No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

The Importance of a High-Risk Due Diligence Committee

by Michael Volkov
October 18, 2018
in Compliance, Featured
risk meter with dial pointed to max

A Call for Greater Multidisciplinary Oversight

As your company’s reliance on third parties grows, so too does the risk associated with doing business with these relatively unknown partners. Michael Volkov entreats companies to put in place more robust due diligence processes to minimize their third-party risks.

Believe it or not, but companies are still struggling with third-party risk management systems. I know this sounds hypercritical, but many companies continue to hang onto paper due diligence systems (sometimes with or without a SharePoint platform to store third-party due diligence documentation). An even smaller percentage of companies are automating their due diligence programs, a basic requirement for all companies with a minimum number of third parties.

It is disturbing that in the face of government focus on third parties, companies have not yet buttoned up their third-party risk management systems. A failure to act in this situation cannot be justified. The investment in an automated platform is relatively insignificant, especially when you consider relevant risks.

Assuming that your company is one of the lucky ones and has implemented an automated third-party risk program, a company should target its high-risk third parties. Companies regularly conduct business with the assistance of high-risk third parties. The estimated percentage of a company’s third-party high-risk partners usually falls somewhere between 10 and 20 percent of its entire third-party population.

To supplement an automated system, companies should consider creating a high-risk due diligence committee with responsibility for oversight of the onboarding, monitoring and auditing processes for high-risk third parties. By centralizing this function, a high-risk due diligence committee can create a management tool that would enforce consistent standards and application of risk management tools.

As an initial step, a company has to develop criteria to determine its universe of high-risk candidates. Most companies focus on the following factors:

  • Country of operation and relevant corruption measures,
  • Industry corruption measures in a relevant country,
  • Financial relation based on annual revenues,
  • Length of relationship,
  • Nature and extent of government interactions,
  • Type of relationship: representational (e.g. agent, distributor, lobbyist, consultant or vendor/supplier) and
  • Past misconduct.

A third-party due diligence committee would consist of representatives from compliance, legal, internal audit, each business region, procurement/supply chain and a member of the senior executive team. Its responsibilities would include review and approval of:

  • New third-party relationships,
  • The specific contract with the third party,
  • A program to monitor third-party activities,
  • A training program for the specific third party,
  • A determination of the comparability of a third-party ethics and compliance program and
  • A plan to audit the company’s high-risk third parties through sampling and scheduling of audit program.

In light of a company’s high-risk third parties, companies have to intervene and set up a specific control to mitigate such risks. While I am reluctant to advocate a new bureaucratic mechanism, it is clear that additional measures are needed.

Companies have to take greater responsibility for their third-party risks. If they cannot adopt modest requirements such as an automated platform, companies have to implement additional controls based on risk-ranking and allocation of resources.

This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Tags: Third Party Risk Management
Previous Post

3 Ways to Leverage Predictive Analytics

Next Post

Proceed with Caution When Using Artificial Intelligence

Michael Volkov

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

Build and Scope Better Vendor Due Diligence Questionnaires

Build and Scope Better Vendor Due Diligence Questionnaires

by Corporate Compliance Insights
May 18, 2023

Make sure you're asking all the right questions when onboarding new third-party vendors White Paper Build and Scope Better Vendor...

ProcessUnity 4th and Nth Party Management_f

Best Practices for Fourth and Nth Party Management

by Corporate Compliance Insights
May 17, 2023

Are you looking for enough down the line for vendor risks? White Paper Best Practices for Fourth and Nth Party...

svb_f

Risky Business: Important Lessons From SVB’s Demise

by Atul Vashistha
March 28, 2023

When all is said and done, it’s likely that Silicon Valley Bank’s failure will be traced back to one serious...

credit score gauge

Sales at All Costs? Unified Credit Risk Management Can Squash Bad Deals Before They Happen

by Matthew Debbage
March 15, 2023

The collapse of a business doesn’t usually happen all at once. There are warning signs. Late payments, legal filings and...

Next Post
closeup of excel spreadsheet

Proceed with Caution When Using Artificial Intelligence

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT