The document discusses achieving 100% third party due diligence. It notes that traditionally many organizations take a risk-based approach, focusing vetting efforts on high-risk third parties and leaving most unchecked. However, regulators now expect transparency and sound decision making regarding all third party relationships. The document outlines steps to conduct baseline screening of 100% of third parties, categorize risk, escalate review of higher-risk parties, and monitor all parties ongoing. It promotes using regulatory technology to enable comprehensive yet manageable third party due diligence.
Dr haluk f gursel, verifying the accountability of public servantsHaluk Ferden Gursel
Private Citizens, eager for accountability, are asking for a transparency in the changes in income and assets/fortunes of politicians and high level civil servants, accumulated while they are at the service of community.
Public opinion does not tolerate the illicit enrichment and conflict of interest, while on duty. For example, to obtain assurances of lack of fraud and corruption by politically exposed persons (PEP) is on the rise everywhere. A PEP is defined as someone who, through their prominent position or influence, is more susceptible to being involved in bribery or corruption. In addition, any close business associate or family member of such a person will also be deemed as being a risk, and therefore could also be added to the PEP list.
Dr haluk f gursel, keeping tax supported officials around the globe accountableHaluk Ferden Gursel
Private Citizens, eager for accountability, are asking for a transparency in the changes in income and assets/fortunes of politicians and high level civil servants, accumulated while they are at the service of community.
Public opinion does not tolerate the illicit enrichment and conflict of interest, while on duty. For example, to obtain assurances of lack of fraud and corruption by politically exposed persons (PEP) is on the rise everywhere. A PEP is defined as someone who, through their prominent position or influence, is more susceptible to being involved in bribery or corruption. In addition, any close business associate or family member of such a person will also be deemed as being a risk, and therefore could also be added to the PEP list.
Dr haluk f gursel, verifying the accountability of public servantsHaluk Ferden Gursel
Private Citizens, eager for accountability, are asking for a transparency in the changes in income and assets/fortunes of politicians and high level civil servants, accumulated while they are at the service of community.
Public opinion does not tolerate the illicit enrichment and conflict of interest, while on duty. For example, to obtain assurances of lack of fraud and corruption by politically exposed persons (PEP) is on the rise everywhere. A PEP is defined as someone who, through their prominent position or influence, is more susceptible to being involved in bribery or corruption. In addition, any close business associate or family member of such a person will also be deemed as being a risk, and therefore could also be added to the PEP list.
Dr haluk f gursel, keeping tax supported officials around the globe accountableHaluk Ferden Gursel
Private Citizens, eager for accountability, are asking for a transparency in the changes in income and assets/fortunes of politicians and high level civil servants, accumulated while they are at the service of community.
Public opinion does not tolerate the illicit enrichment and conflict of interest, while on duty. For example, to obtain assurances of lack of fraud and corruption by politically exposed persons (PEP) is on the rise everywhere. A PEP is defined as someone who, through their prominent position or influence, is more susceptible to being involved in bribery or corruption. In addition, any close business associate or family member of such a person will also be deemed as being a risk, and therefore could also be added to the PEP list.
The Modern Slavery Supply Chain Risk Assessment Questionnaire brings together the human rights expertise of Norton Rose Fulbright, a global law firm*, with the ethiXbase 360 powerful
Third-Party Risk Management Platform to help your business identify, mitigate, and manage modern slavery risk and human rights abuses across your supply and manufacturing chains
The Modern Slavery Questionnaire uses five key indicators to
assess a supplier’s modern slavery risk:
1) Jurisdiction
2) Industry
3) Products
4) WorkForce
5) Risk-mitigating measures
Presentation: Compliance & Third Party Due DiligenceethiXbase
Presentation: Compliance & Third Party Due Diligence
By Leas Bachatene, Chief Executive Officer, ethiXbase
Kicking off 2017 which calls for a renewed and intensified focus on compliance, ethiXbase participated in discussions at the Asian Compliance and Anti-Corruption Summit hosted by the European University Viadrina Frankfurt (Oder) and German-Southeast Asian Center of Excellence for Public Policy and Good Governance (CPG) in Bangkok on January 11th and 12th. Devoted to the theme of “Compliance Across Asia”, the summit featured experts who discussed anti-corruption and compliance in Asia.
Speaking on third party due diligence, Leas Bachatene, Chief Executive Officer of ethiXbase, was joined by other experts from organisations including Johnson & Johnson Pharmaceuticals, Allianz Indonesia and distinguished academia.
View slides from Leas Bachatene’s presentation on compliance and third party due diligence here, which outlines best practice steps towards achieving due diligence on 100% of third party relationships in a cost-effective manner with ethiXbase 2.0. Enjoy!
AMLMaps™ has been developed to give the global Anti-Money Laundering professional a singular, comprehensive and easy to reference resource for AML records, penalties & actions, from across the world.
AMLMaps™ is currently in Beta Mode, as our team of experts, researchers and AML professionals continue to develop & enhance its features with valuable inputs & insights, given by users.
Enforcement Focus on CCO Liability GER 2017Duff & Phelps
There is no doubt that wrongdoers should be held accountable for their crimes. Many years ago in The Wall Street Journal, Arthur Levitt Jr. said ‘hurt people where it hurts most, freedom or their pockets.’ As Mr. Clayton correctly stated, ‘[I]individual prosecution, particularly in the white-collar area, has a significant effect on behaviour.’
Presentation: Cross-Border Anti-Corruption Programs
By Leas Bachatene, Chief Executive Officer, ethiXbase
Kicking off 2017 which calls for a renewed and intensified focus on compliance, ethiXbase participated in discussions at the Asian Compliance and Anti-Corruption Summit hosted by the European University Viadrina Frankfurt (Oder) and German-Southeast Asian Center of Excellence for Public Policy and Good Governance (CPG) in Bangkok on January 11th and 12th. Devoted to the theme of “Compliance Across Asia”, the summit featured experts who discussed anti-corruption and compliance in Asia.
Speaking on cross-border anti-corruption programs, Leas Bachatene, Chief Executive Officer of ethiXbase, was joined by other experts from the Organisation for Economic Co-operation and Development (OECD), UNDP Regional Asia Pacific Office, National Anti-Corruption Commission of Thailand, among others.
View slides from Leas Bachatene’s presentation on cross-border anti-corruption programs here, which outlines various elements of an effective cross-border anti-corruption program. Enjoy!
Dear Delegates,
Corporate fraud costs businesses hundreds of millions of dollars each year. It affects livelihoods and is a common
cause of corporate failure. It is the responsibility of the board of directors to prevent fraud by putting in places the
appropriate controls and review procedures. This program shows you why Accounting Information System (AIS)
Threats are ever increasing. Control risks have also increased in the last few years because there are computers
and servers everywhere, and information is available to an unprecedented number of workers. Distributed
computer networks make data available to many users, and these networks are harder to control than centralized
mainframe systems. With the introduction of 3 levels of COSO and value driven ERM, things should be under
control. Recent events at SATYAM proves that in reality things are getting out of control. So, what went wrong ?
Is it time to train the auditors ?
Recognising the challenges that organisations are facing in combating Fraud, CSI In Practice is pleased to present
this 2-days Workshop on Enterprise Fraud Risk Management. This will serve as an excellent opportunity to learn how
best to conduct an internal investigation to protect your organization and step up on controls to deter fraud.
Etude PwC sur la fraude dans le secteur de la distribution et des biens de co...PwC France
http://bit.ly/FraudeRetail
Le secteur de la distribution & des biens de consommation est le secteur le plus touché par la fraude – avec les services financiers –, comme le révèle l’étude du cabinet d’audit et de conseil PwC « Economic Crime Survey 2014 ». 49% des dirigeants interrogés ont déclaré avoir subi une forme de fraude au cours des 24 derniers mois, et ce chiffre ne cesse d’augmenter depuis 2009 (+ 12 points).
Le détournement d’actifs reste la fraude la plus commune dans la distribution (76%), et la corruption est perçue comme le risque le plus important par les entreprises qui se développent à l’international. Mais à l’heure où le secteur de la distribution & des biens de consommation se transforme sous l’influence des nouvelles technologies, une nouvelle menace apparaît, celle de la cybercriminalité.
Outsourcing business functions has become an accepted approach to improving revenue and creating new business opportunities for companies in all industries; banks are no exception. In the last 10 years, the regulatory environment and consumer expectations for a personalized, connected experience in an increasingly mobile and social world are new challenges being managed by an outsourcing business model. While business growth and regulatory compliance are perhaps the two most critical business drivers behind a financial service firm's decision to outsource, the outsourcing solution itself creates a risk that must be managed and regulatory requirements that must be met.
Learn what can you do to stay a step ahead of fraudsters without limiting revenue growth. Prevent Financial Fraud in your organization with the help of HLB HAMT
The Modern Slavery Supply Chain Risk Assessment Questionnaire brings together the human rights expertise of Norton Rose Fulbright, a global law firm*, with the ethiXbase 360 powerful
Third-Party Risk Management Platform to help your business identify, mitigate, and manage modern slavery risk and human rights abuses across your supply and manufacturing chains
The Modern Slavery Questionnaire uses five key indicators to
assess a supplier’s modern slavery risk:
1) Jurisdiction
2) Industry
3) Products
4) WorkForce
5) Risk-mitigating measures
Presentation: Compliance & Third Party Due DiligenceethiXbase
Presentation: Compliance & Third Party Due Diligence
By Leas Bachatene, Chief Executive Officer, ethiXbase
Kicking off 2017 which calls for a renewed and intensified focus on compliance, ethiXbase participated in discussions at the Asian Compliance and Anti-Corruption Summit hosted by the European University Viadrina Frankfurt (Oder) and German-Southeast Asian Center of Excellence for Public Policy and Good Governance (CPG) in Bangkok on January 11th and 12th. Devoted to the theme of “Compliance Across Asia”, the summit featured experts who discussed anti-corruption and compliance in Asia.
Speaking on third party due diligence, Leas Bachatene, Chief Executive Officer of ethiXbase, was joined by other experts from organisations including Johnson & Johnson Pharmaceuticals, Allianz Indonesia and distinguished academia.
View slides from Leas Bachatene’s presentation on compliance and third party due diligence here, which outlines best practice steps towards achieving due diligence on 100% of third party relationships in a cost-effective manner with ethiXbase 2.0. Enjoy!
AMLMaps™ has been developed to give the global Anti-Money Laundering professional a singular, comprehensive and easy to reference resource for AML records, penalties & actions, from across the world.
AMLMaps™ is currently in Beta Mode, as our team of experts, researchers and AML professionals continue to develop & enhance its features with valuable inputs & insights, given by users.
Enforcement Focus on CCO Liability GER 2017Duff & Phelps
There is no doubt that wrongdoers should be held accountable for their crimes. Many years ago in The Wall Street Journal, Arthur Levitt Jr. said ‘hurt people where it hurts most, freedom or their pockets.’ As Mr. Clayton correctly stated, ‘[I]individual prosecution, particularly in the white-collar area, has a significant effect on behaviour.’
Presentation: Cross-Border Anti-Corruption Programs
By Leas Bachatene, Chief Executive Officer, ethiXbase
Kicking off 2017 which calls for a renewed and intensified focus on compliance, ethiXbase participated in discussions at the Asian Compliance and Anti-Corruption Summit hosted by the European University Viadrina Frankfurt (Oder) and German-Southeast Asian Center of Excellence for Public Policy and Good Governance (CPG) in Bangkok on January 11th and 12th. Devoted to the theme of “Compliance Across Asia”, the summit featured experts who discussed anti-corruption and compliance in Asia.
Speaking on cross-border anti-corruption programs, Leas Bachatene, Chief Executive Officer of ethiXbase, was joined by other experts from the Organisation for Economic Co-operation and Development (OECD), UNDP Regional Asia Pacific Office, National Anti-Corruption Commission of Thailand, among others.
View slides from Leas Bachatene’s presentation on cross-border anti-corruption programs here, which outlines various elements of an effective cross-border anti-corruption program. Enjoy!
Dear Delegates,
Corporate fraud costs businesses hundreds of millions of dollars each year. It affects livelihoods and is a common
cause of corporate failure. It is the responsibility of the board of directors to prevent fraud by putting in places the
appropriate controls and review procedures. This program shows you why Accounting Information System (AIS)
Threats are ever increasing. Control risks have also increased in the last few years because there are computers
and servers everywhere, and information is available to an unprecedented number of workers. Distributed
computer networks make data available to many users, and these networks are harder to control than centralized
mainframe systems. With the introduction of 3 levels of COSO and value driven ERM, things should be under
control. Recent events at SATYAM proves that in reality things are getting out of control. So, what went wrong ?
Is it time to train the auditors ?
Recognising the challenges that organisations are facing in combating Fraud, CSI In Practice is pleased to present
this 2-days Workshop on Enterprise Fraud Risk Management. This will serve as an excellent opportunity to learn how
best to conduct an internal investigation to protect your organization and step up on controls to deter fraud.
Etude PwC sur la fraude dans le secteur de la distribution et des biens de co...PwC France
http://bit.ly/FraudeRetail
Le secteur de la distribution & des biens de consommation est le secteur le plus touché par la fraude – avec les services financiers –, comme le révèle l’étude du cabinet d’audit et de conseil PwC « Economic Crime Survey 2014 ». 49% des dirigeants interrogés ont déclaré avoir subi une forme de fraude au cours des 24 derniers mois, et ce chiffre ne cesse d’augmenter depuis 2009 (+ 12 points).
Le détournement d’actifs reste la fraude la plus commune dans la distribution (76%), et la corruption est perçue comme le risque le plus important par les entreprises qui se développent à l’international. Mais à l’heure où le secteur de la distribution & des biens de consommation se transforme sous l’influence des nouvelles technologies, une nouvelle menace apparaît, celle de la cybercriminalité.
Outsourcing business functions has become an accepted approach to improving revenue and creating new business opportunities for companies in all industries; banks are no exception. In the last 10 years, the regulatory environment and consumer expectations for a personalized, connected experience in an increasingly mobile and social world are new challenges being managed by an outsourcing business model. While business growth and regulatory compliance are perhaps the two most critical business drivers behind a financial service firm's decision to outsource, the outsourcing solution itself creates a risk that must be managed and regulatory requirements that must be met.
Learn what can you do to stay a step ahead of fraudsters without limiting revenue growth. Prevent Financial Fraud in your organization with the help of HLB HAMT
Moving an office is a tedious task and should be left to the experts like Boca Raton Movers. We don’t outsource services to third parties or use temporary workers to move your office. Boca Raton mover uses the industry’s best practices and the most innovative processes and equipment to ensure a secure chain-of-custody.
Anti-Bribery and Corruption Compliance for Third PartiesDun & Bradstreet
In this white paper, Kelvin Dickenson, Managing Director of D&B Global Compliance Solutions, discusses thoughtful approaches to buidling a scalable, effective and proportionate anti-corruption program for third-party due dilligence.
Procurement fraud, bribery, and corruption have moved beyond a perceived risk and become a real issue for many organizations. This paper highlights the need for organizations to put the necessary processes in place to protect against procurement fraud. It also serves as a warning that the absence of any visible instances of bribery, fraud, and corruption should be no cause for complacency as instances of successful perpetration may remain hidden for long periods of time.
What are the digital and transparency implications of the FSA regulating the future agenda. I look at several in this months food issue of the CIEH environmental health news.
Enterprise Fraud Management: How Banks Need to AdaptCapgemini
Fraud prevention is becoming one of the biggest areas of concern for the financial services industry. But first generation Fraud Management systems are falling short. By moving towards more enterprise approach to fraud management, financial institutions can combat the increasingly treacherous fraud and cyber crime landscape while reaping numerous benefits for the organization.
Money Laundering and Its Fall-out - ROLE OF INFORMATION TECHNOLOGY IN ANTI M...Resurgent India
In an effort to detect potential money laundering schemes, financial institutions have deployed anti-money laundering (AML) detection solutions and enterprise-wide procedural programs.
White Paper - Contact Centre Time Bomb. Compliance3
Compliance3 invest a lot of resources in being ahead of the customer insight game. 'Contact Centre Time Bomb' is a summary of our first 4 rounds of research to make our research accessible for you.
Compliance3 white paper_consumer_response_to_data_breach-the_contact_centre_t...John Greenwood
An overview of Rounds 1 to 4 of Compliance3's research on 'consumer response to data breach' in the context of the contact centres exposure to organised crime.
Corporate Fraud & Corruption Annual Review 2016 - entrevista a Rafael HuamánEY Perú
El Corporate Fraud & Corruption Annual Review 2016 es una publicación de Financier Worldwide, en la que se presentan las opiniones de profesionales líderes alrededor del mundo acerca de las últimas tendencias en fraude corporativo y corrupción.
Esta edición cuenta con una entrevista a Rafael Huamán, Socio Responsable del Área de Anticorrupción y Prevención de Fraude de EY Perú.
Corporate Fraud & Corruption Annual Review 2018 - entrevista a Rafael HuamánEY Perú
El Corporate Fraud & Corruption Annual Review 2016 es una publicación de Financier Worldwide, en la que se presentan las opiniones de profesionales líderes alrededor del mundo acerca de las últimas tendencias en fraude corporativo y corrupción.
Similar to ethiXbase-Anti-Corruption-Compliance-Achieving-100-percent-third-party-due-diligence (20)
2. Many organisations have historically
applied a ‘risk-based approach’ to third party
due diligence and compliance management...
It is logical to spend more time and energy on
third parties with a perceived ‘higher’ risk...
In practice though the risk-based approach
has meant that a large proportion of time and
money has been spent on vetting just a very
small percentage of an organisation’s third
parties, leaving the vast majority unchecked,
and exposing the organisation to unknown
corruption risks.
THE CHALLENGE: THE COMPLEXITY OF THE MODERN SUPPLY CHAIN
“
”
3. THE CHALLENGE: THE COMPLEXITY OF THE MODERN
SUPPLY CHAIN
THE EXPECTATION: WHAT DO REGULATORS LIKE TO SEE?
REDEFINING BEST PRACTICES:
STEPS TO ACHIEVE 100% THIRD PARTY DUE DILIGENCE
1
3
3
4
8CHECKLIST: ACHIEVING 100% THIRD PARTY
DUE DILIGENCE WITH ETHIXBASE 2.0
ACHIEVING A CONSISTENT 100% THIRD PARTY DUE DILIGENCE PROGRAM —
IT DOESN’T HAVE TO BE DAUNTING OR EXPENSIVE
9
CONTENTS
INTRODUCTION
4. 2016 MAJOR CORRUPTION SCANDALS
HEADLINES
WORLD’S BIGGEST
BRIBE SCANDAL,
UNAOIL: THE
COMPANY THAT
BRIBED THE WORLD
FIFA COMPLIANCE CHIEF QUITS,
SAYING CORRUPTION FIGHT
THREATENED
PANAMA PAPERS:
LEAK EXPOSES
TAX HAVENS OF
WORLD LEADERS
AND CELEBS
An investigation into the documents by more
than 100 media groups, described as one of
the largest such probes in history, revealed
the hidden offshore dealings in the assets of
around 140 political figures – including 12
current or former heads of states.
PETROBRAS FACES
CLASS-ACTION
LAWSUIT IN BRIBERY
AND POLITICAL
KICKBACKS SCANDAL
A US judge has ordered Petrobras, the state-run
Brazilian oil company, to face class-action litigation by
investors seeking to recoup billions of dollars in losses
stemming from a bribery and political
kickback scandal.
WAL-MART MUST
FACE U.S. CLASS
ACTION OVER
ALLEGED MEXICAN
BRIBERY
LOTTE SIGNALS $4.5 BILLION
HOTEL IPO IS SHELVED
AMID CRISIS
OCH-ZIFF UNIT SAID TO PLAN TO
PLEAD GUILTY OVER BRIBES
5. The last twelve to eighteen months has seen a dramatic eruption of corruption scandals, catapulting corruption,
and equally anti-corruption efforts, to the forefront of the business and social consciousness. Increasingly corruption issues
have become mainstream, with coverage across major media outlets and a consistent, and increasingly visible, crackdown by
regulators and enforcement agencies on corporates. Consumers, the media, shareholders and governments are
calling for a level of transparency, and accountability never seen before. Market expectations are similarly changing with
corporations now being held to a higher standard. 2016 will also see the release of the very first international standard on
anti-bribery management systems ISO37001 – standardising global anti-corruption requirements and allowing
organisations to certify their programs.
As organisations look to grow and seize new business or cost saving opportunities through an increasingly international web
of suppliers, vendors, resellers, agents and intermediaries their exposure to corruption risk through these third party
relationships similarly increases. With the economic, social and (increasingly) personal cost of ‘getting it wrong’ now so high,
gone are the days of metaphorically placing third party files in a drawer for later attention, or conducting one time due
diligence on just a small percentage of third parties deemed ‘high risk’. If history, and recent media coverage, has taught us
anything it is that risk actively hides. Should an issue ever arise from any third party authorities will enquire about policies and
processes related to third party management and due diligence. If there is a lack of documented decision making the situation
could become uncomfortable. Naivety is a luxury that few are able to afford and ignorance, in terms of compliance and third
party management, has been outlawed.
Given increasing regulatory and enforcement pressure, as well as heightened global and regional trade activity, it is
understandable that many compliance, legal and procurement professionals feel overwhelmed by the prospect of managing
each and every third party relationship within their supply chain. Managing 100% of third party relationships however, need
not be daunting, nor expensive.
www.ethixbase.com/2-0 1
News headlines:
World’s biggest bribe scandal. Part 1 of their report, entitled ‘World’s Biggest Bribe Scandal, Unaoil: The Company That Bribed the World’ can be found at theage.com.au
FIFA Compliance Chief Quits, Saying Corruption Fight Threatened. The full original article can be found at bloomberg.com
Och-Ziff Unit Said to Plan to Plead Guilty Over Bribes. The full original article can be found at bloomberg.com
Petrobras faces class-action lawsuit in bribery and political kickbacks scandal. The full original article can be found at theguardian.com
Panama Papers: Leak exposes tax havens of world leaders and celebs. The full original article can be found at straitstimes.com
Wal-Mart must face U.S. class action over alleged Mexican bribery. The full original article can be found at reuters.com
Lotte Signals $4.5 Billion Hotel IPO Is Shelved Amid Crisis. The full original article can be at can be found at bloomberg.com
.
INTRODUCTION
This whitepaper aims to outline the current third party management landscape and redefine best practice steps to achieve
cost-effective 100% third party due diligence by leveraging advances within regulatory technology (RegTech) made possible
by the rapid evolution of data and due diligence.
6. “
”THE CHALLENGE: THE COMPLEXITY OF THE MODERN SUPPLY CHAIN
Third parties deemed ‘low-risk’ in an initial
assessment cannot simply be ignored -
at a minimum regulators will look for
transparency and sound decision making for
all third party relationships, supported by a
consistently applied baseline process that is
rooted in the context of relevant regulation.
7. THE CHALLENGE: THE COMPLEXITY OF THE
MODERN SUPPLY CHAIN
If we think of, as an example, an organisation that retails
its products in 130 countries, operating 153 distribution
centres and 39 manufacturing locations, its supply chain
will have an extensive and constantly changing list of
For this reason many organisations have previously
applied a ‘risk-based approach’ to third party due diligence
and compliance management. A risk-based approach
recognises that it is impossible to subject all relationships
Additionally in a large number of cases, the vast majority of
an organisation’s third parties deemed ‘low’ risk in an initial
assessment will have little, to no, due diligence conducted
Regulators around the world may have different priorities and focus areas in terms of anti-corruption compliance, but when
it comes to third party risk there are a number of commonalities. Regulators want to see compliance frameworks that are
‘In 2010, a Swedish logistics service was found to have
paid bribes on behalf of six of its clients, resulting in the
clients being fined over USD 150 million because they had
failed to conduct proper due diligence on the company.’
Is the ability to conduct due diligence on 100% of third parties, with inbuilt risk-based escalation workflows and ongoing
monitoring, all within a singular repository the ideal?
A point that is becoming increasingly important is that the risk profile of a third party can change over time, so a process that
monitors and re-categorises third parties if necessary is important.
should substantially reduce an organisation’s corruption
risk exposure. In practice though the risk-based approach
has meant that a large proportion of time and money has
been spent on vetting just a very small percentage of an
organisation’s third parties, leaving the vast majority
unchecked, and exposing the organisation to unknown
corruption risks.
on them. Third parties deemed ‘low-risk’ cannot simply be
ignored - at a minimum regulators will look for transparency
and sound decision making for all third party relationships,
supported by a consistently applied baseline process that
is rooted in the context of relevant regulation.
THE EXPECTATION: WHAT DO REGULATORS
LIKE TO SEE?
suppliers, vendors, distributors, resellers, agents and
intermediaries.
In an ideal world, full due diligence would be conducted on
every third party, but historically very few organisations, if
any, have had the capacity for such an extensive program
due to previously high due diligence costs, difficulties in
accessing public data, huge numbers of false positives
and long turn-around times, let alone the challenges of
monitoring all of these third parties on an ongoing basis.
carefully considered, based on sound decision making amid documented evidence, and rooted in relevant regulation. They
also prefer a consistent approach and a process of continual monitoring with structured and regular reviews.
to the same level of scrutiny, so decisions have to be
made about where to direct the bulk of organisational
resources. It is logical to spend more time and energy on
third parties with a perceived ‘higher’ risk. In theory, this
www.ethixbase.com/2-0 3
8. The goal of any third party risk management program is to
reduce risk by knowing who you are doing business with –
establishing the true identity of the third party,
understanding their activities and assessing the risk
that they pose depending on the criteria that has been
chosen. It is also important to understand, given their
circumstances, how likely they are to participate in corrupt
activity. This information can then be sorted into different
REDEFINING BEST
PRACTICES: STEPS TO
ACHIEVE 100% THIRD
PARTY DUE DILIGENCE
Below outlines a number of
practical and achievable
steps that can be taken in
order to attain 100% third
party due diligence:
1 UNDERSTANDING
THE SCOPE OF
YOUR THIRD PARTY
NETWORK
2 CONDUCTING
BASELINE
SCREENING FOR
100% OF THIRD PARTIES
3 REVIEW POTENTIAL
THIRD PARTY RISK
INDICATORS AND
CATEGORISE RISK
potential risk levels, with defined workflows and clear
lines of accountability to escalate third parties that require
further review.
4 ESCALATION AND
REVIEW
5 ONGOING
MONITORING
Regulators look favourably on a systematic process,
one that is consistent and reviewed on a regular basis.
Reporting and documentation is very important – if not
properly documented, the best due diligence will be a
waste of time and effort. It is strongly advisable to record
all activity related to the processing of third party risk in a
single, accessible repository.
These best practice steps redefine the approach to third
party due diligence by leveraging regulatory technology
(RegTech) and advanced data to provide previously
unparalleled visibility of third party risk across 100% of an
organisation’s third party network.
www.ethixbase.com/2-0 4
9. “
”
100% of third parties should undergo a
consistent baseline screening process which
includes, at a minimum, checks against
REDEFINING BEST PRACTICES: STEPS TO ACHIEVE 100% THIRD PARTY DUE DILIGENCE
sanctions and enforcements. Where
available ascertaining a third party
organisation’s registry details is also
important along with obtaining directorship
details and the background of associates
if possible. Results of this process should
be documented and ideally saved in a
singular repository for ongoing monitoring
and future reference.
10. REDEFINING BEST PRACTICES: STEPS TO ACHIEVE
100% THIRD PARTY DUE DILIGENCE
UNDERSTANDING THE SCOPE OF
YOUR THIRD PARTY NETWORK
At the beginning of any effective program is a
discussion about the scope of the project, its
limitations and definitions. Review objectives, define
what a third party is to your organisation, how many
you have and where information on these third party
relationships is currently saved.
CONDUCT BASELINE SCREENING
FOR 100% OF THIRD PARTIES
100% of third parties should undergo a consistent
baseline screening process which includes, at a minimum,
checks against key sanctions and enforcements. Where
REVIEW POTENTIAL THIRD PARTY RISK INDICATORS & CATEGORISE RISK
Following first level screening third parties should be assessed and categorised into low, moderate and high risk based
on the potential corruption risk they may pose to your business using various criteria such as:
COUNTRY RISK – a third party that is located in a country
that is known to have lax financial and risk controls or a
higher perception of corrupt activity may require further
scrutiny.
SIGNIFICANCE TO SUPPLY CHAIN – it goes without
saying that the bigger the impact a third party has on your
organisation the bigger the risk that third party poses
should anything go wrong. Making a judgement call,
either based on the size of the transaction, revenue stream
or the integral role a third party plays in your supply chain
is important.
RESULTS OF BASELINE SCREENING – should baseline
screening in Step 2 indicate potential matches against
sanctions and enforcements that cannot be immediately
ruled out as a false positive then additional due diligence
is required in order to adequately assess risk and decide
whether to continue the business relationship.
LEVEL OF TRANSPARENCY – the accessibility of the
ownership of an organisation will help to determine its
riskprofile.Anorganisationwheretheleadershipiseasily
identifiable, as are their assets and interests, is less
risky than one where the owners are difficult to trace.
INDUSTRY/SECTOR RISK – some sectors, especially
those that require substantial budgets and some
level of state involvement, can be more susceptible to
corruption than others.
PUBLIC PROFILE – in the internet age public information
on allegations of the third parties’ potential involvement
in key risk areas such as corruption, human rights issues,
financial crimes and other key risk areas should be
reviewed as part of the categorisation process.
if possible. Results of this process should be
documented and ideally saved in a singular repository
for future reference.
available ascertaining a third party organisation’s
registry details is also important along with obtaining
directorship details and the background of associates
1
3
2
www.ethixbase.com/2-0 6
11. REDEFINING BEST PRACTICES: STEPS TO ACHIEVE
100% THIRD PARTY DUE DILIGENCE
ESCALATION & REVIEW
Following a review of potential risk indicators and subsequent categorisation third parties which are deemed
higher risk are the priority, but a risk-based approach is not a licence to ignore third parties categorised as
moderate or low risk. Devise a strategy based on regulators’ expectations and organisational goals and schedule a
regular review of this process – regulatory updates are increasingly frequent and third party information is subject to
change.
ONGOING MONITORING
It is well known that a third party’s risk profile can change over time. For this reason it is increasingly important to
monitor third parties on an ongoing basis with alerts to any changes in their risk profile. Should a third party’s profile
change then they may need to be re-categorised and therefore require escalation to a higher level of due diligence
than previously performed.
LOW RISK
legitimacy of the company
and directorship details.
MODERATE RISK
(PEP) checks of associated
individuals and a detailed
adverse media search of
specific risk areas such as
corruption, financial crime,
criminality, human rights,
environmental crimes etc.
HIGH RISK
Initial baseline due diligence
applied to 100% of third
parties against sanctions
and enforcements along
with verification of the
Where third parties are
flagged as moderate risk
they can be escalated to
online due diligenceincluding
not only sanctions and
enforcements but also
politically exposed persons
Enhanced due diligence that
includes a review of civil
litigation, regulatory, criminal
and bankruptcy records (in
English and local language)
along with verifying financial
ownership records and the
TAKE A LOOK AT ETHIXBASE 2.0 to conduct due diligence on 100% of third parties, with inbuilt risk-based escalation
workflows and ongoing monitoring, all within a singular repository.
4
background of key associates
such as directors and
senior management. It is
also important to review local
language media searches and
conduct on-site inspections
and interviews if necessary.
An example of the ethiXbase 2.0 risk-based escalation workflow can be found below:
5
www.ethixbase.com/2-0 7
12. www.ethixbase.com 8
CHECKLIST: ACHIEVING 100% THIRD PARTY
DUE DILIGENCE WITH ETHIXBASE 2.0
Is baseline due diligence performed on 100% of third party relationships?
Are defined criteria used to assess and categorise third party risk?
Is there a standard escalation workflow for moderate and high risk third parties?
Is the program consistently applied?
Are 100% of third parties stored in a singular repository with proper recording and
documentation procedures in place?
Are 100% of third parties saved for ongoing monitoring?
Are procedures reviewed regularly and updated if required?
Are third party due diligence reports and an overview of 100% of third party
relationships readily available to provide to management, internal audit and
regulators?
www.ethixbase.com/2-0 8
13. ACHIEVING A CONSISTENT 100% THIRD PARTY DUE
DILIGENCE PROGRAM – IT DOESN’T HAVE TO BE
DAUNTING OR EXPENSIVE
Managing 100% of third party relationships does not have
to be daunting or expensive. Take a look at ethiXbase 2.0,
100% third party due diligence – 100% of the time.
‘As reported by the Organisation for Economic
Co-operation and Development, of the 427
corruption cases resolved globally since 1999, 75
percent involved improper payments made through
third-party intermediaries. The continuation of this
trend also underscores the importance of
risk-based due diligence for third-party business
partners, including background investigations,
contractual protections, training and ongoing
monitoring.’
FCPA Trends From The Last 6 Months, Law 360
2016 brings the first free to use third party
due diligence platform combining technology and
data to address RegTech challenges, providing free
to access sanctions and enforcements screening
Regulators have increased their focus on the management Third party compliance is of course about more than just
due diligence and monitoring – there are multiple other
components that can and should be considered as
part of a comprehensive program such as training,
communications, onboarding surveys, attestations to
policies and codes, the list goes on.
of third party risk, with fines now in the hundreds of
millions of dollars. Reputational damage can be more
costly in the long term than a fine, and the incredible reach
of social media means that public opinion matters today
more than any other time in history. Where once a scandal
may have only been a distraction for a local audience, now
it has the ability to be a running narrative around the world
in minutes.
Regulators recognise that today’s compliance objectives
are not easy to achieve, and that the task is increasingly
challenging. What they want to see is that there has been
an effort made to interpret the regulator’s guidelines in
an appropriate manner – that the approach is consistent,
systematic, carefully considered and supported by
documented evidence.
Historically the cost and complexity of due diligence had
prohibited many organisations from adopting 100% third
party due diligence. Times have changed however and as
outlined in this whitepaper, a consistent approach does
not have to be daunting, or expensive.
Taking an initial step towards managing due diligence
for 100% of third party relationships is however a very
important step forward for many organisations who
previously may have conducted only one-time due
diligence on third parties deemed high risk, or, in the case
of many, no third party due diligence at all. This is also a
strong and visible way that organisations can be seen to
be taking a strong stance against corruption to every third
party within their supply chain, their regulators and the
market, not to mention an important step towards 100%
third party compliance.
parties. Acting as a singular third party repository
ethiXbase 2.0 enables organisations to adopt
100% third party due diligence and ongoing
monitoring - drastically reducing traditional due
diligence costs and providing assurance that 100%
of third parties are being monitored and managed.
for baseline due diligence along with cost-effective
escalation options for moderate and high risk third
www.ethixbase.com/2-0 9
14. ACHIEVING A CONSISTENT 100% THIRD PARTY DUE DILIGENCE PROGRAM –
IT DOESN’T HAVE TO BE DAUNTING OR EXPENSIVE
Taking an initial step towards managing due
diligence for 100% of third party relationships
is however a very important step forward for
many organisations who previously may have
conducted only one-time due diligence on
third parties deemed high risk, or, in the case
of many, no third party due diligence at all.
This is also a strong and visible way that
organisations can be seen to be taking a
strong stance against corruption to every
third party within their supply chain, their
regulators and the market, not to mention
an important step towards 100% third party
compliance.
“
”
15. TAKE A LOOK
MAKE THE CHANGE
ETHIXBASE 2.0
ZERO COST INSTANT DUE DILIGENCE.
100% THIRD PARTY COMPLIANCE.
LEARN MORE AT WWW.ETHIXBASE.COM/2-0
16. ABOUT ETHIXBASE
ethiXbase assists organisations, no matter
their size or budget, to shield themselves from
allegations of bribery or corruption in their
third party network through cost-effective due
diligence, ongoing monitoring and ethics and
compliance education.
To learn more please visit
www.ethiXbase.com/2-0