Third Party Risk Resolution
Hello everyone. Just wanted to gather some best practices around third party risk management. Once you obtain results from your screening and some red flags are indicated, who in the company takes the final call on whether this is an acceptable risk and how is this typically documented? Thanks in advance.