This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.
The DOJ’s compliance counsel, Hui Chen, pronounced this year as the compliance year of third-party due diligence. This has been a good year for compliance, but I would not characterize this year as limited to third-party due diligence.
I am not sure why Ms. Chen focused on third-party due diligence, but frankly there have been a number of significant developments in compliance, including third-party due diligence. I would offer two alternatives: the year of culture of ethics and the year of overall risk management.
We need to take a step back and look at the compliance landscape. I am not diminishing the importance of third-party due diligence, but many of my clients have been dealing with this issue for years.
Companies are moving beyond third-party due diligence and focusing on monitoring auditing, as well as other compliance priorities. With the rise of Compliance 2.0, there is greater focus on Board engagement, CCO empowerment and ethical culture in business operations. In-house sales personnel represent significant risks when they seek to develop business in emerging markets. The risk may be less than with third parties, but sales employees have to be trained, monitored and carefully controlled to mitigate risks.
Risk obsession inevitably leads to blindness, and CCOs face a daunting task of balancing one set of risks against another because of limited time and resources. In the future, technology, data and monitoring techniques will improve CCOs’ ability to monitor and proactively identify real and significant risks.
An obsessed focus on third-party risk will mean shortcomings as to risk monitoring of internal and other risk-creating operations. I am supportive of companies dedicated to implementing third-party risk solutions, especially automated programs that facilitate screening, recordkeeping and monitoring functions. So long as due diligence does not take over a company’s compliance program and is one facet of multiple objectives, CCOs will maintain a proper balance among risks.
This may have been the year of third-party due diligence, but we have many other priorities for future years – monitoring, measuring and promoting an ethical culture; training; organizational justice and many other competing priorities need to be elevated. The trick for every CCO is balancing all of these priorities while taking affirmative steps to advance each priority area.
CCOs have to avoid the danger of compliance blinders. Line of sight in an organization ensures that a CCO has proper oversight of corporate functions and can adequately balance multiple, competing objectives. When a CCO is buried deep in an organization, without appropriate authority, the CCO tends to be detached and lacking in focus.
For example, if a CCO focuses for months on implementing a due diligence system and ignores important operations such as training, the company will fall behind on important communications and training functions. The trade off is not worth it, and CCOs have to balance these two competing interests to ensure proper attention to communications and training.