Reprioritizing Your Third-Party Risk Management Program — Risk Mitigation

Tom Fox

With the ever-changing landscape of regulations and laws, it is becoming increasingly difficult for companies to keep up and remain compliant. In this 5-part blog post series, sponsored by Diligent, I will consider the full range of third-party risk management. Today, we consider the risk mitigation and I visit with Michael Parker, Director of Advisory and Consulting Services for Diligent, to discuss how to approach the Board of Directors around the crucial issue of third-party risk management and risk mitigation.

Parker has been in the compliance industry for six years and has experience working with the Department of Homeland Security, Apple Computer, and over 300 clients in the compliance and legal space.

Parker dives into how Diligent's platform helps companies assess risk and comply with compliance laws such as the FCPA, UK Modern Slavery Act, Uyghur Forced Labor Prevention Act and more. Join us in this five-part series to learn how Diligent's platform can help reduce risk and ensure compliance.

Here are the steps you need to follow to also get risk mitigation: 

1. Screening — Screening for anti-bribery and anti-corruption, politically exposed persons, state owned entities, watch lists, embargoes, etc.

The screening process begins by collecting and inputting data into a single source of truth platform such as Diligent's Third Party Risk Management System. This platform allows for a risk-based approach to screening, in which the compliance professional can assess the risk of doing business with a third party.

This assessment includes screening for anti-bribery and anti-corruption, politically exposed persons, state owned entities, watch lists, and embargoes, as well as more recent regulations such as the German Supply Chain Act and the UK Modern Slavery Act. It also provides the ability to document and audit activities, allowing for better visibility and accountability from an internal and external perspective. Finally, the platform is constantly updated to ensure that it is compliant with any new laws or regulations that are implemented.

2. Risk-Based Approach — Evaluating the dossier of information to lead to a decision to approve or deny doing business with the third party.

The second step in the third-party risk management process is to take a risk-based approach in evaluating the dossier of information. This dossier typically includes the results of the screening process, any due diligence questionnaires and any additional investigations that have been conducted. All these items should be compiled into a single source of truth and reviewed to ensure that the organization has done its due diligence in assessing the third party.

The risk-based approach should be tailored to the specific organization and its risk profile, as well as the specific third-party that they are doing business with. This evaluation should also take into consideration any changes in laws, regulations and sanctions that may have been recently implemented. The diligence program should also be able to screen for a variety of different risks, such as anti-bribery, anti-corruption, human trafficking, politically exposed persons, state-owned entities, watchlists and embargoes.

Once the evaluation is complete, the organization should have a clear understanding of the risks associated with doing business with the third party and can make an informed decision as to whether to approve or deny the business relationship. This risk-based approach should be documented for auditability in case of any potential future inquiries or investigations.

3. Documentation — Documenting activities, notes, attachments and actions taken to show due diligence was done to mitigate risk.

Documentation is an essential part of risk mitigation and due diligence. It is important to maintain an audit trail of activities, notes, attachments, and actions taken related to third party risk management. This allows companies to easily access information and prove that they have taken the necessary steps to mitigate risk.

A platform such as Diligent’s Third Party Risk Manager can be used to keep track of all the necessary documentation. All activities, notes and attachments can be stored in a single source of truth, which provides visibility and auditability for the board. Additionally, the platform is regularly updated to ensure that it is up to date with the latest regulations and laws. This allows companies to remain compliant and mitigate risk. All these elements come together to form a dossier of information, which can be used to approve or deny business with third parties. Documentation is a key part of any risk management program and is essential for due diligence.

Over this five-part blog post series, we will explore reprioritizing your third-party risk management program. It is essential to properly evaluate third-party risk and to document all activities, notes and attachments to remain compliant and mitigate risk. With the right platform and approach, companies can keep up with the ever-changing regulations and laws and protect their businesses from potential issues. With dedication and hard work, business owners can stay ahead of the curve in risk management and compliance.

To learn more about staying ahead of vendor risk, explore 6 best practices for risk mitigation here.

Listen to Michael Parker on the podcast series here.

Learn how Third-Party Risk Management from Diligent can help your organization mitigate risk. Request a demo today.
Tom Fox

Tom Fox is the Voice of Compliance, having founded the only podcast network in compliance, the award-winning Compliance Podcast Network. It currently has 60 podcasts. Tom has won multiple awards for podcast hosting and producing and was recently honored with a Webby for his series Looking Back on 9/11. He is an Executive leader at the C-Suite Network, the world’s most trusted network of C-Suite leaders. He is also the co-founder of the Texas Hill Country Podcast Network.

He can be reached at tfox@tfoxlaw.com.