The Importance of Ongoing Due Diligence

Transcription

1 A COMPLIANCE OFFICER S JOB IS NEVER DONE The Importance of Ongoing Due Diligence Live Webinar: August 17, 2017

2 Presenters Paul Johnson Product Director The Red Flag Group Varun Chandrasekaran Product Manager The Red Flag Group Andrea Libey Marketing Director, Americas The Red Flag Group About The Red Flag Group The Red Flag Group is a business advisory, information services and technology firm that helps corporations, financial institutions, government entities and SMEs manage integrity and compliance in their business and third parties. As The Compliance Firm, The Red Flag Group is where Chief Compliance Officers come for strategic advice and solutions to make compliance a competitive advantage.

3 Agenda 1 Introduction 2 What is ongoing due diligence and why is it important 3 Applying the risk-based approach 4 What to check 5 What are my options 6 Database monitoring 7 Outsourcing ongoing due diligence

4 Preliminary thoughts Due diligence is a continuous process Failure to engage in ongoing due diligence is an assumption of risk Clear today but a compliance challenge tomorrow Budget and manpower constraints

5 What is ongoing due diligence? Policy-driven Process of monitoring and periodic review of third parties for new compliance risks after initial onboarding due diligence is completed Mandatory re-approval Obtaining buy-in

6 Why is it important?

7 Why is it important? BEST PRACTICES Due diligence is only as good as the day it was completed Identify issues as they arise and take action immediately

8 Why is it important? REGULATORY REQUIREMENTS Department of Justice/Securities and Exchange Commission Ongoing monitoring and auditing is cited as among the considerations when evaluating adequacy of measures Ongoing monitoring is called out as one of three guiding principles that always apply

9 Why is it important? REGULATORY REQUIREMENTS (cont d) Department of Justice/Securities and Exchange Commission An absence of ongoing monitoring or renewal of due diligence could be equated with a lack of internal controls Serious Fraud Office Companies should consider renewing due diligence enquiries on a periodic basis

10 Poll Does your company have a policy on conducting some form of ongoing monitoring or renewals of due diligence on third parties? A B C Yes and strictly adhered to Yes, but inadequate resources make it difficult No D No, but it is recognized as a need

11 WHAT TO CHECK? Beneficial ownership changes Business license changes New litigation New adverse media reports Sanction or watch list hits Changes in business reputation or continuity

12 Using a risk-based approach

13 Using a risk-based approach Determining whether ongoing due diligence is warranted Third party s role Country(ies) where services will be provided Risk associated with the role Whether role has expanded or changed over the course of relationship Whether annual business volume has increased significantly over contract period Third party may be providing services in new countries Events, new regulations or stricter enforcement in countries of service (including changes in country s risk classification)

14 Using a risk-based approach Determining whether ongoing due diligence is warranted History of past compliance/ reputational issues Known high risk ownership structures Date of issue (more recent issues warrant more robust ongoing due diligence measures) Status of issue (unresolved allegations or investigations may require periodic due diligence while past convictions may warrant continuous monitoring to ensure future compliance) State-owned entities Third parties with beneficial ownership structures in place

15 Using a risk-based approach Risk analysis prior to initiating due diligence on third party universe Have third parties answer questionnaires Prior to engagement Repeat prior to re-contracting/renewal Based on results to database screening/monitoring

16 OPTIONS Renewal due diligence Database monitoring

17 Renewal due diligence

18 Renewal due diligence Follow-up investigation some time after an initial due diligence screening on the subject Renewal due diligence is conducted at either of the following points of a relationship with the subject: At contract renewal (typically, two to three years for most third parties) Periodically, over the course of a contract or relationship

19 At contract renewal FORMAT Enhanced due diligence review prior to re-contracting or entering into continued relationship with subject ADVANTAGES Consider changes in business relationship on requisite scope (for example, if business volume and countries of operation by a third party have increased over the relationship, a more robust investigation may be warranted at contract renewal) Re-profile key principals and learn about new ones Allows you to forecast due diligence spend each year

20 Periodic due diligence FORMAT Initial enhanced due diligence investigation based on subject s country, operations, risk, business volume and other factors Smaller enhanced due diligence reviews on quarterly or yearly basis through duration of relationship ADVANTAGES Identify issues or changes in status as they occur Build a more stable channel or supply chain by rooting out problematic third parties more quickly Spread due diligence spends out across the contractual year rather than paying large lump sums at start of relationship or at contract renewal

21 Renewal due diligence considerations At Contract Renewal Deeply entrenched third party relationships Conduct certifications on a yearly basis In-house resources or other capabilities to conduct monitoring Prefer to direct spend on a higher level due diligence at start of relationship Periodic Due Diligence Changes in business license could immediately impact my organization Changes in business continuity could disrupt my operations Organizational risk appetite requires me to identify issues as soon as possible Prefer to spread due diligence spend across contractual year

22 Database monitoring

23 Database monitoring FORMAT Continual automatic screening against watchlist, sanctions and media database Advantages Immediately identify changes in subject s profile against key risk areas such as sanctions, watchlist, government connection/political exposure and adverse media Use newly found hits as baseline due diligence to determine next steps

24 Database monitoring - considerations Document protocol on how hits are managed and what follow-up steps should be taken Resources must be in place to manage new alerts from the system and to confirm hits Database hits are not as in-depth as enhanced due diligence investigations, and often don t cover the same broad scope of risk areas

25 Poll What forms of ongoing due diligence does your organization currently utilize? A B C Renewal due diligence Periodic due diligence Database monitoring D All options E None

26 Our advice: use all options Identify high-risk third parties Assign questionnaires to third parties Review and analyze questionnaires Conduct initial database screening through questionnaire Order and conduct initial enhanced due diligence investigation No red flags approve third party Red flags Conduct risk mitigation Proceed to contracting on approved third parties Begin third party relationship Periodic enhanced due diligence report investigation Manage alerts from database screening Manage renewals

27 Outsourcing renewal due diligence

28 Outsourcing renewal due diligence Many organizations forego renewal due diligence due to a lack of resources Consider outsourcing the following activities to a qualified vendor: Identifying third parties approaching contractual renewal date Conducting periodic due diligence at regularly scheduled intervals Managing database screening alerts on a daily basis

29 Outsourcing renewal due diligence Due diligence and screening tasks are often the easiest to outsource, since they take place at defined points in the third party onboarding process By outsourcing, you can ensure: Fewer Alerts are managed on a timely basis Avoid missing new issues More time to focus on risk mitigation disruptions to the business

30 Outsourcing renewal due diligence Some organizations have outsourced multiple activities within the third party onboarding process to a vendor team This allows the vendor team to: Have greater oversight over the process Identify and order renewal/periodic due diligence when needed Escalate database alerts to you as the arise

31 Final thoughts Think about why your organization hasn t utilized ongoing due diligence yet Think about the change management plan that will be needed to embed ongoing due diligence into your onboarding process Consider how ongoing due diligence fits into or impacts your business model, operations and contracts Conduct a pilot identify where you have local compliance champions for testing Determine what options your compliance technology platform offers as support

32 More information? Please select any topics that you would like us to provide more information on. A Due diligence reports and renewals B Ongoing monitoring with databases C Compliance outsourcing

33

34 Questions? Q&A

35 Connect WEBSITE WEBINAR SCHEDULE AND RECORDINGS /webinars FOLLOW US LinkedIn: The Red Flag Group