Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
1
Risky Business: How to HandleDue Diligence Renewals
Live Webinar: May 9, 2017
2
Presenters
About The Red Flag GroupThe Red Flag Group is a global professional services firm specializing in integrity and compliance risk. We have completed over 500,000 due diligence reports for thousands of companies in the past 10 years and work with many Fortune 500 companies.
Susan MurrNon-Executive Director
The Red Flag Group
Tim FahertyGeneral Manager, Americas
The Red Flag Group
Denis JacobDirector – Global
Commercial Compliance
Becton Dickinson
3
Agenda
1 Introduction and overview
2 What are the regulatory expectations for due diligence renewals?
3 Practical tips for a risk-based renewal programme
4 A view from the trenches – how to develop, implement and manage a due diligence renewal programme
4
Overview
Due DiligenceWhen the time comes to renew, what do you do?
WHAT GUIDANCE IS OUT THERE FOR A DUE DILIGENCE RENEWALPROGRAM?
Practical considerations for your programme
A view from the trenches – lessons learned from developing, implementing and managing a due diligence renewal programme
55
Poll
We have a risk-based process that works well
Our process, like most processes, could use some improvement
What renewal process?
A
B
C
What is the state of your current renewal of low level due diligence process?
6
What are the regulatory expectations for due diligence renewals?
7
Some regulatory expectations
T H E B A S I C R E Q U I R E M E N T S
1
2
3
Well-designed
Applied in good faith
Working
8
Some regulatory expectations
DOJ/SEC Resource Guide to the FCPA
Recognizes the need to update due diligence periodically
Due diligence level should be commensurate with Risk-based due diligence should include
Acknowledgement that programme may not prevent an infraction in low risk area because greater resources and attention devoted to higher risks
Understanding qualifications and associations of 3rd parties
Business reputation
Relationship with government officials
Business rationale for needing the third party
Reasonableness of payment terms
Confirmation that work is actually being done
Overall risk for FCPA violations
Country
Size and nature of particular party/transaction
9
Some regulatory expectations
Root cause analysis and examination of prior indications
Comparison of compliance resources to other departments
Policy design – input and business consultation
Evolving updates – need to review practices
Information analysis – metrics
Continuous improvement, testing and review
Third party management– risk-based, review of incentives, red flags
D OJ E VA LUAT I O N O F C O R P O R AT E C O M P L I A N C E P R O G R A M S ( 2 0 1 7 ) C H E C K L I S T I N C LU D E S :
10
Some regulatory expectations
U K S E R I O U S F R A U D O F F I C E B R I B E R Y A C T G U I D A N C E
Periodic review of nature/extent of bribery exposure
Risk assessment
To include due diligence inquiries
Due diligenceProportionate, risk-based
Greater due diligence for higher risks
Continued monitoring may also be required
11
Establish a risk-based renewal due diligence program
Identify, prevent and mitigate risks relating to • The market in which the third party operates
• Any specific activities the third party performs
OTHER RESOURCES
JOINT GUIDANCE FOR MEDICAL DEVICE AND DIAGNOSTICS COMPANIES ON ETHICAL THIRD PARTY SALES AND MARKETING INTERMEDIARY [“SMI”] RELATIONSHIPS, DEVELOPED BY ADVAMED AND MEDTECH EUROPE
Some regulatory expectations
Risk assessment of third partiesCountry/geography
Local market legal requirements
More information if arrangement is unusual
Information from public sources, employees
Diligence Program
12
Know your risks beyond bribery
• Human rights, labor requirements, environmental requirements, etc.
Not all renewals are equal
• Riskier renewals = greater diligence
Some regulatory expectationsCommon threads
Risk-based means understanding
• Geographic risk• Business risk• Particular third party risk
Ongoing risk assessment + need for due diligence = due diligence renewal program
13
Practical tips for a risk-based renewal programme
14
Practical tips for a risk-based renewal programme
Where to start?
Your company’s risk profile
Your company’s geographic risk
Your company’s business risk
Changes since the initial process
Business needs Any other factors?
15
Practical tips for a risk-based renewal programme
Who to involve? Find the risk data
Compliance Sales IT
Internal Audit Investigations The business
16
A
B
C
16
Poll
Yes
No
Don’t have a renewal process in place
Does your due diligence process differentiate high, medium and low risk third parties to determine the frequency of renewal?
17
Practical tips for a risk-based renewal programme
By risk, by geography or other considerations
Continual renewals or finite periodic process
Where to start
T I M I N G I S E V E R Y T H I N G
How often
18
What’s expected vs. actual risk profile?
• Need to look at your data
How to update company information
• Questionnaires or no questionnaires
Practical tips for a risk-based renewal programmeOther considerations
Other company processes
• Any efficiencies?
How to engage the business
19
Practical tips for a risk-based renewal programmeBest practices
1 2 3
4 5 6
Find synergies with business and functions
Develop internal champions Don’t forget to publicize what is being done and why
Leverage technology as much as possible
Continually monitor results Considerations for high risk third parties
20
A view from the trenches –how to develop, implement and manage a due
diligence renewal programme
21
Developing the renewal programme
1 2 3
A view from the trenches How to develop, implement and manage a due diligence renewal programme
You’ve got to start somewhere Advance planning How to communicate
22
Who to involve
1 2 3
A view from the trenches How to develop, implement and manage a due diligence renewal programme
Home office vs. regions Business vs. functions How to find allies and
drive engagement
23
How to develop renewal criteria
A view from the trenches How to develop, implement and manage a due diligence renewal programme
1
What to think about
2
Risk-based factors
3
Practical considerations
24
Implementation
1 2 3
A view from the trenches How to develop, implement and manage a due diligence renewal programme
Don’t forget efficiency
Engaging hearts and minds Measuring progress
25
Managing the process
1 2 3
A view from the trenches How to develop, implement and manage a due diligence renewal programme
Best practices in communication
Effective use of metrics
Challenges and solutions
26
Reviewing results
2
A view from the trenches How to develop, implement and manage a due diligence renewal programme
What your renewal metrics might tell you Lessons learned
1
27
Some concluding thoughts
Renewal programmes are necessary, according to regulators
Efficiency is always important
Look at your data
• Leveraging regulatory expectations can help acquire budget money
• Check if risk identification is working
• Review what your renewal risk profile tells you about overall risk
Risks change and renewal programmes must account for change
28
Integrity due diligence reports
Compliance screening
Investigations
Proactive monitoring
Professional services
Compliance technology solutions
Supply-chain risk management
Compliance training
Compliance outsourcing
29
Please select any topics that you would like us to provide more information on.
29
More information?
Custom renewals roadmap and recommendations
Conducting due diligence renewals A
B
C
D
Due diligence reports
3rd party risk management
30
Questions?
31
Connect
Websitewww.redflaggroup.com
31
[email protected]@[email protected]
Webinar schedule and recordingswww.redflaggroup.com/webinars
Follow usTwitter: @redflaggroupLinkedIn: The Red Flag Group