Third Party Onboarding Compliance Recommendations
Dun & Bradstreet’s Amy Hayenhjelm and Neil Isherwood discuss “How to make third-party risk management less painful”, in this latest webinar, as part of the International Compliance Assocation's (ICA) #BigCompConvo webinar series. Register here for the webinar to hear practical recommendations for faster & efficient onboarding and the successful management of third party compliance.
Managing a compliance program can be extremely disruptive to an organisation. Firms must not only run checks on potential customers, but also ensure that third-party risk is a key part of their comprehensive compliance program, to avoid exposure to bribery and corruption and the associated reputational ramifications.
In addition, with business pressure to move quickly and efficiently a common driver, the onboarding process is a key area where competitive advantage can be gained or lost. Verifying third-parties, determining risk and creating visibility for your stakeholders are key to an effective program - but this can still be a manual process which does not make the best use of your human capital.
Approaching the program in an organised manner will help you manage your resources effectively, ensuring that you are protecting your company and your brand, while not overwhelming your team.
6 Step Compliance Program
A multi-step compliance program will deliver tangible results from loss avoidance related to global penalties/fines and third-party risk, but will require content, processing, analysis and adherence at each step:
- Identify & Verify: Identify the specific entity and its relationships and verify data against that business, taking a risk-based approach
- Beneficial Ownership: Establish ownership of the business and determine Ultimate Beneficial Owners. Leverage that information based on your company’s risk tolerance
- Screen: Screen entities for sanctions, politically exposed persons, reputational risk and litigation risk
- Assess Risk: Assess the risk of the entity to determine whether the business passes your compliance policy
- Reporting: Demonstrate and document adherence to established policies
- Monitor: Keep watch on the businesses in your portfolio for any changes to circumstance events and compliance flags that may change how you assess the entity
However, collecting all the information required to manage your compliance program is not only time consuming but can be costly.
So, how exactly do we propose to make this less painful, you ask?
Compliance Program Automation Best Practices
Leveraging best practices and automation can enable managing your compliance program to be effective and achievable. During the webinar, we will cover best practices and ways to automate your compliance program across these 4 key areas:
- Policy and adherence - All parties, internal and external, need to understand what is required, how to comply and what are the consequences of non-compliance. A compliance policy is only as good as its execution.
- Using a risk-based approach - A risk assessment process to identify, segment, mitigate, and monitor risks and risk factors will assist in identifying where you need to focus, and will also enable you to create a program that is both designed around your company’s risk tolerance and cost effective for your organisation.
- ID and verification - Knowing exactly who you are doing business with – not just the company, but the people behind it - and leveraging multiple sources to verify self-reported information is the starting point for every compliance program.
- Automating data collection - Automate the collection of data from your customers, suppliers and third parties in a flexible way.