Technology is Transforming Third Party Risk Management: Predicting the Future
I usually avoid predicting the future because I am often wrong. But in this case I’m going to make an exception. Here is my 100 percent, sure-to-be true prediction: technology is going to change how compliance professionals do their jobs. I know this is not that risky of a prediction but I’m just getting started.
Technology has changed the way business is done overall. Everyone knows that. But few functions require juggling as many people, processes and data as compliance does. Furthermore, as business is done faster and on an increasingly global scale, the compliance function becomes more and more important to more and more people.
To date, the profession has benefitted from technology the same way other business functions have. But I think that is about to change. Now come the real predictions…
In the past, compliance officers struggled to get accurate and complete data. In the future we will struggle with how to manage the large volumes of data we receive. We are going to have so much data we won’t know what to do with ourselves.
It is already happening. The 120 page basic background report you ordered for the tiny services provider that will be processing 10-15 visa applications a year? That is what I am talking about.
How do we keep our compliance programs “effective” in the face of all this data? As you know, the risk of FCPA enforcement actions by both the DOJ and the SEC remain high.
The important thing to keep in mind is that the underlying goals will not change – you are trying to make sure you know who you are doing business with and that they are not criminals. Plain and simple. It’s the how that is going to change.
Soon, the ability to streamline and simplify processes is what will separate “effective” compliance programs from ineffective ones. That is my big prediction. Basing what due diligence is needed on the unique risks facing your company, “risk-based due diligence,” will allow compliance professionals to effectively allocate their resources, including their own time and attention.
I’ve been closely watching the marketplace to see what systems and software are being developed to meet this need. It is rapidly changing. In working with one company, NAVEX Global, I’ve realized the potential of integrated third party due diligence systems. These systems combine a number of different processes that used to be separate and allow for a simple method to manage them all. Perhaps even more importantly they analyze and manage the data, creating sophisticated risk algorithms to rank risks based on objective, tested criteria.
There is a lot to discuss on this topic. This past week, on March 10, 2015, I participated in a NAVEX Global-sponsored webinar on this very topic. In the webinar, I discussed how integrated third party due diligence systems will soon become a standard compliance program requirement. Jeff Weiss from NAVEX Global joined me at the webinar. A link to the recording of the webinar is here.