More than insurance
An important piece in the risk management jigsaw is ongoing entity monitoring to manage the financial, reputational and strategic risks that are inherent parts of doing business with third parties. While most third parties are honest, does your company know whether others are engaged in bribery, corruption, money laundering or other illegal activities? What strategies do you have in place to deal with the fallout should one of your clients or suppliers face an investigation?
Entity monitoring to manage third party risk is not just an insurance policy. Properly implemented, it can build stronger supply-side relationships, resulting in a more proactive, responsive and more profitable relationship for both parties.
Heading danger off at the pass
Company leaders are increasingly recognising the need for a new approach to identify third party risks to be able to take remedial action quickly to prevent reputational, regulatory or financial damage. Entity monitoring allows compliance staff to identify high risk third parties, act on the information received and escalate if it represents a threat. What many companies do not realise is that traditional internal due diligence procedures for identifying third party risk may not be enough, particularly in high risk industries.
The UK Financial Conduct Authority (FCA) makes it clear in 'Financial crime: a guide for firms', that a "firm's compliance function has oversight of all third-party relationships and monitors this list to identify risk indicators… Firms must therefore put in place systems and controls to identify, assess, monitor and manage money- laundering risk".
A similar publication by the US Department of Justice (DoJ) and Securities and Exchange Commission (SEC) on the Foreign Corrupt Practices Act (FCPA) says: "Companies should undertake some form of ongoing monitoring of third-party relationships."
Who, what and how to monitor
An effective third party monitoring campaign encompasses suppliers, partners, agents and any other third party a company has dealings with to identify red flag issues. It involves monitoring international watchlists, news providers, sanctions lists and alerts on Politically Exposed Persons (PEPs).
The sheer volume of information that is now available means that manual checking and monitoring is not an effective option: companies now need to automate this process – usually through a specialised risk and compliance provider.
The wider picture of a third party's partners, associates and suppliers that a specialist service provides will help a company meet enhanced due diligence requirements, while advanced data analytics, media monitoring and screening will help improve relationships, leading to smoother processes and higher profitability.
Different levels of monitoring services are available and a company's choice of service should depend on the degree of risk inherent in a third party relationship. One-time checks, for instance, can usually be achieved through individual subscription services where selected content is purchased to meet a specific requirement. Aggregated subscription services, however, are more appropriate where ongoing monitoring is required, where significant language or cultural barriers exist, and when the company is operating in high risk industries or territories.
ps 3 ways you can apply this information right now to…