More Related Content Similar to Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oct 2012 (20) Catelas Webinar Session I 3rd Party Compliance & Risk Oversight 31 Oct 20121. Catelas 360 Relationship Compliance
Training Gap Analysis Periodic Audits
PEP lists Risk Assessments
On-boarding Rapid Event Response
& Due Diligence Investigations
Fully Automated, Real-Time Visualization of your entire 3rd party Operations
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
2. Session I
How much risk are you on-boarding with each new partner or
acquisition?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
3. Session I: Agenda
Panel Introductions
Thomas Fox, Principal, tomfoxlaw.com
Martha Durcan, Chief Compliance Officer, Parametric Technology Corporation
FCPA & UK Bribery Act
Eddie Cogan, Founder & CEO, Catelas, Inc.
Panel Debate & Discussion
What risks exist, when you do business overseas?
What risks should you worry about with each new agent/partner/acquisition?
How to you better understand your risk and measure your risk exposure?
If a partner is high risk what options do you have?
Can technology help? What tech is available today?
How do you ensure you are prepared should you meet the DOJ / SEC?
Questions
Email them to me at eddie.cogan@catelas.com
Or simply use the chat facility on the webinar.
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
4. 2012 Enforcement Actions
Key Take-Aways
• Morgan Stanley-compliance programs do receive credit
• Pfizer – New “enhanced” compliance requirements and due
diligence in the merger and acquisition context
• Tyco-Non-Prosecution Agreement for repeat Offender
• Opinion Release 12-01-how does your due diligence affect
your use of agents?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
6. Focus on Ethics and Compliance
• Compliance assessment conducted by third party
• Charter of PTC’s Board of Directors Governance Committee
expanded to include compliance monitoring
• Dedicated Compliance Group established
– Chief Compliance Officer appointed
• A key focus area is Anti-Corruption
– New partner on-boarding process implemented
– Catelas compliance software purchased to automatically inventory 3rd party
relationships, uncover relationship history and to conduct internal investigations
6
7. Enhanced Partner Assessment Process
There are five key elements of our partner assessment process.
• Partner Identification and Business Justification
– There must be a business justification for each partner that has been approved by the
appropriate manager prior to initiating automated partner due diligence
• Partner Assessment – Due Diligence
– Partner due diligence process is automated
• Partner Engagement
– Each partner signs a contract with PTC containing enhanced anti-bribery provisions
– PTC’s Anti-bribery Policy is delivered to each partner with the contract signed by PTC
• Partner Training
– Anti-bribery training will be provided to each partner
– The type of training received will be partner-specific based on perceived risk
• On-Going Monitoring
– Re-assessment at contract renewal and sooner based on deal and region-specific factors
PTC CONFIDENTIAL 7
8. Partner On-Boarding: Key Challenges and Benefits
Challenges
• Partner Review in Emerging Geographies
– Overcoming challenges presented by different cultures, language, time zones
• Distinguishing the true risk profile of a partner
– Evaluating the Inherent risks (industry, country) versus partner specific risks
(type of partner, target customers of partner)
• Due Diligence on Partners with High Risk Scores
– Determining when and how much due diligence is adequate
Benefits
• Increased visibility (not just transparency) into partner relationships
• Broader awareness of compliance risks internally and externally
• Centralized system of record 8
9. Discussion Questions
• Red Flags
– Do they differ by region?
– Examples of red flags that have lead to rejection of high risk partners
– Commonly missed items?
• Partner Training
– Is on-line training effective?
• Partner Audits
– Are they being done?
– How frequently?
– Process tips?
• Driving Behavioral Change Throughout the Organization
– Effective tools
9
10. Compliance Burden
Compliance must clearly communicate, demonstrate and
display the effectiveness of Compliance Programs that
combat these risks:
Anti-Trust , anti-competitive business practices and Cartel
FCPA & UK Bribery Act
Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties)
Partner On-boarding and Due Diligence
Code of Conduct, Sales and Marketing Policy
Supply Chain risk: vendor kick back, conflicts of interest
Data Theft, Intellectual Property and Privacy
Information Barriers and Employees with access to sensitive data
New and Departing Employees
"Demonstrating Compliance Effectiveness is Critical: [Regulators] want proof that the
programs are actually working."
- Steve McGraw, from Compliance & Ethics Professional Magazine
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
11. Catelas360 – End to End Coverage
Compliance Audit Legal
On-boarding Policy Risk Alerts On-going Audit & Internal Identification Early Case
PEP Lists Enforcement Risk Assessments due diligence Investigations Priority Review Intelligence
Email Log Files
Compliance Database
Risk Scores
Employee training certification
Partner certification & agreements
Lists Finance HR CRM Compliance
Company Attributes
(From CRM e.g. Siebel)
Company types: customer, partner, distributer, agent
Published Lists Financial Data Employee / Contractor Attributes
(From World Compliance etc.) (From Finance database) (From Contact / HR database e.g. PeopleSoft)
Global Sanction List Total value of partner business Role: sales, finance, logistics
Global PEP List Lists of transaction with partner Responsibility: VP, Dir, Mgr
Global Enforcement List Location: Beijing, China
Global Adverse Media List Contact details: email, telephone
Global Foreign Official List
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
12. 3rd Party Transparency & Control
Partners grouped by
Every partner, globally, automatically ranked Region & Relationship
Strength
View Relationship History: What is being said? Who is key? In your company ? At the partner?
What work are they doing?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
13. Policy Enforcement & Monitoring
Rules focusing on specific behaviors
Policies focusing on specific risks Results captured for Review with severity level
Risk broken down by time periods of interest
Advanced Analytics on identified risk
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
14. Litigation Investigations
Internal Investigations
WITHOUT COLLECTING EMAILS
Quickly identify the most
relevant custodians based on
their relationships
Only collect what's relevant.
The key relationships lead
us to the most relevant
keyword-based documents
Deliverables: Impact Report within a single day
Identification: Identify key players before collection
Intelligent Collection: of communications between key people
Priority Review of most relevant (< 1%) data within 1st day
Uncover ‘hot docs ’ for senior review within 1st day
Providing counsel with key strategic information about a matter, earlier
enabling conflict resolution, better negotiations etc..
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
15. Topic 1
The on-boarding process
―What are the risks?
―Where should you focus?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
16. Poll Question 1 – with Results
How mature is your Compliance program?
<pick one answer>
1. We have policy and procedures. Employees sign up to
these
2. We have a repeatable on-boarding process
3. We monitor for risk with annual audits & interviews
4. We monitor continuously - are looking to change
behavior
Answer 1
Answer 2
Answer 3
Answer 4
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
17. Topic 2
The on-boarding process
―How do you uncover risks?
―How do you measure these risks
―What do you do about this risk?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
18. Poll Question 2 – with Results
Do you see technology as an essential
component of the Compliance function?
<pick multiple answers>
1. No. We believe our on-boarding process is sufficient
2. Yes for Financial Transaction Monitoring
3. Yes for automating and documenting the on-boarding process
4. Yes for understanding people, relationships and history
5. Yes - all the above are important
Answer 1
Answer 2
Answer 3
Answer 4
Answer 5
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
19. Topic 3
The on-boarding process
―How do you prevent risk in the fist
place?
―Should you monitor for ‘bad
actors’?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
20. Topic 4
The on-boarding process
―How important is documentation?
―What kind of audit trail should
you preserve?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
21. Poll Question 3
Which part of the puzzle is your current focus?
<pick one answer>
1. Building out a good on-boarding process
2. Risk Monitoring - understand risk across existing portfolio
3. Risk Prevention - Training, enforcement, incentives, behavior
4. Documentation - ensuring a seamless audit trail
Answer 1
Answer 2
Answer 3
Answer 4
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
22. Session II
Your on-boarding process works, so now what?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
23. Session III
Event Response & Remediation
when bad things happen, what should you do?
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
24. Catelas 360 Relationship Compliance
Real Time Reduce
Control Costs
Respond Puts
to events Low cost, deep visibility from HQ Compliance
Fast For Legal, Compliance & Security in Control
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved
25. Thank You
Eddie Cogan
617 407 2967
eddie.cogan@catelas.com
www.catelas.com
Catelas 3rd Party Compliance & Risk Oversight Copyright © 2012 Catelas Inc. All rights reserved