Maximizing Compliance Opportunities: Your Vendor Onboarding Process and Vendor Master File
Compliance practitioners are opportunists. They have to look for openings in the corporate resource world to build partnerships with related functions. To put it another way, they are purveyors of compliance thinking – they inject the compliance mindset into functions that can advance the effectiveness of compliance controls.
When it comes to the vendor onboarding process, compliance practitioners need to participate in the design and implementation of procedures for screening, onboarding and monitoring vendor activity. For obvious reasons, a company faces significant risks from its vendors – a company has to make sure the vendor provides the requested goods and/or services, adheres to the company’s supplier code, and refrains from bribery of the company’s procurement officials or other improper activities. In certain circumstances, shady vendors can be used as a means to gain unauthorized access to company funds.
A chief compliance officer and the procurement officials need to coordinate their activities to maximize access to information about the vendor, verification of the vendor’ information, and ongoing monitoring of the goods and/or services it provides as well as payment arrangements for such goods and/or services.
A telltale sign of a compliance missed opportunity occurs when a company’s vendor master file contains little information beyond an unverified bank account for vendor payments.
As chief compliance officers focus on how to operationalize their compliance programs, they need to build a relationship with the procurement function, and most especially those responsible for vendor onboarding.
A vendor master file, if robust, can be an invaluable tool to gain information about a vendor’s ownership, business operations, and payment details. A new vendor should be screened appropriately for all significant risks, including anti-corruption, foreign official ownership, sanctions, and any other adverse information. Of course, new vendors have to be reviewed for basic financial information, often referred to as “TIN checks,” or tax identification number verification and basic credit status. In today’s world, however, a TIN check is not sufficient – screening has to be more robust for significant risks.
Instead, working with the CCO, a procurement system has to collect important information about a potential vendor, as well as the expectations for business interactions. What goods and services will the vendor provide? How much will the vendor be paid and what billing arrangements are being made? The vendor’s expenses will have to be coded to the correct company account and invoices will have to be reviewed to ensure that the vendor is actually providing the goods/or services.
If the time and investment is made in the vendor database, the CCO will have successfully leveraged a basic compliance function to maximize the collection of information to provide an important check on vendor activities.
By working with procurement, a CCO gains line of sight into the vendor and procurement function. In many high-risk countries, especially China, procurement is a high risk activity because of the ability of the procurement function to be influenced by potential vendors, and shadow vendors are often used to steal money from the company to fund a bribery scheme. A CCO who takes the time to work with procurement is building an important relationship and source for important information needed to minimize risks.