By Rick Chapman, Assistant General Counsel,
Global Ethics & Compliance, Halliburton
According to new research from The Risk Advisory Group, third party risk is at the top of the agenda for compliance professionals in 2018. This is hardly surprising when you consider that businesses are increasingly reliant on networks of third parties to take their services and products to market – and evidence shows that these third parties pose a significant risk. The challenge for compliance teams is how to manage these relationships effectively and efficiently.
Technology is one solution – and a powerful one at that. Automated due diligence processes such as online questionnaires, evaluation, and approval systems can bring all manner of benefits. However, they can create new complexities that threaten the promised efficiency gains if they are not managed in the right way.
Following are some of the lessons that I have learned “on the front line” about getting the most out of online due diligence systems in order to increase efficiencies:
The personal touch
Don’t expect third parties to respond to automatically-generated requests without some kind of human intervention. Built-in automatic reminder notices may elicit a response from some, but many third parties will expect a more personal request and a detailed explanation. Also, in certain scenarios, there can be no substitute for human intervention. For example, overcoming language barriers, addressing concerns over use of the information, and handling requests to redirect or relaunch online questionnaires to other individuals; these all benefit from the personal touch.
Also, some third parties may not respond or may refuse to respond, to online requests for corporate ownership information, fearing the requests are from an illegitimate source or that the requested information is sensitive and subject to privacy laws. To avoid unnecessary delays and inefficiency, be prepared to demonstrate the legitimacy of the exercise and provide assurances with respect to the handling of private information in compliance with applicable privacy laws. This can’t be achieved by online systems. It is down to compliance professionals to set the correct tone and help third parties understand that their cooperation with the due diligence process is key to demonstrating their commitment to ethics and compliance.
Flexibility for discretionary decision-making
No online due diligence platform can fully account for every potential circumstance; therefore, the platform should be designed to allow compliance professionals to make discretionary decisions in an auditable manner. For example, a third-party respondent may misinterpret a question and provide a response that leads to an incorrect categorization or risk ranking. Or a proposed purchaser of company products may see themselves as a customer, but the compliance professional may conclude that the purchaser is representing the company as a distributor with a higher risk rating. It is important that compliance professionals retain ultimate responsibility for evaluating responses and assessing the risks associated with the third party, and any decisions and justifications should be recorded and documented in a verifiable way. Documented discretionary overriding helps avoid inefficient, inappropriate, and confusing workflows based on responses to online questionnaires; it also makes for a better and smoother experience for the respondent.
Adapting your workflow over time
As your due diligence system becomes more sophisticated and more widely used, you may want to make some changes in order to achieve further efficiency gains. After years of implementing due diligence as part of compliance programmes, companies may find that an increasing amount of time is devoted to maintaining existing third-party relationships. The challenge is how to adapt the workflow to more effectively handle them. Simply “re-running” them through new online due diligence platforms may frustrate trusted vendors. To increase cooperation and reduce delays, distinguish initial reviews from periodic reviews of existing relationships, and limit the focus of the latter to aspects that are relevant to ongoing operations.
Collaborating for greater efficiency
Over time you may find that the scope of your due diligence process and systems begins overlapping with other corporate functions such as procurement department vendor selection systems, vendor onboarding processes in enterprise resource planning systems, and third-party screening by international trade compliance. Integrating these related business processes through unified workflows, data sharing/transfer, or system consolidation can lead to much greater efficiency. The key to unlocking the benefits is multi-departmental cooperation, planning, and budgeting.
Every compliance department will have its own strategy for managing its growing network of third-party relationships. However, there is no denying that technology can help when used in the right way. By automating time-consuming administrative tasks, it frees up compliance professionals to play a more strategic role in how they protect their business. And that can only be a good thing.