Benchmarking Your Third Party Risk Management

Benchmarking Your
Third Party Risk Management Program
October 26, 2016
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
P R E S E N T E D
B Y
Randy Stephens
Vice President, Advisory Services
NAVEX Global
© 2015 NAVEX Global, Inc.
All Rights Reserved.
Michael Volkov
CEO & Owner
The Volkov Law Group
www.navexglobal.com
Agenda
•
Third Party Risk Management in Your
Compliance Program
•
NAVEX Global’s 2016 Third Party Risk
Management Benchmark Report
•
•
•
•
State of Third Party Risk
Management Today
Approach to Third Party Due Diligence
Third Party Risk Management
Program Maturity
Program Performance and Satisfaction
•
Take-Aways and Recommendations
•
Q&A
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
In This Webinar You Will Learn…
•
How your program stacks up against
394 of your peers
•
Top objectives and challenges for third
party risk managers
•
Trends in how organizations like
yours are screening and monitoring
third parties
•
How mature programs approach third
party risk management and their
performance improvements
•
How to leverage our findings to increase
program effectiveness
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Survey Question
How concerned are you about your third party risk
management program?
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Agenda
•
•
Third Party Risk Management in Your
Compliance Program
NAVEX Global’s 2016 Third Party Risk
Management Benchmark Report
•
•
•
•
State of Third Party Risk
Management Today
Approach to Third Party Due Diligence
Third Party Risk Management
Program Maturity
Program Performance and Satisfaction
•
Take-Aways and Recommendations
•
Q&A
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
The NAVEX Global Compliance Ecosystem
NAVEX Global offers a
comprehensive suite of
solutions that support each
element of your ethics and
compliance program:
• Establish and Manage Policy
• Train and Engage
• Report and Resolve
• Assess and Monitor
• Expert Guidance
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Agenda
•
•
Third Party Risk Management in Your
Compliance Program
NAVEX Global’s 2016 Third Party Risk
Management Benchmark Report
•
•
•
•
State of Third Party Risk
Management Today
Approach to Third Party Due Diligence
Third Party Risk Management
Program Maturity
Program Performance and Satisfaction
•
Take-Aways and Recommendations
•
Q&A
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
2016 Third Party Risk Management Benchmark Report
•
Facilitated by a third party research firm in August and
September, 2016
•
394 respondents completed the survey
•
Respondents represent:
•

21 industries

54% Senior managers and C-level

28% Management

18% Non-managers and other roles
Respondents include:

40% Large organizations (5,000+ employees)

31% Medium sized organizations (500-4999 employees)

29% Small organizations (<500 employees)
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
B E N C H M A R K I N G YO U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
State of Third Party Risk Management Today
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Survey Question
What is your top third party risk management program
objective?
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Top Objective is to Protect the Organization From Risk
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
This Year, the Top Challenge is Conflicts of Interest
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Top Internal Program Challenges Focused on Resources
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Budgets Remaining Steady or Growing
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
An Increase in Third Party Legal Action
•
There has been an increase in legal or external regulatory action (32% in 2016 vs.
21% in 2015), representing a 34% increase.
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Legal and Regulatory Action Frequency Increasing
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Slight Changes in Priorities
Fear of third party failure tops fear of corruption this year.
•
Top objectives reveal a fear that lack of control over third
parties can negatively impact the organization
•
Conflicts of interest are top of mind, bribery and
corruption in the number two spot. Conflicts of interest
can be an indicator of a broader set of issues
•
Cyber security concerns are top of mind, especially in
banking and healthcare
•
Internal program concerns focus on a lack of resources and
desire to create and deliver comprehensive coverage, yet
budgets are not growing to match demand
•
The frequency of legal and regulatory actions related to
third parties has increased, adding urgency to program
performance
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
B E N C H M A R K I N G YO U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
Approach to Third Party Due Diligence
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Survey Question
How do you evaluate your third parties before you engage
with them?
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
A Drop in Risk-Based Pre-Engagement Evaluations
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Less Than Half of Programs Screen and Monitor Well
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
In 2016, An Increase in Screening ALL Third Parties
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
But, Only 22% Monitor All of Their Third Parties
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Multiple Sources for Discovering Red Flags
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Approach to Due Diligence is Often Incomplete
NAVEX Global strongly suggests a risk-based approach to third party risk
management
•
•
•
While more companies are screening all of their third parties, too few
continuously monitor them
The FCPA Resource Guide* suggests organizations “should take on some form
of ongoing monitoring of third party relationships”
To cover all your potential third party risks, best practices are to do continuous
monitoring of all of your third parties
•
•
Organizations deploying continuous monitoring can deal with issues
immediately and appropriately. It also provides transparency and offers the
most defensible position.
Tools are available to optimize your third party screening and monitoring
program
* A Resource Guide to the U.S. Foreign Corrupt Practices Act. See references slide.
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
B E N C H M A R K I N G YO U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
Third Party Risk Management Program
Automation and Maturity
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Only 8% Use an Automated and Purpose-Built Solution
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Survey Question
How do you evaluate your program’s maturity?
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Most Programs are Maturing
Maturing programs either screen all of their third parties but don’t continuously
monitor all of them, or screen the majority of their third parties and have some
level of structured and continuous monitoring in place.
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Automation and Maturity Often Overlap
•
Organizations that use
automated systems and those
with Maturing / Advanced
programs tend to have a greater
number of FTEs and higher
budgets assigned to manage
third party risk management.
Those that do not use automatic
systems and those with Reactive
/ Basic programs also tend to
have one or zero FTEs assigned
to manage their third party risk.
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Mature Programs are More Likely to Screen All Third
Parties
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Mature Programs Also Monitor More Aggressively
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Program Automation and Maturity
Both options enable better risk
management
•
Mature programs are more likely to
have invested in automation, which
extends program capabilities
•
Mature programs tend to screen and
monitor all of their third parties. This
delivers visibility unavailable in less
centralized and consistent programs
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
B E N C H M A R K I N G YO U R T H I R D PA R T Y R I S K M A N A G E M E N T P R O G R A M
Program Performance and Satisfaction
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Automated Systems Improve Program Satisfaction
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Mature Programs Show Even More Program Satisfaction
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Use of Due Diligence Vendors Enhance Satisfaction
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Use of a Due Diligence Vendor Helps Identify More Red Flags
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Performance and Satisfaction Tied to Program
Investment
With an increase in legal and regulatory actions,
those with mature programs are better positioned
to mitigate risks
•
Maturing programs have operationalized their
efforts and are screening and monitoring most
or all of their third parties
•
Automated systems enable risk managers to
focus on critical tasks rather than basic program
management (aka, internal resources or Internet
searches)
•
A combination of automation and maturity leads
to the best program results
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Agenda
•
Third Party Risk Management in Your
Compliance Program
•
NAVEX Global’s 2016 Third Party Risk
Management Benchmark Report
•
•
•
•
State of Third Party Risk
Management Today
Approach to Third Party Due Diligence
Third Party Risk Management
Program Maturity
Program Performance and Satisfaction
•
Take-Aways and Recommendations
•
Q&A
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Key Take-Aways
Most organizations indicate they could be doing a better job managing their risk.
•
58% indicate they do a good job complying with laws and regulations and less
than 25% rate their overall program as Good
•
30% indicate they expect their organizations will increase third party
engagements in the next year
•
Less than half conduct due diligence screening on ALL their third parties
•
22% continuously monitor ALL their third parties
•
One-third of organizations have faced legal or regulatory issues that involved
third parties
•
50% of these involved average costs of $10,000 or more per incident
There are strong indications that programs that screen, monitor and use
automated third party management platforms see better program performance
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Recommendations
Program sophistication is the differentiator.
•
As organizations realize the amount of work and resources required to
adequately manage their third party engagements, automation can deliver
clarity, program completeness, and confidence
•
Program sophistication supersedes organization size, budget, FTEs and the
number of third parties managed in terms of program performance and
satisfaction
•
Organizations of all sizes should approach third party risk management with
purpose and focus:
•
Measurement, milestones, and outcomes
•
Program efficiency, effectiveness, structure and performance
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Attend the NAVEX Global Virtual Conference
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Third Party Risk Management Program
•
Third Party Risk Management Tools and Thought Leadership:
www.navexglobal.com/Resources

WHITEPAPER: How to Automate Third Party Due Diligence Monitoring: Ten Steps to Success

WHITEPAPER: A Prescriptive Guide to Third Party Risk Management
Visit Our Website to Access More Benchmarking Resources From NAVEX Global:
•
E&C Hotline Benchmark Report
•
E&C Training Benchmark Report
•
E&C Policy Management Benchmark Report
Consulting Solutions:

•
•
Learn how our Advisory Services team can help you identify and address program gaps with
risk and culture assessments, in-person training and more. Request a consultation today.
Department of Justice Resource Guide
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Thank You!
Randy Stephens
Vice President, Advisory Services
NAVEX Global
rstephens@navexglobal.com
Michael Volkov
Chief Executive Officer
The Volkov Law Group
mvolkov@volkovlaw.com
© 2015 NAVEX Global, Inc.
All Rights Reserved.
www.navexglobal.com
Download PDF
Similar pages