SlideShare a Scribd company logo

Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oct 2012

Download as PPTX, PDF
Eddie Cogan
Eddie Cogan

Results from our polls and questions posed at the latest 3rd party Compliance Webinar just past; participants included Tom Fox and the Chief Compliance Officer at PTC. Session II is about on-going risk monitoring and audit programs and is next Wednesday at 12

1 of 25
Catelas 360 Relationship Compliance Training Gap Analysis Periodic Audits PEP lists Risk Assessments On-boarding Rapid Event Response & Due Diligence Investigations Fully Automated, Real-Time Visualization of your entire 3rd party Operations Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Session I How much risk are you on-boarding with each new partner or acquisition? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Session I: Agenda Panel Introductions  Thomas Fox, Principal, tomfoxlaw.com  Martha Durcan, Chief Compliance Officer, Parametric Technology Corporation FCPA & UK Bribery Act  Eddie Cogan, Founder & CEO, Catelas, Inc. Panel Debate & Discussion  What risks exist, when you do business overseas?  What risks should you worry about with each new agent/partner/acquisition?  How to you better understand your risk and measure your risk exposure?  If a partner is high risk what options do you have?  Can technology help? What tech is available today?  How do you ensure you are prepared should you meet the DOJ / SEC? Questions  Email them to me at eddie.cogan@catelas.com  Or simply use the chat facility on the webinar. Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
2012 Enforcement Actions Key Take-Aways • Morgan Stanley-compliance programs do receive credit • Pfizer – New “enhanced” compliance requirements and due diligence in the merger and acquisition context • Tyco-Non-Prosecution Agreement for repeat Offender • Opinion Release 12-01-how does your due diligence affect your use of agents? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Martha Durcan Chief Compliance Officer October 31, 2012
Focus on Ethics and Compliance • Compliance assessment conducted by third party • Charter of PTC’s Board of Directors Governance Committee expanded to include compliance monitoring • Dedicated Compliance Group established – Chief Compliance Officer appointed • A key focus area is Anti-Corruption – New partner on-boarding process implemented – Catelas compliance software purchased to automatically inventory 3rd party relationships, uncover relationship history and to conduct internal investigations 6
Enhanced Partner Assessment Process There are five key elements of our partner assessment process. • Partner Identification and Business Justification – There must be a business justification for each partner that has been approved by the appropriate manager prior to initiating automated partner due diligence • Partner Assessment – Due Diligence – Partner due diligence process is automated • Partner Engagement – Each partner signs a contract with PTC containing enhanced anti-bribery provisions – PTC’s Anti-bribery Policy is delivered to each partner with the contract signed by PTC • Partner Training – Anti-bribery training will be provided to each partner – The type of training received will be partner-specific based on perceived risk • On-Going Monitoring – Re-assessment at contract renewal and sooner based on deal and region-specific factors PTC CONFIDENTIAL 7
Partner On-Boarding: Key Challenges and Benefits Challenges • Partner Review in Emerging Geographies – Overcoming challenges presented by different cultures, language, time zones • Distinguishing the true risk profile of a partner – Evaluating the Inherent risks (industry, country) versus partner specific risks (type of partner, target customers of partner) • Due Diligence on Partners with High Risk Scores – Determining when and how much due diligence is adequate Benefits • Increased visibility (not just transparency) into partner relationships • Broader awareness of compliance risks internally and externally • Centralized system of record 8
Discussion Questions • Red Flags – Do they differ by region? – Examples of red flags that have lead to rejection of high risk partners – Commonly missed items? • Partner Training – Is on-line training effective? • Partner Audits – Are they being done? – How frequently? – Process tips? • Driving Behavioral Change Throughout the Organization – Effective tools 9
Compliance Burden Compliance must clearly communicate, demonstrate and display the effectiveness of Compliance Programs that combat these risks:  Anti-Trust , anti-competitive business practices and Cartel  FCPA & UK Bribery Act  Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties)  Partner On-boarding and Due Diligence  Code of Conduct, Sales and Marketing Policy  Supply Chain risk: vendor kick back, conflicts of interest  Data Theft, Intellectual Property and Privacy  Information Barriers and Employees with access to sensitive data  New and Departing Employees "Demonstrating Compliance Effectiveness is Critical: [Regulators] want proof that the programs are actually working." - Steve McGraw, from Compliance & Ethics Professional Magazine Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Catelas360 – End to End Coverage Compliance Audit Legal On-boarding Policy Risk Alerts On-going Audit & Internal Identification Early Case PEP Lists Enforcement Risk Assessments due diligence Investigations Priority Review Intelligence Email Log Files Compliance Database  Risk Scores  Employee training certification  Partner certification & agreements Lists Finance HR CRM Compliance Company Attributes (From CRM e.g. Siebel)  Company types: customer, partner, distributer, agent Published Lists Financial Data Employee / Contractor Attributes (From World Compliance etc.) (From Finance database) (From Contact / HR database e.g. PeopleSoft)  Global Sanction List  Total value of partner business  Role: sales, finance, logistics  Global PEP List  Lists of transaction with partner  Responsibility: VP, Dir, Mgr  Global Enforcement List  Location: Beijing, China  Global Adverse Media List  Contact details: email, telephone  Global Foreign Official List Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
3rd Party Transparency & Control Partners grouped by Every partner, globally, automatically ranked Region & Relationship Strength View Relationship History: What is being said? Who is key? In your company ? At the partner? What work are they doing? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Policy Enforcement & Monitoring Rules focusing on specific behaviors Policies focusing on specific risks Results captured for Review with severity level Risk broken down by time periods of interest Advanced Analytics on identified risk Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Litigation Investigations Internal Investigations WITHOUT COLLECTING EMAILS Quickly identify the most relevant custodians based on their relationships Only collect what's relevant. The key relationships lead us to the most relevant keyword-based documents Deliverables: Impact Report within a single day  Identification: Identify key players before collection  Intelligent Collection: of communications between key people  Priority Review of most relevant (< 1%) data within 1st day  Uncover ‘hot docs ’ for senior review within 1st day Providing counsel with key strategic information about a matter, earlier enabling conflict resolution, better negotiations etc.. Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Topic 1 The on-boarding process ―What are the risks? ―Where should you focus? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Poll Question 1 – with Results How mature is your Compliance program? <pick one answer> 1. We have policy and procedures. Employees sign up to these 2. We have a repeatable on-boarding process 3. We monitor for risk with annual audits & interviews 4. We monitor continuously - are looking to change behavior Answer 1 Answer 2 Answer 3 Answer 4 Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Topic 2 The on-boarding process ―How do you uncover risks? ―How do you measure these risks ―What do you do about this risk? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Poll Question 2 – with Results Do you see technology as an essential component of the Compliance function? <pick multiple answers> 1. No. We believe our on-boarding process is sufficient 2. Yes for Financial Transaction Monitoring 3. Yes for automating and documenting the on-boarding process 4. Yes for understanding people, relationships and history 5. Yes - all the above are important Answer 1 Answer 2 Answer 3 Answer 4 Answer 5 Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Topic 3 The on-boarding process ―How do you prevent risk in the fist place? ―Should you monitor for ‘bad actors’? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Topic 4 The on-boarding process ―How important is documentation? ―What kind of audit trail should you preserve? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Poll Question 3 Which part of the puzzle is your current focus? <pick one answer> 1. Building out a good on-boarding process 2. Risk Monitoring - understand risk across existing portfolio 3. Risk Prevention - Training, enforcement, incentives, behavior 4. Documentation - ensuring a seamless audit trail Answer 1 Answer 2 Answer 3 Answer 4 Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Session II Your on-boarding process works, so now what? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Session III Event Response & Remediation when bad things happen, what should you do? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Catelas 360 Relationship Compliance Real Time Reduce Control Costs Respond Puts to events Low cost, deep visibility from HQ Compliance Fast For Legal, Compliance & Security in Control Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
Thank You Eddie Cogan 617 407 2967 eddie.cogan@catelas.com www.catelas.com Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved

Recommended

Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013
Rahul Bhan (CA, CIA, MBA)
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
David Cunningham
 
Red Flag Rules Compliant? Maybe Not...!
Red Flag Rules Compliant? Maybe Not...!Red Flag Rules Compliant? Maybe Not...!
Red Flag Rules Compliant? Maybe Not...!
pdallen
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational risk
Diane Christina
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
Rahul Bhan (CA, CIA, MBA)
 
Riskpro legal and compliance audits
Riskpro legal and compliance auditsRiskpro legal and compliance audits
Riskpro legal and compliance audits
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
Rahul Bhan (CA, CIA, MBA)
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...
David Cunningham
 

Recommended

Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013
Rahul Bhan (CA, CIA, MBA)
 
Risk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunninghamRisk management for law firms chapter 1 ark 2009 by dave cunningham
Risk management for law firms chapter 1 ark 2009 by dave cunningham
David Cunningham
 
Red Flag Rules Compliant? Maybe Not...!
Red Flag Rules Compliant? Maybe Not...!Red Flag Rules Compliant? Maybe Not...!
Red Flag Rules Compliant? Maybe Not...!
pdallen
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational risk
Diane Christina
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
Rahul Bhan (CA, CIA, MBA)
 
Riskpro legal and compliance audits
Riskpro legal and compliance auditsRiskpro legal and compliance audits
Riskpro legal and compliance audits
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
Rahul Bhan (CA, CIA, MBA)
 
Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...Ilta06 developing and selling an enterprise risk management approach by dave ...
Ilta06 developing and selling an enterprise risk management approach by dave ...
David Cunningham
 
Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And Automation
Jordi Planas Manzano
 
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
Michel Rochette
 
The Role of the Chief Risk Officer Why You are the Most Important Person in Y...
The Role of the Chief Risk Officer Why You are the Most Important Person in Y...The Role of the Chief Risk Officer Why You are the Most Important Person in Y...
The Role of the Chief Risk Officer Why You are the Most Important Person in Y...
WolfPAC - Integrated Risk Management
 
Legal Management Process: A paradigm shift as a Business Enabler
Legal Management Process: A paradigm shift as a Business EnablerLegal Management Process: A paradigm shift as a Business Enabler
Legal Management Process: A paradigm shift as a Business Enabler
Amber Gupta
 
Risk Management Certification
Risk Management CertificationRisk Management Certification
Risk Management Certification
Rahul Bhan (CA, CIA, MBA)
 
Reputational Risk
Reputational RiskReputational Risk
Reputational Risk
IBMGovernmentCA
 
Riskpro construction industry
Riskpro construction industryRiskpro construction industry
Riskpro construction industry
Rahul Bhan (CA, CIA, MBA)
 
Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 Report
Daryl Resnick
 
Riskpro Trainings Automotive Industry
Riskpro Trainings Automotive IndustryRiskpro Trainings Automotive Industry
Riskpro Trainings Automotive Industry
Rahul Bhan (CA, CIA, MBA)
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
Rahul Bhan (CA, CIA, MBA)
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
Rahul Bhan (CA, CIA, MBA)
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
Rahul Bhan (CA, CIA, MBA)
 
Risk Management Benchmarking
Risk Management BenchmarkingRisk Management Benchmarking
Risk Management Benchmarking
Rahul Bhan (CA, CIA, MBA)
 
Risk management benchmarking 2013
Risk management benchmarking 2013Risk management benchmarking 2013
Risk management benchmarking 2013
Rahul Bhan (CA, CIA, MBA)
 
Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
Subhajit Bhuiya
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
Rahul Bhan (CA, CIA, MBA)
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
Rahul Bhan (CA, CIA, MBA)
 
Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013
Rahul Bhan (CA, CIA, MBA)
 
Concerned About Vendor Management 10 30 12
Concerned About Vendor Management 10 30 12Concerned About Vendor Management 10 30 12
Concerned About Vendor Management 10 30 12
wstippich
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Rahul Bhan (CA, CIA, MBA)
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 

More Related Content

What's hot

Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And Automation
Jordi Planas Manzano
 
Legal Management Process: A paradigm shift as a Business Enabler
Legal Management Process: A paradigm shift as a Business EnablerLegal Management Process: A paradigm shift as a Business Enabler
Legal Management Process: A paradigm shift as a Business Enabler
Amber Gupta
 
Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 Report
Daryl Resnick
 

What's hot (14)

Achieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And AutomationAchieving Efficient GRC Through Process And Automation
Achieving Efficient GRC Through Process And Automation
 
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONSMITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
MITIGATING OPERATIONAL RISK: RISK TRANSFER SOLUTIONS
 
The Role of the Chief Risk Officer Why You are the Most Important Person in Y...
The Role of the Chief Risk Officer Why You are the Most Important Person in Y...The Role of the Chief Risk Officer Why You are the Most Important Person in Y...
The Role of the Chief Risk Officer Why You are the Most Important Person in Y...
 
Legal Management Process: A paradigm shift as a Business Enabler
Legal Management Process: A paradigm shift as a Business EnablerLegal Management Process: A paradigm shift as a Business Enabler
Legal Management Process: A paradigm shift as a Business Enabler
 
Risk Management Certification
Risk Management CertificationRisk Management Certification
Risk Management Certification
 
Reputational Risk
Reputational RiskReputational Risk
Reputational Risk
 
Riskpro construction industry
Riskpro construction industryRiskpro construction industry
Riskpro construction industry
 
Forrester GRC Q1 2016 Report
Forrester GRC Q1 2016 ReportForrester GRC Q1 2016 Report
Forrester GRC Q1 2016 Report
 
Riskpro Trainings Automotive Industry
Riskpro Trainings Automotive IndustryRiskpro Trainings Automotive Industry
Riskpro Trainings Automotive Industry
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013Riskpro insurance advisory services 2013
Riskpro insurance advisory services 2013
 
Risk Management Benchmarking
Risk Management BenchmarkingRisk Management Benchmarking
Risk Management Benchmarking
 
Risk management benchmarking 2013
Risk management benchmarking 2013Risk management benchmarking 2013
Risk management benchmarking 2013
 

Similar to Catelas Webinar Session I 3rd Party Compliance &amp; Risk Oversight 31 Oct 2012

Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
Subhajit Bhuiya
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
Nidhi Gupta
 
Veta compliance operations review
Veta compliance operations reviewVeta compliance operations review
Veta compliance operations review
Mark Taylor
 

Similar to Catelas Webinar Session I 3rd Party Compliance &amp; Risk Oversight 31 Oct 2012 (20)

Applying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_effortsApplying risk management_to_your_business_continuity_management_efforts
Applying risk management_to_your_business_continuity_management_efforts
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
 
Riskpro Legal And Compliance Audits
Riskpro Legal And Compliance AuditsRiskpro Legal And Compliance Audits
Riskpro Legal And Compliance Audits
 
Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013Riskpro legal and compliance audits 2013
Riskpro legal and compliance audits 2013
 
Concerned About Vendor Management 10 30 12
Concerned About Vendor Management 10 30 12Concerned About Vendor Management 10 30 12
Concerned About Vendor Management 10 30 12
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Vendor risk management 2013
Vendor risk management 2013Vendor risk management 2013
Vendor risk management 2013
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 
Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19 Standards in Third Party Risk - DVV Solutions ISACA North May 19
Standards in Third Party Risk - DVV Solutions ISACA North May 19
 
Bpo risk management
Bpo risk managementBpo risk management
Bpo risk management
 
Third-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a StrategyThird-Party Risk Management: Implementing a Strategy
Third-Party Risk Management: Implementing a Strategy
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
 
Veta compliance operations review
Veta compliance operations reviewVeta compliance operations review
Veta compliance operations review
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 
Riskpro Construction Industry
Riskpro Construction IndustryRiskpro Construction Industry
Riskpro Construction Industry
 
Riskpro construction industry 2013
Riskpro construction industry 2013Riskpro construction industry 2013
Riskpro construction industry 2013
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 

Catelas Webinar Session I 3rd Party Compliance &amp; Risk Oversight 31 Oct 2012

  • 1. Catelas 360 Relationship Compliance Training Gap Analysis Periodic Audits PEP lists Risk Assessments On-boarding Rapid Event Response & Due Diligence Investigations Fully Automated, Real-Time Visualization of your entire 3rd party Operations Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 2. Session I How much risk are you on-boarding with each new partner or acquisition? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 3. Session I: Agenda Panel Introductions  Thomas Fox, Principal, tomfoxlaw.com  Martha Durcan, Chief Compliance Officer, Parametric Technology Corporation FCPA & UK Bribery Act  Eddie Cogan, Founder & CEO, Catelas, Inc. Panel Debate & Discussion  What risks exist, when you do business overseas?  What risks should you worry about with each new agent/partner/acquisition?  How to you better understand your risk and measure your risk exposure?  If a partner is high risk what options do you have?  Can technology help? What tech is available today?  How do you ensure you are prepared should you meet the DOJ / SEC? Questions  Email them to me at eddie.cogan@catelas.com  Or simply use the chat facility on the webinar. Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 4. 2012 Enforcement Actions Key Take-Aways • Morgan Stanley-compliance programs do receive credit • Pfizer – New “enhanced” compliance requirements and due diligence in the merger and acquisition context • Tyco-Non-Prosecution Agreement for repeat Offender • Opinion Release 12-01-how does your due diligence affect your use of agents? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 5. Martha Durcan Chief Compliance Officer October 31, 2012
  • 6. Focus on Ethics and Compliance • Compliance assessment conducted by third party • Charter of PTC’s Board of Directors Governance Committee expanded to include compliance monitoring • Dedicated Compliance Group established – Chief Compliance Officer appointed • A key focus area is Anti-Corruption – New partner on-boarding process implemented – Catelas compliance software purchased to automatically inventory 3rd party relationships, uncover relationship history and to conduct internal investigations 6
  • 7. Enhanced Partner Assessment Process There are five key elements of our partner assessment process. • Partner Identification and Business Justification – There must be a business justification for each partner that has been approved by the appropriate manager prior to initiating automated partner due diligence • Partner Assessment – Due Diligence – Partner due diligence process is automated • Partner Engagement – Each partner signs a contract with PTC containing enhanced anti-bribery provisions – PTC’s Anti-bribery Policy is delivered to each partner with the contract signed by PTC • Partner Training – Anti-bribery training will be provided to each partner – The type of training received will be partner-specific based on perceived risk • On-Going Monitoring – Re-assessment at contract renewal and sooner based on deal and region-specific factors PTC CONFIDENTIAL 7
  • 8. Partner On-Boarding: Key Challenges and Benefits Challenges • Partner Review in Emerging Geographies – Overcoming challenges presented by different cultures, language, time zones • Distinguishing the true risk profile of a partner – Evaluating the Inherent risks (industry, country) versus partner specific risks (type of partner, target customers of partner) • Due Diligence on Partners with High Risk Scores – Determining when and how much due diligence is adequate Benefits • Increased visibility (not just transparency) into partner relationships • Broader awareness of compliance risks internally and externally • Centralized system of record 8
  • 9. Discussion Questions • Red Flags – Do they differ by region? – Examples of red flags that have lead to rejection of high risk partners – Commonly missed items? • Partner Training – Is on-line training effective? • Partner Audits – Are they being done? – How frequently? – Process tips? • Driving Behavioral Change Throughout the Organization – Effective tools 9
  • 10. Compliance Burden Compliance must clearly communicate, demonstrate and display the effectiveness of Compliance Programs that combat these risks:  Anti-Trust , anti-competitive business practices and Cartel  FCPA & UK Bribery Act  Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties)  Partner On-boarding and Due Diligence  Code of Conduct, Sales and Marketing Policy  Supply Chain risk: vendor kick back, conflicts of interest  Data Theft, Intellectual Property and Privacy  Information Barriers and Employees with access to sensitive data  New and Departing Employees "Demonstrating Compliance Effectiveness is Critical: [Regulators] want proof that the programs are actually working." - Steve McGraw, from Compliance & Ethics Professional Magazine Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 11. Catelas360 – End to End Coverage Compliance Audit Legal On-boarding Policy Risk Alerts On-going Audit & Internal Identification Early Case PEP Lists Enforcement Risk Assessments due diligence Investigations Priority Review Intelligence Email Log Files Compliance Database  Risk Scores  Employee training certification  Partner certification & agreements Lists Finance HR CRM Compliance Company Attributes (From CRM e.g. Siebel)  Company types: customer, partner, distributer, agent Published Lists Financial Data Employee / Contractor Attributes (From World Compliance etc.) (From Finance database) (From Contact / HR database e.g. PeopleSoft)  Global Sanction List  Total value of partner business  Role: sales, finance, logistics  Global PEP List  Lists of transaction with partner  Responsibility: VP, Dir, Mgr  Global Enforcement List  Location: Beijing, China  Global Adverse Media List  Contact details: email, telephone  Global Foreign Official List Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 12. 3rd Party Transparency & Control Partners grouped by Every partner, globally, automatically ranked Region & Relationship Strength View Relationship History: What is being said? Who is key? In your company ? At the partner? What work are they doing? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 13. Policy Enforcement & Monitoring Rules focusing on specific behaviors Policies focusing on specific risks Results captured for Review with severity level Risk broken down by time periods of interest Advanced Analytics on identified risk Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 14. Litigation Investigations Internal Investigations WITHOUT COLLECTING EMAILS Quickly identify the most relevant custodians based on their relationships Only collect what's relevant. The key relationships lead us to the most relevant keyword-based documents Deliverables: Impact Report within a single day  Identification: Identify key players before collection  Intelligent Collection: of communications between key people  Priority Review of most relevant (< 1%) data within 1st day  Uncover ‘hot docs ’ for senior review within 1st day Providing counsel with key strategic information about a matter, earlier enabling conflict resolution, better negotiations etc.. Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 15. Topic 1 The on-boarding process ―What are the risks? ―Where should you focus? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 16. Poll Question 1 – with Results How mature is your Compliance program? <pick one answer> 1. We have policy and procedures. Employees sign up to these 2. We have a repeatable on-boarding process 3. We monitor for risk with annual audits & interviews 4. We monitor continuously - are looking to change behavior Answer 1 Answer 2 Answer 3 Answer 4 Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 17. Topic 2 The on-boarding process ―How do you uncover risks? ―How do you measure these risks ―What do you do about this risk? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 18. Poll Question 2 – with Results Do you see technology as an essential component of the Compliance function? <pick multiple answers> 1. No. We believe our on-boarding process is sufficient 2. Yes for Financial Transaction Monitoring 3. Yes for automating and documenting the on-boarding process 4. Yes for understanding people, relationships and history 5. Yes - all the above are important Answer 1 Answer 2 Answer 3 Answer 4 Answer 5 Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 19. Topic 3 The on-boarding process ―How do you prevent risk in the fist place? ―Should you monitor for ‘bad actors’? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 20. Topic 4 The on-boarding process ―How important is documentation? ―What kind of audit trail should you preserve? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 21. Poll Question 3 Which part of the puzzle is your current focus? <pick one answer> 1. Building out a good on-boarding process 2. Risk Monitoring - understand risk across existing portfolio 3. Risk Prevention - Training, enforcement, incentives, behavior 4. Documentation - ensuring a seamless audit trail Answer 1 Answer 2 Answer 3 Answer 4 Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 22. Session II Your on-boarding process works, so now what? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 23. Session III Event Response & Remediation when bad things happen, what should you do? Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 24. Catelas 360 Relationship Compliance Real Time Reduce Control Costs Respond Puts to events Low cost, deep visibility from HQ Compliance Fast For Legal, Compliance & Security in Control Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
  • 25. Thank You Eddie Cogan 617 407 2967 eddie.cogan@catelas.com www.catelas.com Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved