The definition of “effectiveness” for a third party risk management program is quickly changing—how is your organization keeping up?
I usually avoid predicting the future because you are bound to get something wrong. But in this case I’m going to make an exception. Here is my 100 percent, sure-to-be true prediction: technology is going to change how compliance professionals do their jobs. I know this is not that risky of a prediction but I’m just getting started.
Technology has changed the way business is done overall. Everyone knows that. But few functions require juggling as many people, processes and data as compliance does. Furthermore, as business is done faster and on an increasingly global scale, the compliance function becomes more and more important to more and more people.
The important thing to keep in mind is that the underlying goals will not change—you are trying to make sure you know who you are doing business with and that they are not criminals. Plain and simple. It’s the how that is going to change.
To date, the profession has benefitted from technology the same way other business functions have. But I think that is about to change. Now come the real predictions…
Third Party Data Overwhelm Is Here
In the past, compliance officers struggled to get accurate and complete data. In the future, we will struggle with how to manage the large volumes of data we receive. We are going to have so much data we won’t know what to do with ourselves.
It is already happening. That 120-page basic background report you ordered for the tiny services provider that will be processing 10-15 visa applications a year? That is what I am talking about.
How do we keep our compliance programs “effective” in the face of all this data? As you know, FCPA enforcement actions by both the DOJ and the SEC remain high. We cannot ignore this.
The Ability to Streamline & Simplify Processes Will Separate Effective Programs From Ineffective Programs
Soon, the ability to streamline and simplify processes is what will separate “effective” compliance programs from ineffective ones. That is my big prediction. Basing what due diligence is needed on the unique risks facing your company, “risk-based due diligence,” will allow compliance professionals to effectively allocate their resources, including their own time and attention.
I’ve been closely watching the marketplace to see what systems and software are being developed to meet this need. It is rapidly changing. In working with NAVEX Global, I’ve realized the potential of integrated third party due diligence systems.
Related: Schedule a demo of NAVEX Global’s Third Party Risk Management solution at any time.
These systems combine a number of different processes that used to be separate and allow for a simple method to manage them all. Perhaps even more importantly, they analyze and manage the data, creating sophisticated risk algorithms to rank risks based on objective, tested criteria.
Conclusion
The definition of “effectiveness” for a third party risk management program is changing—new automated due diligence systems are game-changers in achieving effectiveness in the eyes of regulators.
