One area that has bedeviled Chief Compliance Officers (CCOs) and compliance practitioners is how to determine the return on investment (ROI) for your compliance program regarding third parties. While it is still clear that third parties are the greatest risk in Foreign Corrupt Practices Act (FCPA) enforcement actions, senior management often wants to know what is the monetary benefit to the company for this type of risk management.

When you couple the request for ROI with the recent Department of Justice (DOJ) mandate for the operationalization of your compliance program, as articulated in the Evaluation of Corporate Compliance Programs, it may seem like a doubly daunting task. However the requirement for operationalization of your compliance program actually lends itself to formulating ROI around the risk management of third parties. This is because if you move the third-party compliance into the organization as a business process, with a technological solution, the ROI becomes not only clearer but easier to calculate going forward.

I recently read a study by Forrester Research Inc., suggested an approach for the anti-corruption compliance practitioner. In this study, Forrester compared the user experience, leading to a finding of a positive ROI for the technology user around third-party risk management. I found the approach and methodology used persuasive and valuable for the compliance professional to consider in evaluating such a process in your organization.

Some of the key findings readily translate across for the anti-corruption compliance practitioner. The first area was in risk assessments of third parties. If you are able to provide a technological platform, you can enhance both the speed and efficiency of your risk assessments on an ongoing basis. The decrease in time it would take for each risk assessment, both in terms of length and compliance department man-hours will yield an immediate cost saving for your compliance function.

Consider just two of the steps required in the lifecycle management of third parties, the questionnaire and due diligence. Both steps can be not only labor intensive to complete and analyze but the cycles of time spend sending out a questionnaire, receiving a completed form and then inputting the information into a spreadsheet for manual analysis can be quite time consuming. It usually involves the basic tools of spreadsheets, interviews, Internet searches and additional questionnaires. By tailoring your questionnaire to the specific risk areas and using logical question design you can reduce confusion and therefore decrease the cycle of response time. Additionally, in the final step of managing the relationship there is often not only a dearth of data but usually the data is in such a siloed format that (1) it cannot be utilized between corporate functions and (2) there can be no meaningful comparison across the third parties. Through standardized questions and responses, this data can be compared across the spectrum of third parties.

In addition to the increased efficiency in the compliance portion of this analysis, by operationalizing your third-party risk management in this manner, you increase business efficiency by bringing in more dollars more quickly for third parties on the sales side. For third parties on the Supply Chain side, the efficiencies turn on your use of their products or services more quickly in business critical elements of your company. Simply put, approving third parties and incorporating them into your business cycle will not only save your money more quickly and efficiently but also make you money more quickly and efficiently.

Using a tool that incorporates Software-as-a-Service (SaaS) platform would also allow a more comprehensive review of data and information for several reasons. Firstly the various types of data is not siloed but stored in a centralized platform. Second, having this type of data allows for not only an ongoing review of each third-party but also allows you to review historical trends. This enables you to move from detection to prevention and possibly even delivery of a prescriptive solution before an issue arises to a full-blown FCPA violation. You would also be able to garner a better understanding of relationships across industry sectors and countries with a bigger picture look.

Obviously you will need to set the parameters for the risks to be assessed but more clearly in the FCPA they deal with third parties who are or who have, as owners, Politically Exposed Persons (PEPs), the inability to account for discretionary funds such as marketing or other expenses was seen in a recent FCPA enforcement action, payments to offshore locations or unusual commission or other payments tied 100% to sales. Not only would your company have more and greater visibility into such issues but the range of third parties you could monitor would increase, perhaps at an exponential rate. As with the cost savings of the initial risk assessment, there would be similar savings for ongoing monitoring in the area of greater efficiency and need for smaller headcount from the compliance function to perform such ongoing monitoring.

The speed and robustness of this database is a key element in operationalizing your compliance program in the area of third parties. The prevent component of any compliance regime is improved as you would have better visibility into potential non-compliant third parties which you may have to discharge. You would also have the ability to work with non-compliant third parties to remedy any issues before they become legal violations and then recommend extra monitoring as appropriate.

Using the above as a guide the ROI calculation would be something along the lines of the number total number of hours spent on each risk assessment x the total risk assessments performed x the hourly rate of the compliance professional performing the services. So if you spend 20 hours on 50 risk assessments and the hourly rate for your in-house compliance professional is $100, the ROI is $100,000. Now just think of what that number would be around third parties if the SC third parties runs into the thousands. Even with a round number of 1,000 for such third parties, your ROI increases to $2MM. Of course you have to subtract out the cost for any technological solution but with these types of efficiencies, your ROI will still be quite impressive.

There are a wide variety of other factors that could increase your ROI, as detailed in the Forrester report, which include renewal assessments, ongoing monitoring, increase in business efficiencies for both your organization and the third parties, which would all work to uplift your ROI. Most critically you would demonstrate the operationalization of your compliance program into the very fabric of your organization.

Three Key Takeaways

  1. Why is it important to demonstrate ROI on your third party risk management program?
  2. Determining your ROI helps to demonstrate operationalizing your compliance program.
  3. Determining third party management program ROI can help to tear down compliance silos. 

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.

 

 

 

 

When was the last time you considered the health of your company’s third party management program? A good way to test that well-being is to perform a check-up on your third party program. An article entitled “Third Party Essentials: A Reputation/Liability Checkup When Using Third Parties Globally”, provided a manner for the compliance practitioner to test an “organizations health status concerning your relationship to your third parties.” The article provided seven points that you can consider in a self-assessment:

  1. Do you have a list or database of all your third parties and their information? Does your company have a full list of all third parties including such basic information as name, location, type of services provided, contract files and dates, principals of the third party and primary contact, due diligence files and any other information you might need to manage the third party relationship going forward? When was the last time this list was checked or updated?
  2. Have you done a risk assessment of your third parties and prioritized them by level of risk? You need to check and double-check which third party services present the greatest risk to your company by asking some of the following questions: (a) Is the third party’s service critical to your business?; (b) Is the third party’s service performed with little company supervision or oversight?; (c) Does the third party have access to any company funds, resources or assets?; (d) Can the third party fund the company contractually?; and (e) Does the third party obtain any foreign governmental licenses, certifications or other approvals for your company? When was the last time you asked these questions of the Business Sponsor or Relationship Manager.
  3. Do you have a due diligence process for the selection of third parties, based on the risk assessment? You should use the information determined through the risk assessment to “tailor the level of diligence to the level of risk.” Assign a risk profile to categories, such as high, medium and low. The higher the risk, the more due diligence will be required to vet the third party. Do you receive updated due diligence reports on a quarterly, semi-annual or annual basis?
  4. Once the risk categories have been determined, create a written due diligence process. Obviously you need to have a written policy and defined procedures to implement your due diligence policy. However, when was the last time it was reviewed or updated? What happens if you the compliance professional is hit by a bus coming to work? Would a substitute know what to do or would there be a written reference for your replacement? You should consider the following: (a) who is responsible for implementation; (b) list of red flags and how such red flags are to be dealt with and cleared; (c) a procedure to pay for any due diligence performed; (d) reference checks on third parties; (e) procedures for in-person interviews for third parties in a high risk category; (f) conflicts of interest checks, and (g) process for documentation and storage of all of the above information.
  5. Once the third party has been selected based on the due diligence process, do you have a contract with the third party stating all the expectations? When was the last time you considered your compliance terms and conditions or reviewed all of your third party contracts to ascertain if they include compliance terms and conditions: (a) anti-corruption and anti-bribery certification; (b)requirement that the third party maintain accurate books and records and that your company has audit rights; (c) indemnity rights; (d) anti-corruption and anti-bribery training for the third party’s employees; (e) an anonymous reporting mechanism for ethics complaints; (f) require the third party to obtain pre-approval to subcontract out any of its work for your company; (g) require the third party to report any ownership change back to your company, and lastly (h) clear termination rights.
  6. Relationship Managers. Just as your company would never have an employee who is not supervised, your company should not have a third party which does not have company oversight. Do you rotate Relationship Managers? What training has the compliance function provided to them as the company’s point of contact for third parties?
  7. Red flags review. When was the last time you checked on your third parties for any new red flags which may have arisen after the initial due diligence was performed or completed? At what interval do you update or renew your due diligence? How about a change from the company side regarding sales, sales practices, products or services which might become high-risk?

Many companies understand the maxim “Know Your Customer (KYC)”, nevertheless, in today’s global economy this maxim may well need to be expanded to “Know Your Third Party”. The bottom is that that there is no out, no; when it comes to third party risk management and third party compliance efforts. A good place to start is with a third program party checkup.

Three Key Takeaways

  1. What is the health of your third party risk management program?
  2. When was the last time you reviewed and updated your third party database list?
  3. Expand your KYC thinking to Know Your Third Party.

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.

 

 

 

Internal controls are a key tool to operationalize your third party risk management program. Initially, a compliance practitioner should perform an analysis of any third party representative to provide insight into the pattern of dealings with such third parties and, therefore, the areas where additional controls should be considered. The basic internal controls, that should be a part of any financial controls system, include some or all of the following:

  • A control to correlate the approval of payments made to contracts with third party representatives and your company’s internal system for processing invoices.
  • A control to monitor all situations in which funds can be sent outside the US, in whatever form your company might use, which could include accounts payable computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances or other forms.
  • A control for the approval of sales discounts to distributors.
  • A control for the approval of accounts receivable write-offs.
  • A control for the granting of credit terms to third parties or customers outside the US.
  • A control for agreements for re-purchase of inventory sold to third parties or customers.
  • A control for opening of bank accounts specifically including accounts opened at request of an agent or a customer.
  • A control for the movement / disposal of inventory.
  • A control for the movement / disposal of movable fixed assets.
  • A control for execution and modification of contracts and agreements outside the US.

There should also be internal control needs based on activities with third party representatives. These could include some or all of the following internal controls:

  • A control for the structure and enforcement of the Delegation of Authority.
  • A control for the maintenance of the vendor master file.
  • A control around expense reports received from third parties.
  • A control for gifts, entertainment and business courtesy expenditures by third party representatives.
  • A control for charitable donations.
  • A control for all cash / currency, inventory, fixed asset transactions, and contract execution in countries outside the US where the country manager has final authority.
  • A control for any other activity for which there is a defined corporate policy relating to FCPA.

While that may appear to be an overly exhaustive list, there were four significant controls the compliance practitioner implement initially. They include: (1) Delegation of Authority (DOA); (2) Maintenance of the vendor master file; (3) Contracts with third parties; and (4) Movement of cash / currency.

A DOA should reflect the impact of corruption risk including both transactions and geographic location so that a higher level of approval for matters involving third parties and for fund transfers and invoice payments to countries outside the US would be required inside an organization. Often, a DOA is prepared without much thought given to FCPA risks. Unfortunately once a DOA is prepared it is not used again until it is time to update for personnel changes. Moreover, it is often not available, not kept current, and/or did not define authority in a way even the approvers could understand it. Therefore it is incumbent that the DOA be integrated into a company’s accounts payable (AP) processing system in a manner that ensures all high-risk vendor invoices receive the proper visibility. To achieve this you should identify the vendors within the vendor master file so payments are flagged for the appropriate approval BEFORE they are paid.

Furthermore if a DOA is properly prepared and enforced, it can be a powerful preventive tool for FCPA compliance. For example, consider a wire transfer of $X between company bank accounts in the US might require approval by the Finance Manager at the initiating location and one officer. However, a wire transfer of $X to the company’s bank account in Nigeria, could require approval by the Finance Manager, a knowledgeable person in the Compliance function, and one officer. In this situation, the DOA should specify who must give the final approval for engaging third parties. Moreover, the DOA should address replenishment of petty cash funds in countries outside the US, as well as approval of expense reports for employees who work outside the US (including those who travel from the US to work outside the US).

Some believe the vendor master file, can be one of the most powerful PREVENTIVE control tools largely because payments to fictitious vendors are one of the most common occupational frauds. The vendor master file should be structured so that each vendor can be identified not only by risk level but also by the date on which the vetting was completed and the vendor received final approval. There should be electronic controls in place to block payments to any vendor for which vetting has not been approved. Next manual controls are needed over the submission, approval, and input of changes to the vendor master file. These controls include verification that all vendors have been approved before their information (and the vendor approval date) is input into the vendor master. Finally, manual controls are also needed when “one time” vendors are requested, when a vendor name and/or vendor payment information changes are submitted.

Near and dear to my heart as a lawyer, contracts with third parties can be a very effective internal control which works to prevent nefarious conduct rather than simply as a detect control. I would caution that for contracts to provide effective internal controls, relevant terms of those contracts (commission rate, whether business expenses can be reimbursed, use of subagents, etc.,) should be extracted and available to those who process and approve vendor invoices. If there are nonconforming service descriptions, commission rates, etc., present in a contract such terms must be approved not only by the original approver but also by the person so delegated in the DOA Unfortunately contracts are not typically integrated into the internal control system. They are left off to the side on their own, usually gathering dust in the legal department file room.

One FCPA enforcement action was an excellent example of the lack of internal control over the disbursements of funds and movement of currency because you had the country manager delivering bags of cash to a government official to obtain or retain business. All situations where funds can be sent outside the US (AP computer checks, manual checks, wire transfers, replenishment of petty cash, loans, advances, etc.,) should be reviewed from a compliance risk standpoint. Further, within a company structure you need to identify the ways in which a country manager (or a sales manager, etc.,) could cause funds to be transferred to their control and to conceal the true nature of the use of the funds within the accounting system.

All wire transfers outside the US should have defined approvals in the DOA, and the persons who execute the wire transfers should be required to evidence agreement of the approvals to the DOA and wire transfer requests going out of the US should always require dual approvals. Lastly, wire transfer requests going outside the US should be required to include a description of proper business purpose.

Never forget that internal controls are in reality, simply good financial controls. The internal controls that he detailed for third party representatives in the compliance context will help to detect fraud, which could well lead to the prevention of bribery and corruption.

Three Key Takeaways

  1. Internal controls are a key component of any operationalized compliance program.
  2. Internal controls are good financial controls.
  3. The top four internal controls for compliance are: (a) Delegation of Authority (DOA); (b) Maintenance of the vendor master file; (c) Contracts with third parties; and (d) Movement of cash / currency.

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.

 

 

 

Today I consider some tips from the world of fiction composition for your compliance program. These lessons are applicable for both the design, enhancement and implementation of your compliance regime. Moreover, by considering some of these techniques it should work to operationalize your compliance program as it will add differentiation for the different corporate audience every compliance practitioner must address.

Tempo is an important issue when writing a narrative. In the world of fiction, it is called pacing. Some stories are non-stop action and some linger over the tiniest of details for inestimable lengths of time. Between the breathless and the meditative is a wide variety of pacing. The key is to find the right pacing or variety of pacing for your story. While doing some study on fiction writing techniques I came across some interesting thoughts about pacing which I find are instructive for any compliance practitioner in creating or enhancing a compliance program. 

Professor James Hynes, in Writing Great Fiction: Storytelling Tips and Techniques, identified three general rules of pacing. The first is the pace of the entire work, contrasted with individual chapters and scenes. Under this rule, you need to proportion and balance your pacing across the story, juggling how much information you want to get across in the words and pages allotted to the matter. Of course, you must consider how much patience your reader has to receive and read your release of information.

For the compliance practitioner, this means not only how you are presenting the information but how the message is received. Have you considered the pace of not only the overall change but also the pacing of your training message? Finally, what about two-way communications? Are you receiving feedback which you are incorporating back into your compliance program going forward?

A second general maxim is the density of the narrative; that is the length of time it takes to relate the scene or chapter vis-à-vis the amount of time it takes to read it. Under this formulation, a long story depicting a short period of time will move slower that a short book which depicts a long period of time. A third axiom of pacing is between action and exposition. Typically, more important scenes have a full complement of tools. Conversely, exposition is generally used when filling in a character’s back story or describing a setting.

Obviously, an entire compliance regime written by lawyers for lawyers is a recipe for disaster. Use the tools of a writer that are available to you in your drafting, action, dialogue and setting. Louis Sapirman, Chief Compliance Officer (CCO) for Dun & Bradstreet, has called this a 360-degree view of communications. Finally, have you incorporated the tools of social media into your compliance messaging? If not, why not?

Other guidelines in fiction writing can inform your compliance communications. Drawing on Hynes concepts on pacing and Debbie Harmsen’s article in Writer’s Digest, entitled “5 Key Questions Writers Should Ask When Revising Writing”, I came up with some interesting ways for you to consider your compliance message and how you might work to use it to further operationalize your compliance program.

Does your message have the right message for audience? 

It would seem to be a basic axiom that any compliance practitioner would write a message about compliance. You must strike both the right note and set the right tone. This may mean you adapt your compliance message differently for different groups of employees. It would seem self-evident that a message that resonates in the US may not resonate with the same force in China or some other far-flung geographic location outside the US. You should also consider how you release the information and what forms of communications you will utilize to communicate to each audience within your organization.

Have you chosen the strongest possible structure and pacing? 

Harmsen noted, “Structure is critical to every piece of writing. It’s the framework that holds content together. It guides the reader along and, in doing so, subtly lets them know they can trust you… If your structure helps readers know where they’re going and feel confident about the types of information and entertainment they’ll get along the way, they’re more likely to trust you and what you have to say.” For the compliance practitioner, they key is whether your message is consistent and cohesive and does not send mixed signals. From the pacing side, consider the difference in views from 30,000 ft. vs. ground level, where a large picture may move more slowly than a small, quick page turning story.

How am I offering overall takeaways? 

The latest United Airlines public relations disaster should make clear once and for all that slavish adherence to a rules based culture may work in kindergarten but not in the real world of employees and customers. As a compliance practitioner, you must provide solid and useful information to the business team which they can operationalize. If you put too many rules in front of your employees: (1) they will never be able to remember them all; (2) you will never have enough for every conceivable situation; and (3) some situation will arise where slavish following of your rules will lead to a United Airlines-type disaster. 

Does each section or chapter have a clear purpose? 

I often rewrite compliance policies and procedures that were drafted by lawyers in law firms who have never practiced law, let alone compliance, from an in-house perspective. These policies and procedures read like they were written by lawyers for lawyers. The business person trying to read the company policy and do the right thing has little to no chance in such scenarios. Harmsen’s dictum to “look at each section of your article or each chapter of your book and note what purpose it serves to the overall piece. If it doesn’t have one, it likely needs to be either revised or cut” translates precisely into communications from the compliance function. If language does not serve a purpose, make sure that it does in the final version. Finally, make sure that everything appears “in an order that flows logically and easily from one to the next”. 

Is my voice authoritative without being overbearing? 

Harmsen nails her final section with the following, “Where is your ego in all of this? Are you like the guy who is trying too hard to impress his date?” The core of writing is like the core of compliance communications; it is about the content and not about you, the author. You certainly need to be competent in your communications around compliance but you need to also make sure your content is competent and, at the end of the day, that is what your compliance message, whether written, verbal or in video format, is about. By empowering your employee base in compliance, you take the most operationalization step possible, as you will have employees doing compliance.

As a CCO or compliance practitioner, you should always be curious and consider the 360-degree view of communications espoused by Sapirman. By using some of the tools of a fiction writer, you will have a stronger message which will resonate more intensely with your audience. It will also work for more fully operationalizing your compliance regime.

 

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2017

Next I consider at how data analytics can be used to help detect or prevent bribery and corruption where the primary sales force used by a company is third parties. A clear majority of Foreign Corrupt Practices Act (FCPA) violations and related enforcement actions have come from the use of third parties. While sham contracting (i.e. using a third party to conduit the payment of a bribe) has lessened in recent years, there are related data analysis that can be performed to ascertain whether a third party is likely performing legitimate services for your company and is not a sham.  There are several more complex analytics that can be run in combination to identify suspicious third parties, and some of the simplest can be to look for duplicate or erroneous payments.

A key to moving from detection to prevention is the frequency of review. It is common for organizations to periodically review a year or more of accounts payable invoices at one time for errors or overpayment. Changing this from a one-time annual or biannual event to something that is done daily or weekly dramatically improves the value of such internal controls. This more frequent, preventative analysis is integral to a foundation of third party audits. While many company perform periodic look-back audits, ongoing monitoring also works to accomplish the same queries on a daily or weekly basis. This allows organizations to find duplicate payments or overpayments after the invoice has been approved but prior to its disbursement. So instead of detecting a payment error three or six months after it is made, you prevent the money from leaving the company altogether.

Duplicate invoices are a favorite mechanism of fraudsters. Consider the following scenario, Invoice No. 955-TX, was paid for $10,597.95. Thirty days later the same vendor re-submitted the same invoice due to non-payment, but it was recorded by the payor organization without the hyphen between 955 and TX, consequently it was not detected by the system of payable controls. The problem is the second invoice had slightly different writing on the face of it, but it was for the same services and hence was a duplicate invoice. On the company side, both invoices were scanned into the company’s imaging system and queued for payment. Data analysis can locate such overpayments and identify a second payment should not be made because it is a match of one that had been previously approved.

Another analysis, which a compliance practitioner could compare using vendor name and other identifying information, for example address, country, data from a watch list such as Politically Exposed Persons (PEP) or Specially Designated National (SDN), to names and other identifying information on your vendor file. An inquiry could also be used to test in other ways such as if a vendor has the same surname as a vendor on the specially designated national terrorist list, or a politically exposed person.

Now suppose they share the same name as an elected official down in Brazil. How do we make sure that our vendor or broker is a different John Doe than the John Doe that is a politically exposed person in that country? It is only upon closer inspection where you can determine that the middle names are different and the ages are different, one of has an address is Brasilia and the other is in Sao Paulo. Without further inspection including other demographic information about your vendors, consultants or third parties and the comparing them to watch list individuals, such red flags are present but not cleared. That is what data analytics is designed to do, is to help you go from tens of thousands of “maybes” to a very small number of potential issues which need to be researched individually.

One of the important functions of any best practices compliance program is to not only follow the money but try to spot where pots of money could be created to pay bribes. Through comparison of invoices for similar items among similar vendors, data analytics uncover overcharges and fraudulent billings. Continual transaction monitoring and data analysis can prove its value through more frequent review, as individuals tend to perform better when they know they are being monitored.

The techniques used in transaction monitoring for suspicious invoices can be easily translated into data analysis for anti-corruption. Software allows a very large aggregation of suspicious payments not only by day or by month, but also by vendor or even by employee who may have keyed the invoices into your system. As these suspicious invoices begin to cluster by market, business unit or person a pattern forms which can be the basis of additional inquiry. That is the value of analytics. Analytics allows a compliance practitioner to sort and resort, combine and aggregate, so that patterns can be investigated more fully.

This final concept, of finding patterns that can be discerned through the aggregation of huge amounts of transactions, is the next step for compliance functions. Yet data analysis does far more than simply allow you to follow the money. It can be a part of your third party ongoing monitoring as well by allowing you to partner the information on third parties who might come into your company where there was no proper compliance vetting. Such capabilities are clearly where you need to be heading.

Three Key Takeaways

  1. Always remember to follow the money to see where a pot of money could be created to fund a bribe.
  2. Transaction monitoring techniques around fraud monitoring translate to data analysis for compliance.
  3. Do not forget to check names against known PEP and SDN lists.

 

This month’s podcast series is sponsored by Opus. Opus helps free your business from the complexity and uncertainty of managing the risks associated with your customers, vendors, and third parties. By combining the most innovative Third-Party Risk Management and Know Your Customer Compliance SaaS platforms with unparalleled data solutions, Opus turns information into action so your business can thrive. Opus solutions include Hiperos 3PM accelerator, the leading platform for third party risk management. To learn more, go to www.opus.com.