2016 3P Benchmark Webinar

transcript

www.navexglobal.com

Benchmarking Your Third Party Risk Management Program

October 26, 2016

www.navexglobal.com

P R E S E N T E D B Y

CEO & OwnerThe Volkov Law Group

Randy Stephens

Vice President, Advisory ServicesNAVEX Global

Michael Volkov

www.navexglobal.com

Agenda

• Third Party Risk Management in Your Compliance Program

• NAVEX Global’s 2016 Third Party Risk Management Benchmark Report

• State of Third Party Risk Management Today

• Approach to Third Party Due Diligence

• Third Party Risk Management Program Maturity

• Program Performance and Satisfaction

• Take-Aways and Recommendations

• Q&A

www.navexglobal.com

In This Webinar You Will Learn…

• How your program stacks up against 394 of your peers

• Top objectives and challenges for third party risk managers

• Trends in how organizations like yours are screening and monitoring third parties

• How mature programs approach third party risk management and their performance improvements

• How to leverage our findings to increase program effectiveness

www.navexglobal.com

Survey Question

How concerned are you about your third party risk management program?

www.navexglobal.com

Agenda

• Q&A

www.navexglobal.com

The NAVEX Global Compliance Ecosystem

NAVEX Global offers a comprehensive suite of solutions that support each element of your ethics and compliance program:

• Establish and Manage Policy

• Train and Engage

• Report and Resolve

• Assess and Monitor

• Expert Guidance

www.navexglobal.com

Agenda

• Q&A

www.navexglobal.com

2016 Third Party Risk Management Benchmark Report

• Facilitated by a third party research firm in August and September, 2016

• 394 respondents completed the survey

• Respondents represent:

21 industries

54% Senior managers and C-level

28% Management

18% Non-managers and other roles

• Respondents include:

40% Large organizations (5,000+ employees)

31% Medium sized organizations (500-4999 employees)

29% Small organizations (<500 employees)

www.navexglobal.com

State of Third Party Risk Management Today

B E N C H M A R K I N G Y O U R T H I R D P A R T Y R I S K M A N A G E M E N T P R O G R A M

www.navexglobal.com

Survey Question

What is your top third party risk management program objective?

www.navexglobal.com

Top Objective is to Protect the Organization From Risk

www.navexglobal.com

This Year, the Top Challenge is Conflicts of Interest

www.navexglobal.com

Top Internal Program Challenges Focused on Resources

www.navexglobal.com

Budgets Remaining Steady or Growing

www.navexglobal.com

An Increase in Third Party Legal Action

• There has been an increase in legal or external regulatory action (32% in 2016 vs. 21% in 2015), representing a 34% increase.

www.navexglobal.com

Legal and Regulatory Action Frequency Increasing

www.navexglobal.com

Fear of third party failure tops fear of corruption this year.

• Top objectives reveal a fear that lack of control over third parties can negatively impact the organization

• Conflicts of interest are top of mind, bribery and corruption in the number two spot. Conflicts of interest can be an indicator of a broader set of issues

• Cyber security concerns are top of mind, especially in banking and healthcare

• Internal program concerns focus on a lack of resources and desire to create and deliver comprehensive coverage, yet budgets are not growing to match demand

• The frequency of legal and regulatory actions related to third parties has increased, adding urgency to program performance

Slight Changes in Priorities

www.navexglobal.com

Approach to Third Party Due Diligence

www.navexglobal.com

Survey Question

How do you evaluate your third parties before you engage with them?

www.navexglobal.com

A Drop in Risk-Based Pre-Engagement Evaluations

www.navexglobal.com

Less Than Half of Programs Screen and Monitor Well

www.navexglobal.com

In 2016, An Increase in Screening ALL Third Parties

www.navexglobal.com

But, Only 22% Monitor All of Their Third Parties

www.navexglobal.com

Multiple Sources for Discovering Red Flags

www.navexglobal.com

NAVEX Global strongly suggests a risk-based approach to third party risk management

• While more companies are screening all of their third parties, too few continuously monitor them

• The FCPA Resource Guide* suggests organizations “should take on some form of ongoing monitoring of third party relationships”

• To cover all your potential third party risks, best practices are to do continuous monitoring of all of your third parties

• Organizations deploying continuous monitoring can deal with issues immediately and appropriately. It also provides transparency and offers the most defensible position.

• Tools are available to optimize your third party screening and monitoring program

Approach to Due Diligence is Often Incomplete

* A Resource Guide to the U.S. Foreign Corrupt Practices Act. See references slide.

www.navexglobal.com

Third Party Risk Management Program Automation and Maturity

www.navexglobal.com

Only 8% Use an Automated and Purpose-Built Solution

www.navexglobal.com

Survey Question

How do you evaluate your program’s maturity?

www.navexglobal.com

Most Programs are Maturing

Maturing programs either screen all of their third parties but don’t continuously monitor all of them, or screen the majority of their third parties and have some level of structured and continuous monitoring in place.

www.navexglobal.com

Automation and Maturity Often Overlap

• Organizations that use automated systems and those with Maturing / Advanced programs tend to have a greater number of FTEs and higher budgets assigned to manage third party risk management. Those that do not use automatic systems and those with Reactive / Basic programs also tend to have one or zero FTEs assigned to manage their third party risk.

www.navexglobal.com

Mature Programs are More Likely to Screen All Third Parties

www.navexglobal.com

Mature Programs Also Monitor More Aggressively

www.navexglobal.com

Both options enable better risk management

• Mature programs are more likely to have invested in automation, which extends program capabilities

• Mature programs tend to screen and monitor all of their third parties. This delivers visibility unavailable in less centralized and consistent programs

Program Automation and Maturity

www.navexglobal.com

Program Performance and Satisfaction

www.navexglobal.com

Automated Systems Improve Program Satisfaction

www.navexglobal.com

Mature Programs Show Even More Program Satisfaction

www.navexglobal.com

Use of Due Diligence Vendors Enhance Satisfaction

www.navexglobal.com

Use of a Due Diligence Vendor Helps Identify More Red Flags

www.navexglobal.com

With an increase in legal and regulatory actions, those with mature programs are better positioned to mitigate risks

• Maturing programs have operationalized their efforts and are screening and monitoring most or all of their third parties

• Automated systems enable risk managers to focus on critical tasks rather than basic program management (aka, internal resources or Internet searches)

• A combination of automation and maturity leads to the best program results

Performance and Satisfaction Tied to Program Investment

www.navexglobal.com

Agenda

• Q&A

www.navexglobal.com

Most organizations indicate they could be doing a better job managing their risk.

• 58% indicate they do a good job complying with laws and regulations and less than 25% rate their overall program as Good

• 30% indicate they expect their organizations will increase third party engagements in the next year

• Less than half conduct due diligence screening on ALL their third parties

• 22% continuously monitor ALL their third parties

• One-third of organizations have faced legal or regulatory issues that involved third parties

• 50% of these involved average costs of $10,000 or more per incident

There are strong indications that programs that screen, monitor and use automated third party management platforms see better program performance

Key Take-Aways

www.navexglobal.com

Program sophistication is the differentiator.

• As organizations realize the amount of work and resources required to adequately manage their third party engagements, automation can deliver clarity, program completeness, and confidence

• Program sophistication supersedes organization size, budget, FTEs and the number of third parties managed in terms of program performance and satisfaction

• Organizations of all sizes should approach third party risk management with purpose and focus:

• Measurement, milestones, and outcomes

• Program efficiency, effectiveness, structure and performance

Recommendations

www.navexglobal.com

Attend the NAVEX Global Virtual Conference

www.navexglobal.com

Third Party Risk Management Program

• Third Party Risk Management Tools and Thought Leadership: www.navexglobal.com/Resources

WHITEPAPER: How to Automate Third Party Due Diligence Monitoring: Ten Steps to Success

WHITEPAPER: A Prescriptive Guide to Third Party Risk Management

Visit Our Website to Access More Benchmarking Resources From NAVEX Global:

• E&C Hotline Benchmark Report

• E&C Training Benchmark Report

• E&C Policy Management Benchmark Report

• Consulting Solutions:

Learn how our Advisory Services team can help you identify and address program gaps with risk and culture assessments, in-person training and more. Request a consultation today.

• Department of Justice Resource Guide

www.navexglobal.com

Thank You!

Randy Stephens Vice President, Advisory Services NAVEX Globalrstephens@navexglobal.com

Michael Volkov Chief Executive OfficerThe Volkov Law Group

mvolkov@volkovlaw.com

2016 3P Benchmark Webinar

Business