1 / 30

Catelas 360 Relationship Compliance

Policy Enforcement & Monitoring . Periodic Audits Risk Assessments. Catelas 360 Relationship Compliance. On-boarding & Due Diligence. Rapid Event Response Investigations. Fully Automated, Real-Time Visualization of your entire 3 rd party Operations.

nat
Télécharger la présentation

Catelas 360 Relationship Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Policy Enforcement & Monitoring Periodic Audits Risk Assessments Catelas 360 Relationship Compliance On-boarding & Due Diligence Rapid Event Response Investigations Fully Automated, Real-Time Visualization of your entire 3rd party Operations

  2. 3rd Party Compliance & Risk Oversight Session II Your on-boarding process works, so now what?

  3. Session II: Agenda Panel Introductions • Michael Volkov, Shareholder, LeClairRyan • Alan Morley, consulting to Compliance Risk at Barclays • Eddie Cogan, Founder & CEO, Catelas, Inc. • Panel Debate & Discussion • How do you understand the risks that exist within your Partner Portfolio? • How does that inform your on-going audit program? • How do you know when the risk profile of a partner has changed? (what’s changed: – employees trained, partner trained/certified, nature or dollar value of business) • Should you seek to monitor that your policies are being enforced overseas? Policies that range from HR ones to information security etc.? • Should you continuously monitor how you conduct business with your partners? • Can technology help? What tech is available today? • How do you ensure you are prepared should you meet the DOJ / SEC? • Questions • Email them to me at eddie.cogan@catelas.com • Or simply use the chat facility on the webinar.

  4. Compliance Burden Compliance must clearly communicate, demonstrate and display the effectiveness of Compliance Programs that combat these risks: • Anti-Trust , anti-competitive business practices and Cartel • FCPA & UK Bribery Act • Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties) • Partner On-boarding and Due Diligence • Code of Conduct, Sales and Marketing Policy • Supply Chain risk: vendor kick back, conflicts of interest • Data Theft, Intellectual Property and Privacy • Information Barriers and Employees with access to sensitive data • New and Departing Employees "Demonstrating Compliance Effectiveness is Critical:[Regulators] want proof that the programs are actually working."  - Steve McGraw, from Compliance & Ethics Professional Magazine

  5. Catelas Webinar: Third Party Monitoring • Michael Volkov, Shareholder, LeClairRyan • (240) 505-1992 • Michael.volkov@leclairryan.com • Blog: http://corruptioncrimecompliance.com

  6. Third Party Due Diligence and Monitoring • Highest Compliance Priority • Almost every FCPA enforcement action is caused by Third Party violations • Failure to conduct adequate due diligence; and/or • Monitor or audit Third Parties

  7. Key Guiding Principles • Build in Documentation • Rely on Advice of Counsel when appropriate • Know when to escalate and when not to escalate • Assemble building blocks in a way that works with your company

  8. Audit and Termination Rights • Difficult issue for agents and distributors who have multiple customers • Audit right extends not just to right to audit transactions between your company and the agent, but the right to audit the agent’s entire business operation.  • Require agent or distributor to maintain records for five-year period • These are wish list provisions and usually delicate, especially in the case of distributors who employ buy and sell model • Termination trigger needs to be carefully crafted and exercised – standard for termination: “reason to believe” needs to be supported by facts and investigation.

  9. Residual Risk = Inherent Risk - Controls • Strategic risk governance and mitigation • Policy and procedures • Tools to enable effective controls • Geographical impact • Risk realization plans • Business disaster recovery – extreme weather, health alerts, civil unrest, terrorism • What’s left are the risks that cannot be reduced

  10. Know Your Customer/Partner/External Suppliers • FS has developed comprehensive KYC capabilities • Greater focus now on third party counter parties • Corporate risk assessments now require output of surveillance/monitoring and audit findings to be included • The business must demonstrate it is acting on findings

  11. Tactical To Strategic Solutions • Many single point solutions to mitigate risk and demonstrate regulatory compliance • Transaction Monitoring (AML, Fraud) • Trade Surveillance (Insider Trading, • Communications surveillance and archiving • Risk Assessment • Lots of data generated relating to customer and employee activity • Regulators want to know more about what the data holds • How the dots inside and outside the firm are connected • What steps are taken once something is known • What is done to prevent something form happening again

  12. Catelas360 – End to End Coverage Compliance Audit Legal HR Compliance Lists Finance CRM Email Log Files • Compliance Database • Risk Scores • Employee training certification • Partner certification & agreements • Company Attributes • (From CRM e.g. Siebel) • Company types: customer, partner, distributer, agent • Published Lists • (From World Compliance etc.) • Global Sanction List • Global PEP List • Global Enforcement List • Global Adverse Media List • Global Foreign Official List • Financial Data • (From Finance database) • Total value of partner business • Lists of transaction with partner • Employee / Contractor Attributes • (From Contact / HR database e.g. PeopleSoft) • Role: sales, finance, logistics • Responsibility: VP, Dir, Mgr • Location: Beijing, China • Contact details: email, telephone

  13. 3rd Party Transparency & Control Partners grouped by Region & Relationship Strength Every partner, globally, automatically ranked View Relationship History: What is being said? What work are they doing? Who is key? In your company ? At the partner?

  14. Policy Enforcement & Monitoring Rules focusing on specific behaviors Policies focusing on specific risks Results captured for Review with severity level Risk broken down by time periods of interest Advanced Analytics on identified risk

  15. Litigation Investigations Internal Investigations WITHOUT COLLECTING EMAILS Quickly identify the most relevant custodians based on their relationships Only collect what's relevant. The key relationships lead us to the most relevant keyword-based documents Deliverables: Impact Report within a single day • Identification • Intelligent Collection • Priority Review • Uncover ‘hot docs ’ • Providing counsel with key strategic information about a matter, earlier enabling conflict resolution, better negotiations etc..

  16. Topic 1 How often should you audit? • Are all partners equal? • How deep/extensive should you go?

  17. Poll Question 1 • How extensive is your on-going audit program? • <pick one answer> • We don’t audit 3rd parties once on-boarded, unless something happens • We conduct audits of high risk partners but are limited due to cost and resource • We would audit more if it were easier & we could do more remotely

  18. Topic 2 Continuous Monitoring • Should you continuously monitor your partner portfolio for changes in risk? • How do identify changes in risk? • Is Transaction Monitoring or Relationship Monitoring necessary?

  19. Monitoring Principles – Focus on Money • Follow the Money: auditors need to make sure money never leaves company unless it is for a legitimate, documented purpose • Without money, bribes cannot occur • Internal audit should be integrated into due diligence process to ensure that controls exist to monitor, require documentation and confirmation of purpose of payment made to third party

  20. Poll Question 2 • Do you Continuously Monitor your partners? • <pick multiple answers> • No. We believe that is going too far & is not warranted • Yes we do monitor financial transactions today • We intend to monitor our 3rd party relationships / transactions in the next 12 months

  21. Topic 3 How do you reduce risk from your operations? • How do you reduce the number of ‘bad actors’ & ‘adverse events’? • How do you mitigate against the ‘black swan’ event?

  22. Third Parties and Country Factors • Third Party practices differ across regions and specific countries • Important to gain understanding of country and even local practices • Agents in China have far different role in business development than in India where role of third party agents can play role in larger aspect of economy and regulation

  23. How To Change Culture & Behavior To reduce Risk Awareness Monitoring Training Audit Personal Accountability

  24. Topic 4 Your audit & on-going due diligence process • How important is documentation? • What kind of audit trail should you preserve?

  25. Documentation Strategy • Prepare a due diligence file for each candidate and maintain whether approved or rejected • Build a file which contains every piece of information and every action taken • File should include, at appropriate points, approval of attorneys for action proposed and taken

  26. Poll Question 3 • Which part of the puzzle is your current focus? • <pick one answer> • Building out a good on-boarding process • Risk Monitoring - understand risk across existing portfolio • Risk Prevention - Training, enforcement, incentives, behavior • Documentation - ensuring a seamless audit trail

  27. Session I How much risk are you on-boarding with each new partner or acquisition?

  28. Session III Event Response & Remediation when bad things happen, what should you do?

  29. Real Time Control Reduce Costs Catelas 360 Relationship Compliance Respond to events Fast Puts Compliance in Control Low cost, deep visibility from HQ For Legal, Compliance & Security

  30. Thank You Eddie Cogan 617 407 2967 eddie.cogan@catelas.com www.catelas.com

More Related