Jag Lamba and Jared Ezzell from Certa, join Tom Fox on the Innovation In Compliance podcast to explore the essential elements of a thriving third-party risk management program. They emphasize the significance of minimizing reliance on third-party self-disclosures by utilizing technology and data. They also highlight the importance of integrating due diligence, training, and ongoing monitoring to create a comprehensive approach to risk management. The conversation extends to payment controls, charitable donations, and the integration of the program into the overall third-party risk management lifecycle.
Jag is the founder and CEO of Certa. Jared Ezzell is the Chief Customer Officer. Certa is a third-party lifecycle management platform for procurement, compliance, and ESG. Their no-code platform provides an easy and efficient way to digitize and manage the lifecycle of all suppliers, partners, and customers. Certa’s automated onboarding, contract lifecycle management, and ESG management eliminate the procurement bottleneck, allowing companies to onboard third parties three times faster. With their cutting-edge technology, Certa is transforming the way businesses manage their third-party relationships, ensuring compliance and sustainability at every step.
Here are some key points Tom, Jag, and Jared talk about:
- Jared talks about his professional background and his role at the company Certa, their products, and their customers.
- The hallmark of an effective anti-bribery and anti-corruption compliance program is the concept of risk assessment.
- Jared discusses the nine elements developed by Certa for an effective compliance program.
- The three dimensions of a complete solution for compliance risk management are full spectrum risk management, the full life cycle of the third party, and the full spectrum of third parties.
- A successful technology transformation project should be a modular rollout, with a focus on solving the highest pain point within three months and continuously phasing the rollout to avoid becoming overwhelmed.
- Jag and Jared clarify that while the company doesn’t play the role of creating the documentation, they provide input and help evidence the client’s defensible positioning in support of the client’s policies.
- Jag tells Tom that the ongoing monitoring of third-party relationships requires companies to have data sources and processes in place, have a controls framework to act on information, and automate controls to handle egregious alerts.
KEY QUOTE:
“The ability to systematically enforce payment controls is a key common practice in successful third-party risk management.” – Jared Ezzell
Resources:
Jag Lamba on LinkedIn | Twitter
Jared Ezzell on LinkedIn