By Joseph Santos
Former Principal Consultant of Dun & Bradstreet, Data Strategy
Written: October 10, 2022
For compliance teams, establishing proper data management initiatives may not be high on the priority list, but they're becoming more and more relevant to third-party due diligence programs. There are a variety of reasons for this, but two of the primary ones are: 1) the burgeoning volume and velocity of new business data being generated globally, and 2) intensifying compliance requirements by regulators seeking to protect the market, consumers, and businesses from misconduct and corruption.
In today's global economy, we can confidently expect that compliance and fraud risk exposure will also continue to trend upward, fueled by the consistent progression of digital technology and the demand for faster, more agile financial transactions. In a recent risk management survey conducted by a leading global research and advisory firm, fully 89% of respondents said that they believed their organization's level of risk had remained steady or increased in the past 12 months.
Government regulatory bodies institute policies to help protect individuals and businesses from the effects of fraud and corruption. Failure to comply results in painful penalties, as well as reputational damage, which was named as the top concern of respondents to the risk management survey as a consequence of ineffective risk management.2 This tells us that there is much to do around data and third-party due diligence.
The due diligence process as it applies to suppliers and other third parties is used to detect and prevent events like money laundering, terrorism financing, financial fraud, and other improper activity. A reliable and effective data framework is the backbone of the effort to know your third parties (often abbreviated to KYTP).
A reliable third-party data framework helps minimize time and resources spent on collecting, fixing, and finding data you may or may not possess.
We must ensure a thorough understanding of the data and its sources so that this backbone can properly support the entire process, from screening and onboarding to relationship management and onward through the life cycle of the business relationship. With this, you can avoid or minimize spending valuable time and resources collecting, fixing, and finding data you may or may not possess. Here are two key areas where an effective KYTP program would depend on proper data management:
Here are some introductory suggestions for compliance teams without much experience advocating for better governance of the third-party risk data they need to work with:
In the current business environment — whether or not you want to call it “post-pandemic” — remote and digital transactions have become much more common as compared to in-person traditional methods. This includes greater use of remote strategies for monitoring third-party relationships and for identifying risks in supply chains and other business networks.
This translates to a greater-than-ever reliance on properly managed data to enable due diligence programs to work as they should — to make screening more efficient and accurate, to make risk management more comprehensive, and to help compliance become better known as a business value creator rather than a cost center.
Learn more about how we help compliance teams streamline their processes and manage risk more efficiently.
-------------------------------------
1 “Change the Culture of Risk Management to Increase Business Resilience” (a commissioned study conducted by Forrester Consulting on behalf of Dun & Bradstreet), August 2022.
2 Ibid.
3 Ibid.
Methodology: Forrester conducted an online survey of 423 risk management decision-makers at organizations in the United States, Canada, and United Kingdom between June and August 2022. Survey participants included decision-makers in finance; supply chain/procurement; and governance, risk, and compliance roles.
Philippines operates
in the Philippines