Compliance professionals know intuitively that we’re in the midst of a disruptive evolution, with big data being a way of life and emerging technologies like AI and blockchain promising more to come.
But what’s the immediate implication of available technology and how should organizations look to design a third party risk management framework that leverages these effectively?
In the prior post, I talked about where the early evolution of data-technology and automation has brought us. In this post, I’ll look at some practical applications and predictions.
The Open Compliance and Ethics Group (OCEG), in partnership with Thomson Reuters, recently produced a framework exploring exactly this dynamic. In it, the intersect between various risk categories was explored.
To name but a few:
- Businesses must screen their third parties against OFAC and other international sanctions / watch-lists to ensure compliance
- Politically exposed persons and businesses (including state owned enterprises) and those appearing in adverse media searches pose additional heightened risks
- Other international bad actors associated with organized crime or illicit activity provide further business and reputational risk
- When on-boarding a new third party, firms want to know if this business has suffered any cyber or data breaches, or might currently possess critical vulnerabilities
- Compliance will also need to unpack the legal entity and directors, beneficial ownership structures, and may also care about high risk M&A on the horizon, or risky joint venture partners
- Along with financial health, environmental, social, governance scores…
…And the list goes on.
The good news is that all of this data is available. Firms have access to more insight than they ever have had before, as a balm to heightened risk and emerging risk categories.
But let’s add to the headache for a moment. Each of these data sources are obtained via various vendors or third parties. These are then referenced against obtained questionnaire data, as well as any other proprietary data that sits within an ERP, CRM or any other data environment.
And yet clearly, the data is neither standardized nor consistent, nor able to be easily matched, as each data source contains different secondary identifiers and they cannot always be easily mapped. False positives (and negatives) are rampant, and it’s incredibly difficult to know if “ACME Corp” is the same as “ACME Ltd.” And even if these are properly mapped using secondary identifiers, you’re unable to extract value across these data sets, by linking the data to form a holistic profile.
2017 saw savvy reg-tech players chip away at these headaches in a big way, by linking data across many sources, leveraging smart workflow and analytics, and allowing customers to automate significant chunks of this process, saving time doing manual remediation and significantly reducing false positives. If I have one prediction for 2018, it’s that the mere 7 percent of firms that had successfully integrated their data last year will increase drastically, as firms are finding technology provides a remarkably compelling, cost effective way to streamline their ABC and third party risk programs.
Early adopters of an integrated third party risk framework are already reaping the benefits. But in 2018 and onwards, the future is bright, with emerging technologies like Cognitive Computing providing the next inflection point where technology will instill an ever greater confidence in our ability to protect our businesses and safeguard our reputations.
Kevin Bogdanov is Director of Market Development, Americas for Thomson Reuters’s ‘Customer and Third Party Risk Management’ business. He has spent 12 years leading international teams and programs in the Enterprise Information Services, Technology, Finance, Risk and Compliance sectors. He’s currently exploring how data, technology, automation and AI will disrupt and redefine the practice of KYC and Third Party Risk Compliance. He can be contacted here.