practitioners, and executives together to innovate and drive growth. With the complexity of third-party relationships continuing to grow, companies need to adopt a continuous improvement approach to contend with unforeseen risks. A corporate compliance function is not just something nice to have, but a must and a Board needs clear and relevant data to make the best decisions. Organizations need to use the necessary tools to ensure that Boards have the visibility to manage their third parties and make informed decisions.


Key Highlights
1. A compliance function must support leaders through its reporting work.
2. Companies can effectively manage third-party risk with a risk-based approach and robust processes.
3. Connecting Board, senior executives, and practitioners together to enable organizations to take risks and innovate is critical.

Notable Quotes

  1. “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”
  2. “Continuous blanket monitoring of all third parties with every risk asset you can think of is just not feasible and probably wouldn’t deliver the outcomes that we need.”
  3. “We know that change is constant, regulators are looking for risk management policies and practices which continually improve and evolve over time.”
  4. “We need robust processes and systems in place to make sure that when you create your third-party profile, it’s screened against sanctions lists, embargo watch lists, et cetera, to provide the rich data that’s there.”

Resources

Adam Bailey on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program -Reporting

Today’s business landscape is becoming increasingly complex and globally interconnected, with the average business now working with over 100 third-party vendors. While this presents a wealth of opportunities, it also brings a range of challenges for boards and GRC professionals alike when it comes to third-party risk management. I recently visited with Diligent’s Senior Vice President of Products, Adam Bailey on how to tackle these challenges and leverage third-party risk management to identify opportunities and equip boards to take risks, innovate and drive things forward. Here are the steps you need to follow to also get clarity, insight, innovation.:

  1. Understand the role of the board in oversight and provide clarity on third-party risk management.
  2. Board review Codes of Conduct.
  3. Continuous improvement view of risk management.
  4. Utilize real-time data to react to changing times.
  5. Ensure commitment to shared values and ethical cultures.

 1.Understand the role of the Board in oversight

Understanding the role of the Board in oversight and providing clarity on third-party risk management is an essential step in any risk management strategy. Obviously, the Caremark Doctrine is the leading authority which Boards must follow. But more than simply oversight to  meet a legal requirement, businesses should see the business opportunity by creating a business process which connects employees, compliance professionals, executives, and boards together in a seamless process. This connection enables a culture of continuous improvement that starts at board level and cascades down through the structures of the business. This allows two-way communication between boards and compliance professionals, so that boards can clearly communicate their risk management strategy and expectations. 

  1. Board review of Codes of Conduct

A key role for any Board is to review and refresh if needed your organization’s Code of Conduct on a regular basis. When it comes to third-party risk management this is needed to  ensure that the third parties are following the company’s established guidelines. A Board should understand the importance of third-party risk management and how to fulfill their role of oversight. There should be an enterprise-wide single source of data for every Board to ensure effective governance, risk and compliance. Boards should also be provided with dashboards to allow for continuous monitoring of third-party relationships and to provide real-time information and data to enable businesses to react to changing times. Ultimately, companies need to show that their Board is making a good faith effort to address risks by having due diligence processes in place and effective plans to monitor those processes.

  1. Continuous improvement view of risk management

A key role for any Board is to implement a continual improvement view of risk management. This shifts an organization’s focus from a one-time due diligence approach to ongoing, rigorous due diligence designed to identify risk areas and set benchmarks for improvement. This allows a Board to have a clear view of the risks involved and make informed decisions. A two-way dialogue is also important, with data flowing up to the board and actions cascading back down to the compliance team. 

  1. Utilize real-time data to react to changing times

There is probably no more important task for a Board in 2023 than responding to changing times. Obviously Covid-19 is still in front of mind, but the change political, geographic, economic and even climate changes are moving much more quickly now. For a Board to provide effective oversight, it must have access to real-time data to react to changing times. This is both from a regulatory perspective and a business/reputational perspective. All internal stakeholders should be connected with enterprise-wide single source of all nonfinancial data required for effective governance, risk, and compliance. The platform also provides real-time information and data so Boards can quickly react to changing times. Furthermore, the platform adds relevancy and context to the risk data which helps Boards make informed decisions based on the potential upside and downside of taking on certain risks.

  1. Ensure commitment to ethical values and ethical cultures

It really all does start at the top and Boards must ensure commitment to ethical values and ethical cultures. Boards should mandate that companies adopt a continual improvement view and embrace not just one and done due diligence, but ongoing monitoring and continuous improvement. Boards should mandate that organization enforce their commitment to ethical values, ethical cultures, and honest business practices. When it comes to third parties, Boards must understand the risk each third-party poses and to consider the business in question and the sort of inherent nature of the dealings with that third-party. Having a robust platform also provides real-time information and data throughout the relationship with the third-party, dashboards to monitor third-party information, and a single source of truth for all nonfinancial data. This allows for a two-way dialogue between GRC professionals and the board to ensure that the board has the clearest, most relevant, and most targeted information to inform better decisions.

For more information, on Diligent’s Third-party Risk Management solution, click here.

Listen to Adam Bailey on the podcast series here.

Categories
31 Days to More Effective Compliance Programs

One Month to More Effective Compliance for Business Ventures – Financial Review of Your Business Venture Partner

One area not usually considered around your business ventures is the financial health of JV partner, teaming partner, strategic partner or any other type of business partner or relationship which might occur in a business venture. It turns out such an oversight may have some significant ramifications for an accurate picture of a business venture partner. The financial health of a business venture partner as not only a key metric but also a key tool which allows a more robust assessment prior to contract signing and in managing the relationship after the contract has been signed.
A business venture partner which is in a weakened financial position can come back to damage your business in a variety of ways. Obviously, a company which is under financial strain is more susceptible to cutting corners to obtain business. You can almost begin to see the fraud triangle forming at this point and a rationalization for committing a FCPA violation forming in the mind of a business venture partner.

Continuous improvement through monitoring of ongoing financial health is a tool where technological solutions can have an impact. Understanding the financial viability of third-parties can help the compliance practitioner meet the DOJ requirement to more fully operationalize a compliance program. It can also lead to more and better operational stability and with that ever-sought increase in corporate profitability. As compliance moves into the business process, this type of review should become part of your compliance toolkit going forward.
Three key takeaways: 

  1. What is the financial health of your business venture partners? Do you even know?
  2. Poor financial results can open a business venture partner to engaging in risky behavior.
  3. Financial health monitoring is key for monitoring business venture partners.
Categories
Innovation in Compliance

Third-Party Management: A Risk-Based Approach – Part 3: Kairi Isse on Implementation and Maintenance

Welcome to a special 5-part podcast series sponsored by Diligent. Over this series, I will visit with Michael Parker, the Director of Consulting and Advisory Services; Stephanie Font, Director, Operations Optimization Group; Kairi Isse, Group Manager of Managed Services Group, Productions; Adam Bailey, Senior Vice President, Product Management and Alexander Cotoia, Regulatory Compliance Manager from the Volkov Law Group. In this Part 3, I visited with Kairi Isse on the implementation of your third-party risk management program after the contract is executed.

Learning about the risk posed by third-party vendors to a company’s compliance program can be an eye-opening experience. However, through an AI-based ongoing monitoring search tool with customizable features and auditable trails, for third-party risk management, an organization can ensure that their compliance programs are effective and reduce their risks of fines and reputational damage during the implementation stage after a contract is executed.

Key Highlights

·      How can modern companies effectively manage third-party risk and protect their reputation?

·      What are the best ways to monitor third parties in a stable vendor ecosystem?

·      How can AI and machine learning make third-party management more efficient and effective?

Notable Quotes 

1.     “The key to this effective risk management is truly the follow-up, the ongoing follow-up to ensure that all the controls are in place and, if needed, are changed.”

2.     “The key to effective risk management is the ongoing follow-up to ensure all the controls are in place and, if needed, are changed.”

3.     “It’s not the most data; it’s the right data.”

4.     “Everything is audited in there; there are audits for the third-party profiles, and there are audits for each case.”

 Resources

Kairi Isse on LinkedIn

Check out Diligent’s 3rd party products and services here.

Categories
Blog

Compliance Lessons from the SVB Failure

The recent events surrounding Silicon Valley Bank have been both shocking and eye-opening. From the depositors who faced near death experiences, the shareholders who lost all their money, and the taxpayers who supported the bailout, it’s clear that there were multiple levels of oversight that failed to stop this disaster from happening. In this week’s episode of Compliance into the Weeds, Matt Kelly and myself explored the roles of KPMG, the Board of Directors and management, institutional investors, and the regulators, to uncover the lessons the compliance professional can take away from this debacle.

There were three key areas that SBV and those who advised it failed in. They included:

  1. Failures in identifying the poor risk management practices and the lack of assurance around the bank’s ability to access emergency cash.
  2. Failures by the Board of Directors and senior in responding to the red flags raised by the BlackRock consultants.
  3. Failures by SVB who was not prepared with a plan to resolve the crisis when it occurred.

Poor Risk Management Practices

The first step in understanding the lack of assurance around the bank’s ability to access emergency cash is to identify its poor risk management practices. KPMG, the banks’s auditors, may have given an anodyne report that stated there was no material risk of misstatement, but they could not have predicted the strategic risks that SVB was taking.  SVB got into trouble around its financial assets,  namely low-interest rate loans that SVB issued in the late 2010s. When the Federal Reserve started jacking interest rates to cool down inflation, the value of those loans fell. It put the bank in a precarious position. It is not clear what the bank’s management did but whatever it was, it was clearly insufficient.

Board and Senior Management Failure to Address Red Flags

Both the Board and senior management failed to respond adequately to the red flags raised by the BlackRock consultants, who SVB hired in late 2020, to look at their risk management practices. According to the report, SVB failed 11 of 11 criteria for risk management, indicating that there were serious issues present. This assessment should have been a red flag for management and the board’s risk committee, which met 18 times in 2022. It is not clear whether they discussed the BlackRock consultants’ report, but it is clear that the risk of rising interest rates and the lack of hedging to offset these risks was ignored. Despite this, the bank declined to pursue the opportunity for improvements.

Moreover by this time, the San Francisco Fed had already given Silicon Valley Bank at least six citations for poor risk management practices and not doing enough to assure easy access to emergency cash. This should have been a warning sign to both regulators and investors, yet it seems that no one was prepared for the eventual collapse of the bank. This oversight deficit points to a lack of communication and assurance from the board and management to the public, which is a key compliance lesson for other organizations.

 Lack of a Plan

Clearly, SVB was not prepared with a plan to resolve the crisis when it occurred. There was a clear lack of communication between the board and management of Silicon Valley Bank, it’s audit firm, and the regulators. The board and management of Silicon Valley Bank were aware of the risks that their strategies posed, as evidenced by their hiring of BlackRock consultants to assess their risk management processes. However, they failed to take the necessary steps to address the issues identified by the consultants, leaving the bank exposed to the risk posed by rising interest rates. The auditors also failed to point out the strategic risk of the bank’s holdings, instead offering an anodyne report that did not indicate any risk of material misstatement or substantial doubt about the bank’s ability to continue as a going concern. Finally, the regulators, such as the San Francisco Fed, had raised multiple red flags about Silicon Valley Bank’s risk management practices and potential lack of access to emergency funding, yet they failed to create a plan to address these issues before the crisis occurred. As a result, the public, investors, and depositors were left in the dark, without a plan to respond to the crisis.

The collapse of Silicon Valley Bank is a stark reminder that organizations need to take effective steps to ensure proper oversight and risk management. This includes both board and management members being aware of the risks posed by their strategies, engaging with auditors to assess the risks, and having a plan in place to deal with potential crises. The Silicon Valley Bank case serves as an example of what can happen when these steps are not taken and the consequences of such a failure. It is up to organizations to learn from this case and take the necessary steps to ensure that a similar disaster does not occur again. Despite the gravity of the situation, there is still hope that organizations can achieve the same level of compliance and oversight by following the lessons from this case.

Check out the full episode of Compliance into the Weeds, here.

Categories
Compliance Into the Weeds

SVB Failure – Lessons for Compliance

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt and I continue our exploration of the collapse of Silicon Valley Bank (SVB) and take a deeper dive into the compliance angles. Silicon Valley Bank had taken some big risks which led to depositors having a near-death experience, shareholders losing all their money, and taxpayers ultimately supporting the bank’s bailout. Despite the auditors giving an anodyne report on the bank’s risk management, the board, management and regulators all missed the big strategic risks. As a result, the bank collapsed, leaving Matt to question whether stakeholders were given the right assurance on the right things.

Key Highlights

·      What risk management strategies did SVB senior management and Board miss or ignore that could have prevented the financial disaster?

·      Why did SVB’s management decline to pursue improvements to their risk management practices after being warned by BlackRock consultants?

·      Did regulators miss the red flags raised by the San Francisco Fed examiners 18 months before the collapse of SVB?

Notable Quotes:

1.     “We should remember that really, the auditors’ report is going to give assurance on two points: Number one, is there a risk of material misstatement in the financial statements? And number two, does the audit firm have any substantial doubt about the organization’s ability to continue as a going concern for roughly the next twelve months or so? That’s how long it is. But it’s those two things.”

2.     “When you have Elizabeth Warren and conservatives both raising hell at the same time, it’s a valid issue to go and look at then because that does not happen too often.”

3.    “It’s like nobody had thought about this when really once we rolled back DoddFrank protections and supervisory constraints specifically for mid-sized banks, which Republicans pushed through in 2018, once that happened, that became the systemic risk that regulators had to think about.”

4.    “Everybody kind of sort of knew there was a problem, but a whole lot of finger pointing and not enough planning and assurance and communication to the public at large and to investors.”

 Resources

Matt  on LinkedIn

Matt on Radical Compliance

Tom on LinkedIn

Categories
Blog

Reprioritizing Your Third-Party Risk Management Program -Implementation and Maintenance

Are you a compliance professional tasked with managing third-party risk relationships? Are you overwhelmed with the sheer amount of data that comes with that responsibility? How do you engage in implementation and maintenance. To answer these and other questions, I recently visited with Kairi Isse, Diligent’s Managed Services Group Manager, to discuss why the step of management after the contract is signed is the most important part of the third-party risk management cycle. She discusses the importance of ongoing monitoring and why it is critical for modern companies to understand the risks posed by their third parties. We consider the uses of an AI-driven ongoing monitoring search tool, allowing a customizable, auditable way to ensure compliance and reduce risk. Join us as we explore this most critical step on the life cycle of the third-party risk management—managing the relationship after the contract is signed. Here are the steps you need to follow to manage relationships with third-parties after the contract is signed:

  1. The importance of ongoing monitoring for third party risk management to minimize risks of data breach, bribery, and fines.
  2. Design and implement an effective ongoing monitoring program that works in practice.
  3. Utilize AI-driven ongoing monitoring search tools to focus on the right data for your organization.
  4. Create an audit trail to demonstrate the company’s continuous improvement based upon ongoing monitoring.
  1. The importance of ongoing monitoring

Ongoing monitoring for third-party risk management is key to minimizing risks of data breaches, bribery, and fines. Through proper monitoring and management of third parties, companies can ensure that their vendors are not putting them in a vulnerable position. In this interconnected world, third party risk is a significant compliance threat and can cause damage to a company’s reputation, leading to potentially hefty fines and perhaps more importantly reputational damage. Utilizing an AI-driven ongoing monitoring search tool can help reduce the haystack of data and find the needle, as well as a human element to review and analyze the watch list screen results. The key is to ensure their ongoing monitoring is effective and efficient throughout the entire life cycle of their third-party relationships.

 2. Design and implementation of ongoing monitoring

Designing and implementation of ongoing monitoring that works in practice is a critical step in managing a third-party relationship after the contract is signed. Utilizing AI-driven ongoing monitoring search tools is essential for a successful third-party risk management relationship. It is important to customize the search to focus on the right data for your organization, as this will make it easier to find the needle in the haystack. An AI-driven search tool should include all the big databases and sanctions watch lists, as well as adverse media, to ensure that the third party poses no regulatory risk; all after the contract is signed. There should also be transaction monitoring which reviews the sales or other transactions by the third-party. Finally, never forget the human element, to ensure that the data is correct and validated before final decisions are made.

  1. Analyze and validate thru AI-driven search tool

To analyze and validate watch list screen results and consider only true matches for further review, utilize an AI-driven ongoing monitoring search tool that includes all the major databases, sanctions watch lists, and adverse media. You should customize usage to your company’s risk profile, industry, and regulations your organization is required to comply with. Next review the search to determine if they are true matches or false positives. This helps to reduce the amount of noise and unnecessary data, as well as provides an auditable trail for every action. These actions will help create an auditable document trail which can be presented to auditors or regulators.

  1. Continuous improvement through ongoing monitoring

The next step is continuous improvement based upon your organization’s ongoing monitoring. Here an audit trail to demonstrate the company’s maintenance of ongoing monitoring, is critical. The Fox Maxim of Document Document Document, is still alive and well in the era of AI. Moreover,

This allows your organization to customize their search to focus on the right data for their organization and industry, eliminating the noise from irrelevant data sets. Once again the human factor comes into play through the review and analysis any potential matches from the AI searches to validate true matches. All of these steps should be auditable, recording every action taken in the system, allowing a company to demonstrate their continuous improvement based upon ongoing monitoring.

Managing your third-party relationship after the contract is signed is still the most a critical step any successful third-party risk management protocol. A well-designed and implemented compliance program should include regular screening of global databases and adverse media, even after the contract is signed. Transaction monitoring should also be used to test individual sales for any issues. An AI-driven ongoing monitoring search tool that can help reduce the haystack of data and find the needle, as well as a human element to review and analyze the watch list screen results. With these steps, your organization can be confident that your third-party risk management program is effective and efficient throughout the entire life cycle of your third-party relationships.

For more information, on Diligent’s Third Party Risk Management solution, click here.

Listen to Kairi Isse on the podcast series here.