Everyone knows that change is difficult, but deciding how and when to instigate change can be the toughest part of the process. Many clients have voiced the desire to transition some or all of their third party due diligence procedures to an automated platform, but actually taking the plunge is daunting. There is little doubt that automation is the future of many third party due diligence processes. The volume of information available makes it increasingly impossible to stay on top of everything, unless you employ an army of analysts.
Compliance is rapidly embracing technological solutions. In the next five years, every company’s compliance program will need to automate key parts of their processes to ensure they remain effective (with emphasis on “effectiveness” as defined by DOJ and SEC guidelines). The measure of an effective compliance program is constantly evolving and technology will inevitably change the standards. The DOJ and SEC have already started to make clear that automation is expected. At first glance, the DOJ guidance may be overwhelming in the face of limited resources. However, you can implement a third party risk management program without breaking the bank or adding multitudes of employees.
One step is to evaluate the ROI of Automation. In evaluating the cost-benefit of automation, consider how much time and money is spent on each process. Automation allows you to rebalance the equation, trading monetary resources to save time that may be better spent elsewhere. Ask yourself:
• How well are we protected from risk related to all of our third parties and vendors—not just a select few?
• Are our processes being adequately documented so that records can be easily obtained should a government inquiry arise?
• Do human errors result in a slower or inaccurate process? What is the cost of this over time?
• Do logistical delays caused by manual processes reduce the speed of business?
Another step is to get executives and stakeholders up to speed. Regulators are no longer going to give you a pass for doing the minimum when it comes to third party due diligence. Increasingly, their expectation is that organizations understand the risks related to all of their third parties, not just a select subset. More and more company leaders are catching up with this paradigm shift, realizing that manual processes—and/or monitoring some but not all of their vendors and third parties—is no longer a viable approach to effective risk mitigation. The companies who are behind need to get up to speed on this business imperative. Third party due diligence vendors in this space can help you make a compelling business case if you are facing internal resistance to change.
The read the full list of steps Michael Volkov, former federal prosecutor and FCPA expert outlines, read the full article here.