THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party...
Transcript of THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party...
![Page 1: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/1.jpg)
www.redflaggroup.comwww.redflaggroup.com
THIRD PARTYDUE DILIGENCE AND
REMEDIATION
1 June 2017
Andrew HendersonDIRECTOR OF SOLUTIONS
![Page 2: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/2.jpg)
www.redflaggroup.com
Presenter
About The Red Flag Group
The Red Flag Group is a global professional services firm specialising in integrity and compliance risk. We have completed over 500,000 due diligence reports in the past 10 years and work with many Fortune 500 companies.
Andrew HendersonDirector of SolutionsThe Red Flag Group
Andrew has experience in the assessment, design, implementation and management of complex compliance programmes for multinational corporations across a wide range of industries.
![Page 3: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/3.jpg)
www.redflaggroup.com
Agenda
PART 1
PART 2
PART 3
PART 4
DUE DILIGENCE
ANALYSIS OF FINDINGS
REMEDIATION OPTIONS
CONCLUSIONS AND Q&A
![Page 4: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/4.jpg)
www.redflaggroup.comwww.redflaggroup.com
DUE DILIGENCE
![Page 5: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/5.jpg)
www.redflaggroup.com
Why conduct Due Diligence on partners?
It’s mandated
To gatherinformation
To make a good business decision
To predict the future
![Page 6: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/6.jpg)
www.redflaggroup.com
Where can you gather information?
LOW COST:
• Government issued lists
• Open Media
MEDIUM COST:
• Proprietary databases
• Official filings
HIGH COST:
• Interviews
• On-site reviews
Typically sources of information include:
In addition, much information can be found by asking:
Contacts in your company
The third party themselves
![Page 7: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/7.jpg)
www.redflaggroup.com
Risk based
A balance is needed between a desire to assess the specific diligence needs for each subject entity with the overall aim for a standard process.
Media research in countries with limited press freedom will not result in any useful information, so even low risk entities might need higher cost methods.
High cost sources
Low risk
Low cost sources
High risk
Sometimes the lowest risk requires no further diligence steps at all.
Lower and higher risk are relative. Your lowest risk might be a high risk when considered by itself.
Countries which are culturally averse to speaking negatively about colleagues may not provide valuable reputation information.
Highest risk entity
Lowest risk entity
![Page 8: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/8.jpg)
www.redflaggroup.com
What skills are needed?
• Research
• Source knowledge
• Languages
• Risk knowledge
• Business knowledge
• Country knowledge
• Prioritisation
• Time management
Where to source them?
• Legal/ Compliance
• In the business
• External
Resources
![Page 9: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/9.jpg)
www.redflaggroup.com
Poll 1
2. Each due diligence exercise is based on its own meritsHow does your
company decide what scope of due diligence to perform?
3. We perform the same scope for all partners
1. We have clear risk-based rules which provides the scope in all cases
5. None of the above
4. Majority of cases are dealt with in a standard process, but some are handled differently
![Page 10: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/10.jpg)
www.redflaggroup.comwww.redflaggroup.com
ANALYSIS
![Page 11: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/11.jpg)
www.redflaggroup.com
What does the information gathered tell you about the partner in the circumstance of your business with that partner?
Analysis – What is the aim?
• Start with your prior knowledge and expectations
• Consider how the new information changes your view.
• How does the issue relate to the services or transactions you are using the third party for?
o Supplier or channel partner?
o Reseller or distributor?
o Post sales support?
o Long term relationship?
![Page 12: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/12.jpg)
www.redflaggroup.com
What skills are needed?
• Sources
• Languages
• Country / Culture knowledge
• Risk knowledge
• Business knowledge
Where to source them?
• Legal/ Compliance
• In the business
• External
Resources
![Page 13: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/13.jpg)
www.redflaggroup.com
Top 10 risks*
Politics
Intellectual Property Infringement
Sanctions & Exclusions
Corruption & Bribery
Employee Rights
Serious & Organised Crime
Fraud, Money Laundering & Financial Irregularities
Health & Safety
*Source: 14,080 cases conducted by RFG in 2016.
Anti-Competitive Behaviour
Product & Business Regulations
![Page 14: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/14.jpg)
www.redflaggroup.comwww.redflaggroup.com
REMEDIATION
![Page 15: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/15.jpg)
www.redflaggroup.com
Remediation options
What choices are available?
To not mitigate, but refuse to work with the third party. This requires you have all the information you think necessary to convince your business that this is the appropriate option.
To do nothing further. The aim of the due diligence process is to make decisions about a third party, so approval without the need for any further work is a good outcome.
To do deeper research. Diligence is part of an ongoing risk analysis process. When diligence on low risk entities identifies issues they are no longer low risk!
To recommend going ahead with the third party, but subject to conditions.
![Page 16: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/16.jpg)
www.redflaggroup.com
Remediation options
Can you remediate (remove) or manage (accept) risk
Not aware of how you do business
Missing information
Ongoing litigation
Political connections
Conflicts of interest
Policies, code, training, contract
Written undertakings, interviews, site visits
Media monitoring
Internal controls (financial, sign-off)
Internal controls (financial, sign-off)
![Page 17: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/17.jpg)
www.redflaggroup.com
Remediation options
What are the issues?
What options will remediate or manage the issues?• Who decides• Standard vs bespoke
How is it recorded and actioned?• Who does the
activities
Did it work?Were the options chosen correct?
Was it carried out?
![Page 18: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/18.jpg)
www.redflaggroup.com
Poll 2
2. Each remediation is decided on its own merits
How does your company decide what form of remediation actions to undertake?
3. We perform the same actions for all partners
1. We have clear risk-based rules which provides the scope in all cases
5. None of the above
4. Majority of cases are dealt with in a standard process, but some are handled differently
![Page 19: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/19.jpg)
www.redflaggroup.comwww.redflaggroup.com
RECOMMENDATIONS
![Page 20: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/20.jpg)
www.redflaggroup.com
Conclusion
Understand why you need the information so you can justify to your business.
Adapt to different locations to ensure you get the most value for the time and money you invest.
Determine what information you need to make a good decision, then look at the cost to deliver that in the regions you operate.
DUE DILIGENCE
![Page 21: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/21.jpg)
www.redflaggroup.com
Conclusion
Be aware of what your business is wanting to do with the partner.
Assess against what you expected the findings to be.
Ensure that the analysis is performed by people with the appropriate training.
ANALYSIS
![Page 22: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/22.jpg)
www.redflaggroup.com
Conclusion
Aim for a consistent approach, but have a plan for what remediation approaches will be acceptable in what circumstances.
Document and follow up on the actions
It’s ok to not do further remediation when the risk is understood and acceptable.
REMEDIATION
Some risks can’t be remediated – only accepted and managed
![Page 23: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/23.jpg)
www.redflaggroup.com
Integrity due diligence reports
Compliance technology solutions
Supply chain risk management solutions
Compliance outsourcing services
Other solutions and services
Please select the areas you would like us to provide more information on:
Questions and more information?
![Page 24: THIRD PARTY DUE DILIGENCE AND REMEDIATIONgo.redflaggroup.com/rs/489-KRE-151/images/Third-party due...To not mitigate, but refuse to work with the third party. This requires you have](https://reader034.fdocuments.in/reader034/viewer/2022050514/5f9e5fd0a6031f79713dc626/html5/thumbnails/24.jpg)
www.redflaggroup.com
Connect
Websitewww.redflaggroup.com
[email protected]@redflaggroup.com
Webinar schedule and recordings www.redflaggroup.com/webinars
Follow us Twitter: @redflaggroup LinkedIn: The Red Flag Group
Email your feedback or submit webinar topics to: [email protected]