2016 3p benchmark webinar
Post on 23-Jan-2018
120 Views
Preview:
TRANSCRIPT
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Benchmarking Your Third Party Risk Management Program
October 26, 2016
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
P R E S E N T E D B Y
CEO & OwnerThe Volkov Law Group
Randy Stephens
Vice President, Advisory ServicesNAVEX Global
Michael Volkov
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Agenda
• Third Party Risk Management in Your Compliance Program
• NAVEX Global’s 2016 Third Party Risk Management Benchmark Report
• State of Third Party Risk Management Today
• Approach to Third Party Due Diligence
• Third Party Risk Management Program Maturity
• Program Performance and Satisfaction
• Take-Aways and Recommendations
• Q&A
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
In This Webinar You Will Learn…
• How your program stacks up against 394 of your peers
• Top objectives and challenges for third party risk managers
• Trends in how organizations like yours are screening and monitoring third parties
• How mature programs approach third party risk management and their performance improvements
• How to leverage our findings to increase program effectiveness
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Survey Question
How concerned are you about your third party risk management program?
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Agenda
• Third Party Risk Management in Your Compliance Program
• NAVEX Global’s 2016 Third Party Risk Management Benchmark Report
• State of Third Party Risk Management Today
• Approach to Third Party Due Diligence
• Third Party Risk Management Program Maturity
• Program Performance and Satisfaction
• Take-Aways and Recommendations
• Q&A
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
The NAVEX Global Compliance Ecosystem
NAVEX Global offers a comprehensive suite of solutions that support each element of your ethics and compliance program:
• Establish and Manage Policy
• Train and Engage
• Report and Resolve
• Assess and Monitor
• Expert Guidance
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Agenda
• Third Party Risk Management in Your Compliance Program
• NAVEX Global’s 2016 Third Party Risk Management Benchmark Report
• State of Third Party Risk Management Today
• Approach to Third Party Due Diligence
• Third Party Risk Management Program Maturity
• Program Performance and Satisfaction
• Take-Aways and Recommendations
• Q&A
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
2016 Third Party Risk Management Benchmark Report
• Facilitated by a third party research firm in August and September, 2016
• 394 respondents completed the survey
• Respondents represent:
21 industries
54% Senior managers and C-level
28% Management
18% Non-managers and other roles
• Respondents include:
40% Large organizations (5,000+ employees)
31% Medium sized organizations (500-4999 employees)
29% Small organizations (<500 employees)
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
State of Third Party Risk Management Today
B E N C H M A R K I N G Y O U R T H I R D P A R T Y R I S K M A N A G E M E N T P R O G R A M
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Survey Question
What is your top third party risk management program objective?
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Top Objective is to Protect the Organization From Risk
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
This Year, the Top Challenge is Conflicts of Interest
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Top Internal Program Challenges Focused on Resources
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Budgets Remaining Steady or Growing
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
An Increase in Third Party Legal Action
• There has been an increase in legal or external regulatory action (32% in 2016 vs. 21% in 2015), representing a 34% increase.
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Legal and Regulatory Action Frequency Increasing
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Fear of third party failure tops fear of corruption this year.
• Top objectives reveal a fear that lack of control over third parties can negatively impact the organization
• Conflicts of interest are top of mind, bribery and corruption in the number two spot. Conflicts of interest can be an indicator of a broader set of issues
• Cyber security concerns are top of mind, especially in banking and healthcare
• Internal program concerns focus on a lack of resources and desire to create and deliver comprehensive coverage, yet budgets are not growing to match demand
• The frequency of legal and regulatory actions related to third parties has increased, adding urgency to program performance
Slight Changes in Priorities
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
B E N C H M A R K I N G Y O U R T H I R D P A R T Y R I S K M A N A G E M E N T P R O G R A M
Approach to Third Party Due Diligence
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Survey Question
How do you evaluate your third parties before you engage with them?
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
A Drop in Risk-Based Pre-Engagement Evaluations
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Less Than Half of Programs Screen and Monitor Well
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
In 2016, An Increase in Screening ALL Third Parties
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
But, Only 22% Monitor All of Their Third Parties
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Multiple Sources for Discovering Red Flags
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
NAVEX Global strongly suggests a risk-based approach to third party risk management
• While more companies are screening all of their third parties, too few continuously monitor them
• The FCPA Resource Guide* suggests organizations “should take on some form of ongoing monitoring of third party relationships”
• To cover all your potential third party risks, best practices are to do continuous monitoring of all of your third parties
• Organizations deploying continuous monitoring can deal with issues immediately and appropriately. It also provides transparency and offers the most defensible position.
• Tools are available to optimize your third party screening and monitoring program
Approach to Due Diligence is Often Incomplete
* A Resource Guide to the U.S. Foreign Corrupt Practices Act. See references slide.
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Third Party Risk Management Program Automation and Maturity
B E N C H M A R K I N G Y O U R T H I R D P A R T Y R I S K M A N A G E M E N T P R O G R A M
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Only 8% Use an Automated and Purpose-Built Solution
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Survey Question
How do you evaluate your program’s maturity?
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Most Programs are Maturing
Maturing programs either screen all of their third parties but don’t continuously monitor all of them, or screen the majority of their third parties and have some level of structured and continuous monitoring in place.
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Automation and Maturity Often Overlap
• Organizations that use automated systems and those with Maturing / Advanced programs tend to have a greater number of FTEs and higher budgets assigned to manage third party risk management. Those that do not use automatic systems and those with Reactive / Basic programs also tend to have one or zero FTEs assigned to manage their third party risk.
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Mature Programs are More Likely to Screen All Third Parties
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Mature Programs Also Monitor More Aggressively
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Both options enable better risk management
• Mature programs are more likely to have invested in automation, which extends program capabilities
• Mature programs tend to screen and monitor all of their third parties. This delivers visibility unavailable in less centralized and consistent programs
Program Automation and Maturity
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Program Performance and Satisfaction
B E N C H M A R K I N G Y O U R T H I R D P A R T Y R I S K M A N A G E M E N T P R O G R A M
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Automated Systems Improve Program Satisfaction
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Mature Programs Show Even More Program Satisfaction
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Use of Due Diligence Vendors Enhance Satisfaction
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Use of a Due Diligence Vendor Helps Identify More Red Flags
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
With an increase in legal and regulatory actions, those with mature programs are better positioned to mitigate risks
• Maturing programs have operationalized their efforts and are screening and monitoring most or all of their third parties
• Automated systems enable risk managers to focus on critical tasks rather than basic program management (aka, internal resources or Internet searches)
• A combination of automation and maturity leads to the best program results
Performance and Satisfaction Tied to Program Investment
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Agenda
• Third Party Risk Management in Your Compliance Program
• NAVEX Global’s 2016 Third Party Risk Management Benchmark Report
• State of Third Party Risk Management Today
• Approach to Third Party Due Diligence
• Third Party Risk Management Program Maturity
• Program Performance and Satisfaction
• Take-Aways and Recommendations
• Q&A
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Most organizations indicate they could be doing a better job managing their risk.
• 58% indicate they do a good job complying with laws and regulations and less than 25% rate their overall program as Good
• 30% indicate they expect their organizations will increase third party engagements in the next year
• Less than half conduct due diligence screening on ALL their third parties
• 22% continuously monitor ALL their third parties
• One-third of organizations have faced legal or regulatory issues that involved third parties
• 50% of these involved average costs of $10,000 or more per incident
There are strong indications that programs that screen, monitor and use automated third party management platforms see better program performance
Key Take-Aways
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Program sophistication is the differentiator.
• As organizations realize the amount of work and resources required to adequately manage their third party engagements, automation can deliver clarity, program completeness, and confidence
• Program sophistication supersedes organization size, budget, FTEs and the number of third parties managed in terms of program performance and satisfaction
• Organizations of all sizes should approach third party risk management with purpose and focus:
• Measurement, milestones, and outcomes
• Program efficiency, effectiveness, structure and performance
Recommendations
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Attend the NAVEX Global Virtual Conference
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Third Party Risk Management Program
• Third Party Risk Management Tools and Thought Leadership: www.navexglobal.com/Resources
WHITEPAPER: How to Automate Third Party Due Diligence Monitoring: Ten Steps to Success
WHITEPAPER: A Prescriptive Guide to Third Party Risk Management
Visit Our Website to Access More Benchmarking Resources From NAVEX Global:
• E&C Hotline Benchmark Report
• E&C Training Benchmark Report
• E&C Policy Management Benchmark Report
• Consulting Solutions:
Learn how our Advisory Services team can help you identify and address program gaps with risk and culture assessments, in-person training and more. Request a consultation today.
• Department of Justice Resource Guide
© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com© 2015 NAVEX Global, Inc. All Rights Reserved.
www.navexglobal.com
Thank You!
Randy Stephens Vice President, Advisory Services NAVEX Globalrstephens@navexglobal.com
Michael Volkov Chief Executive OfficerThe Volkov Law Group
mvolkov@volkovlaw.com
top related