Getting a Grip on Managing Third-Party Risks
Third party risk are neither sudden nor a rising challenge for global corporations as well as SMV. Whenever we conduct an assessment or workshop, discussions invariably turn on managing third parties, no matter which continent or the level of risk the company or organization actually might be in.
Oversight and regulatory bodies all over the world are serious about third-party risk therefore companies that currently are having difficulties in either training or communication need to figure out how to manage and oversee the activities of third parties that can potentially cause financial and reputational harm to them
Many functions and transactions in an organization often share the same risk. Attend the Copenhagen Compliance Conference and find out what it takes to convince everyone in the business or organization to be a risk manager.
Employee engagement is critical to the success of any compliance and ethics program. With the number of national and International mandates like The False Claims Act, The FCPA, the Bribery Act, EU directives and many other equally powerful regulation, companies understand that their employees and third parties are at the front line and are always searching for ways to engage and effectively communicate with them.
Ask and look for metrics to quantify. The results will develop into a systemic approach, that ensures that the right controls are in place, and that internal audit, corporate compliance, and governance functions are working together to manage the company's 3rd party risks.
Using distributors and agents is how we bring our product to market
. The implementation intensity of ten depends on resellers and distributors as its primary means of selling goods.
Many companies fear that FCPA, BA and False Claims Act are becoming a much bigger litigation risk for companies in the future. Our response to that is our AIM approach. Besides having good controls, focus on Assessment, Identification and Monitor and how to alert senior management without fear of possible retaliation
Tone at the Middle
In developing an expert approach in the organization is to see the brighter side or the bigger picture related to the increasing Compliance incl. intolerance for bribery from oversight and regulators. In our training we advise and encourage vigorous enforcement that actually tells workers that bribery is a serious issue and they need to pay attention to its compliance.
To avoid any misunderstandings, the stepped-up enforcement gives the organization or company a simple message, whatever that can be. E.g. The Company prohibits all forms of corruption, public or commercial.
Britain's Bribery Act bans all forms of overseas bribery, whether it's paid to a government official or a private citizen. That's a key difference from the U.S. Foreign Corrupt Practices Act (which only bans bribery to foreign officials)
That means that from a messaging perspective, it gets confusing and difficult. Therefore its important to ensure proper understanding by middle management so that they can explain the decisions to the rank and file.
We list here some of the critical challenges when flagging risky third parties to managers of business units. The checklist is developed from a recent workshop on the issues:
Figure out what's going on
- Have visibility to who [third parties] are all the time.
- Who the vendors, suppliers, and resellers actually
- Are they on board with our way of doing things?
- What those businesses do for the business
- What risks they might potentially pose.
- Make sure we know exactly what they're up to
- Develop an effective way of identifying the "most risky" third parties, so the corporation can respond accordingly.
- Make it easy to identify a key risk, institute and monitor controls to mitigate a risk, and ensure that risk is properly communicated across the organization with the right accountability.
- Document the reasons and decisions made on the identified risks for future reference
- If it's not owned and driven by the business, it's not going to take root.
Therefore vendor risk assessments and compliance continue to confuse many companies and getting a handle on supply-chain risk is at the top of their priority list.
This is due to increased regulatory scrutiny, continuing cost pressures, active stakeholders, and a vigilant oversight. Businesses must have a clear understanding of the risks that are inherent in external business relationships.
Only by recognizing and proactively and participating at the Copenhagen Compliance Conference would will reduce exposure to risk and achieve stronger relationships with service providers, suppliers, and delivery partners.
We have recently conducted workshops for a major international business player on this subject and we will be happy to share the presentation with you. Send us an email.
Look forward to the presentation on Third party Compliance at the Copenhagen Compliance Conference.