Transcript Third-Party Due Diligence

Third-Party Due Diligence
Integrating In-house Technology and Outside Services Providers
Agenda
 Brief Introduction of Speakers
 Evolving Third-Party Risk Management Standards
 Engaging Third-Party Providers
 Q&A
Today’s Evolving Standards
 Companies are integrating basic to advanced technology
platforms to monitor third-party relationships
 Creates a repository of key, auditable data
 Maintains approval limits and accountability
 Back-end risk methodology to assign risk ratings
 Contract database that maintains integrity of document versions
showing of risk analysis
 Integration of guidance when to engage an outside due diligence
provider
Sample Technology Workflow
Requestor
First
Reviewer
Final
Reviewer
Employee
Completes
Preliminary Third
Party Questions
Review & Submit
(1) Final Reviewer
(2) Deny or Return
to Requestor
Complete Level 1
Report
Complete Level 2
Report
Finalize and
Submit Info to
Second Reviewer
Review & Submit
(1) Final Reviewer
(2) Escalate for
Level 2 Report
Review
(1) Approve
Review
(1) Approve
(2) Return for Info
(2) Return for Info
(3) Deny
(3) Deny
Engaging Third-Party Providers
Providers:
 Build upon work already completed by in-house systems to
avoid inefficient duplication of work
 Enhance in-house due diligence by extending its reach to
hard-to-find records and human intelligence
 Communicate findings clearly with a defined scope of work to
help you internalize our work
Cost-Effective Scope of Work
 Level 1: Public Records / Database Research
 Suitable for low- to medium-level risk targets
 Verification of bona fides disclosed in the Questionnaire
 Thorough review of publicly available documents such as corporate records,
court records and local media
 Tailored scope to suit in-house pricing needs and avoid duplicative work
 Level 2: Human Source Inquiries
 Suitable for medium- to high-risk targets
 Ongoing Role
 In-house teams need to refresh due diligence periodically
 Costs can be kept down by going to the same outside provider every two years
rather than engaging someone new each time
When Intelligence Matters
Significant questions are unanswered in the public. Examples:
 Is the ongoing investigation/litigation involving our potential agent likely to
lead to any risk-relevant actions or sanctions?
 A tabloid described our agent as a corrupt arms dealer, but he says that
it’s not true and he’s never been convicted of wrongdoing.
 Is the John Smith cited on the OFAC list the same John Smith we’re
engaging? It’s a common name and there’s limited public information.
 Is our agent going to fall out of favor with when the government changes
after the election, and what would that mean for our business?
Human Sources
Thorough Level 2 due diligence includes speaking with
knowledgeable sources from three broad angles:
 Government sources with knowledge of past or current
investigations and official actions
 Industry sources that are familiar with subject’s reputation
within the field
 Professional sources such as business consultants, lawyers
and journalists that have researched the subject before or can
provide broader context
Questions?
Michael Harrington
Greg Shultz, Managing Director
mintzgroup.com
www.thecompliancetable.com
[email protected]
[email protected]