COMPLIANCE & RISK MANAGEMENT FORU M · Third party due diligence Continuous monitoring of high risk...

C O M P L I A N C E & R I S K M A N A G E M E N T F O R U M

A

A 2001548537/501513_1/501513/501513

2018 Compliance program annual assessment

Wellington Management Company LLP

For institutional use only. Not intended for reproduction or use with the public. Any views expressed herein are those of the author(s), are based on available information, and are subject to change without notice. Individual portfolio management teams may hold di�erent views and may make di�erent investment decisions for di�erent clients. The material and/or its contents are current as of the most recent quarter end, unless otherwise noted. Certain data provided is that of a third party. While data is believed to be reliable, no assurance is being provided as to its accuracy or completeness.

26 March 2019John Norberg Americas Chief Compliance O�cerWellington Management Company LLP

Copyright © 2018 All Rights Reserved2001337720/501513_1/G2493/G2493

A

A26 March 2019

Annual assessmentTitle Line 2Key program elements

ERC support

Testing & monitoring

Training

Policies & procedures

Risk assessment

Culture & structure

WellingtonManagementCompliance

Program

A1 2

Copyright © 2019 All Rights Reserved2001548664/501513_1/501513/501513

A

A26 March 2019

Annual assessmentTitle Line 2Conclusion

“Based upon the review of our Compliance Program as described in this Report, and using internal and external inputs and methodologies that we believe to be reasonable, we believe that our Compliance Program Rule Policies were adequate and effective in their implementation for the period 1 January 2018 through 31 December 2018.”

A1 3

Copyright © 2019 All Rights Reserved2001548665/501513_1/501513/G2493

A

A26 March 2019

Wellington ManagementTitle Line 2Compliance testing and monitoring

ERC support


Training


Risk assessment

Culture & structure


Program

•AggregateOwnership•AllocationofIPOfirstdaygains•Anti-moneylaundering&KYC•Bestexecution–Transactional•Bestexecution–Controls•Businesscontinuityplanninganddisasterrecovery

•CodeofEthics–Tradingahead•Emailretention•ERISAlimits•GuidelineMonitoring•HoldingDisclosure•MarketManipulation•MarketMaterials•MaterialNonpublicInformation•MiFIDIItransactionreporting•Tradeallocation–General•Tradeallocation–Fairnessover time

•VendorOversight

•Communicationsreview•Transactionaltesting•Investigations

•CodeofEthics–PersonalSecuritiesTransactions

•ConfidentialityofClientInformation•Errorresolutionanalysisandprocess

•EquityandFixedIncomeTradingPractices

•MaterialNonpublicInformation•Regulatoryreporting•Side-by-sidemanagement

Compliance testing (2018 tests) Forensic testing Compliance monitoring

A1 4

Copyright © 2019 All Rights Reserved2001548666/501513_1/501513/G2493

A

A26 March 2019

Annual assessmentTitle Line 2Testing and monitoring program

ERC support


Training


Risk assessment

Culture & structure


Program

2018 SOC 1 Report•Newaccountsetupandmaintenance•Contributionsandwithdrawals•Calculationofadvisoryfees•Guidelinemonitoring•Clientaccountreconciliations•Tradeauthorization&execution•Tradeallocation•Tradeconfirmation,communication&settlement•Securitiessetup&maintenance•Securitiesvaluation•Corporateactions•Clientreporting•Computeroperations•Dataretention•Logicalsecurity•Physicalsecurity•Changemanagement•Authorizedcounterparties

2018ComplianceControlsReport(ReportonManagement’sAssertiononSpecifiedComplianceControls)•CodeofEthics•Personaltrading•Recordretention•Proxyvoting•Requestforproposalprocess•Side-by-sidemanagementTradeexecution•Clientcommissionarrangements•Affiliatedtransactions•FormADVpreparationandfiling•FormADVdelivery•Section13filinga•Clientdisclosures(MDFP&FormN-1A)•Computeroperations•Dataretention•Logicalsecurity•Physicalsecurity•Changemanagement

Independent auditor Independent auditor

A1 5

Copyright © 2019 All Rights Reserved2001548539/501513_1/501513/501513A

A

Key 2019 themes and initiativesTitle Line 2

Open exams

Strengthening the 3LOD• Firmwideinfrastructureandcontrolsstrategicinitiative• Coordinationof2ndand3rdlinefunctions–“RiskPlatform”

Complianceprograminitiatives• Marketing Salespractices• COE Accentureinitiative• StrategicITinvestment GRCandregulatoryreporting

A

A26 March 2019 A1 6


A

A26 March 2019

Questions and feedbackTitle Line 2

A1 7

A

A 2001545153/500939_1/500939/500939

Information security



26 March 2019Justin Peavey Chief Information Security O�cerWellington Management Company LLP


A

Wellington information securityTitle Line 2Updates from last year

Remediation work on 2017 SOC1 Qualification• Unqualifiedopinionon2018SOC1• NoITorAccessControlrelatedexceptions

ContinuedmigrationofcoreinfrastructuretoAWS• Migrationofcoreinvestingandtradingsystemsunderway• Expectedcompletionin2020

NewIdentityandAccessManagementProcessesandTooling• ITControlsfunctionandInternalAuditcollaborationonaccessoversightfor keysystems

• ImplementingnewIdentityGovernanceprocessesandtechnology

NewCyberAnomalyDetectionandResponse• Risk-basedcyberanomalyscoringwithescalationtoCyberDefenseTeam

A

A26 March 2019 A1 2


A

A26 March 2019

Wellington information securityTitle Line 2Program components and capabilities

Information technology risk management•Governance,awareness,andoutreach•Riskidentificationandassessment•Vulnerabilitymanagement•Controlscomplianceand effectiveness

Identityandaccessgovernance•Accesscontroldesignandsupporting processes

•Accessmanagementsupport

Networkandsecurityoperations•24x7operationalsupportofcriticalsecuritytechnologyandprocesses

•Cyberincidentinvestigation support

Securityarchitectureandengineering•Securityarchitecturalpatterns•ITandbusinesssecuritysolution design

•Cyberincidentinvestigation support

Cyberdefense•Threatidentificationand assessment•24x7securityeventmonitoring,triage,investigation,andescalation

•Cyberincidentresponse

A1 3


A

A26 March 2019

Wellington information securityTitle Line 2How Wellington looks at cyber risk

Assessing riskUnderstand attacker motivation and target

“How it happened” affects the magnitude of the reputational impact

Things to look forRisk informed culture

Security by design

Open threat sharing

Detect and respond ≥ protect

Wellington’s cyber risk focus areasIdentity and access management

Cyber incident detection and response

Data loss prevention

Third-party and supply chain risks

Threat and vulnerability management

Cybercrime

Espionage Insider

Hactivism

A1 4


A

Wellington information securityTitle Line 2Program highlights

Staffing• DedicatedInformationSecurityfunctionandstaffingacrossthreeregions• 24x7MonitoringwithescalationtoglobalCyberDefenseteam• ActiveThreatanalysis,investigation,incidentresponseandintelligencesharingcapabilities• PremierFinancialServicesInformationSharingandAnalysisCenter(FS-ISAC)member

Governance• Programoversightthroughfirm’sOperationalResilienceCommitteeandadvisedbyacross-functional steeringgroup

• UpdatesprovidedtofirmRiskManagementCommitteeandappropriateboards

Firm-WideAwarenessTraining• Requiredannualtrainingandtestingofallpersonnelonkeysecuritytopicsandpolicies• Proactiveandongoingtestingofusers’knowledgewithactive“phishing”andsocialengineering• Targetedtrainingfor‘highrisk’fuctionsandteams

RiskBasedControls,SecurityReviewsandInspections• Business-drivenaccesscontrolapprovalswithquarterlyuseraccessreviews• RegularcontrolstestingandauditsaspartoftheSSAE-16/SOC1process• VulnerabilityManagementprogramwithoversightofsecuritypatchingandremediationforhighriskresources• VendorandproductinformationsecurityreviewsaspartoftheVendorManagementprogram• Regularthird-party“penetration”testingofinfrastructureandpublic-facingapplications

SecurityArchitecture/Infrastructure• Infrastructureanddeploymentsecurityisintegratedwitheveryproject• Multi-layer“nextgeneration”firewalls,IDS,automatedmalwareanalysis,reputationfiltering,SIEM• Regularnewinvestmenttoconstantlyassessandimprovecapabilities

A

A26 March 2019 A1 5

A

A 2001543814/500206_9/500206/475787

Operational risk management



Tony Da Silva Associate Director, Operational Risk Management Bill Gagliardi Director, Risk ServicesMatt McGonagle Director, Portfolio IntegrityScott Weinberg Director, Client Service Management


A

A26 March 2019

Our operational risk management modelTitle Line 2Risk Services

Operational Risk Management

Internal Audit

Third Party Risk ManagementEnterprise Sourcing

A1 2


A

A26 March 2019


Operational Risk ManagementRisk identification and assessment

Risk mitigation strategies

Cross-functional solutions

Internal Audit

Third Party Risk ManagementEnterprise Sourcing

A1 3


A

A26 March 2019





Third Party Risk Management

Enterprise SourcingStrategic outsourcing

Procurement and risk-based contract management

Corporate insurance management

Internal Audit

A1 4


A

A26 March 2019





Internal Audit

Third Party Risk ManagementThird party due diligence

Continuous monitoring of high risk relationships

Performance monitoring




A1 5


A

A26 March 2019





Internal AuditAssurance on design and effectiveness of key operational controls

Independent testing of controls

Controls advisory and special projects

Third Party Risk ManagementThird party due diligence

Continuous monitoring of high risk relationships





A1 6


A

A26 March 2019

Risk ServicesTitle Line 2Dual mandate

Risks

Strategic

Operational

Reputational

Regulatory

ORM

RCSA

Incident response

Risk working groups

Internal audit

Audit planning execution

Incident response

Data analytics

Challenge

eSourcing

Vendor risk assessments

Advisory

ORM

Enterprise solutions

Business process redesign

Internal audit

Control advisory

System implementation

eSourcing

Strategic outsourcing


Insurance program

A1 7


A

A26 March 2019

Business Assessment & Monitoring (BAM) initiativeTitle Line 2“Enhancing our ability to make informed business decisions”

Products(Assessing)

Internal Investor Servicing(Assessing)

Solutions(initiated)

Client Servicing (Implemented)

Context for change

Creative client solutions

Product complexity

Global distribution

Emphasis on service quality

Executive level focus on informed decision making

Objectives

Early identification of servicing requirements

Cross functional & holistic risk assessment

Structured analysis & escalation process

Consistent application of best practices

Business Functions

Controllable Operational Risk Drivers

A1 8


A

A26 March 2019

Sample servicing requirements dashboardTitle Line 2A structured assessment of cross-functional requirements

A1 9


A

A26 March 2019

Sample servicing requirements dashboardTitle Line 2A structured assessment of cross-functional requirements

A1 10


A

A26 March 2019

Business Assessment & Monitoring in actionTitle Line 2

Client/Prospect Relationship team Client Servicing

Portfolio Servicing

Trading

Legal & Compliance

Client requirements Assessment dashboard

Functional considerations

•Introduce“approved”servicing/operationalbest practices

•Facilitateagreementonservicing requirements

•Broadawarenessearlyinthebusinesslifecycle

A1 11


A

A26 March 2019

Business Assessment & Monitoring for SolutionsTitle Line 2Basic flow

Proposed client solution

Solution designPortfolio integrity coordinates assessment

Feedback

Dashboard

Solutions BAM working group

Line Management

Governance groups

A1 12

A

A 2001543815/500867_9/500867/475380

Enterprise third party risk management program



26 March 2019Jen Duest Manager, Third Party RiskMarcia Imer Associate Director, Enterprise Sourcing

Copyright © 2018 All Rights Reserved

A

A26 March 2019

Enterprise third party risk management programTitle Line 2

2001548476/500867_9/500867/475380

Framework/strategy

Risk assessment

Issue tracking/risk mitigation

Ongoing monitoring

The Enterprise Third Party Risk Management (TPRM) Program is intended to provide consistent, auditable and repeatable risk oversight to Wellington Management Group to enable effective, risk‑based decision making at on‑boarding and during on‑going oversight of third‑parties throughout the lifecycle of the relationship.

A1 2


A

A26 March 2019


Framework/Strategy Strong program

Identification of dependencies/inherent risk of relationships

Professionalisation/formality of process

Risk assessment

Issue tracking/Risk mitigation

Ongoing monitoring

A1 3


A

A26 March 2019


Risk assessmentLeverage automation & technology

Scalability of reviews

Service level risk‑based review

Ongoing monitoring

Issue tracking/Risk mitigation




A1 4


A

A26 March 2019


Issue tracking/Risk mitigation Engagement with business partners

Depth of additional review based on identified risks

Both inherent and residual risk



Service level risk‑based review

Ongoing monitoring




A1 5


A

A26 March 2019


Ongoing monitoringPerformance SLAs

Pulse on vendor health-continuous monitoring

Global regulatory environment

Issue tracking/Risk mitigation Engagement with business partners

Depth of additional review based on identified risks

Both inherent and residual risk



Service level risk-based review




A1 6


A

A26 March 2019

Enhancing the value to the businessTitle Line 2

Foundation FrameworkBusiness engagement

Automation & ScalabilityEvolution of program

Technology innovation

Enhanced value to business

Reporting & CommunicationPerformance metrics/monitoring

Globalization

Integration with other risk areas

Enhanced business partnership and accountability

2017

2018 – 2019

2019 – 2020

A1 7


A

A26 March 2019

Aligning objectivesTitle Line 2

Business objectives•Timetoonboard•Identificationofrisk•LeverageSMEtechnicalexpertise

TPRMprogramobjectives•Scalableplatformtomeasureandmonitorrisk

•Residualriskawareness•Enhancedvaluetobusinesspartners

A1 8


A

A26 March 2019

ExampleTitle Line 2Risk assessment process

Business has need for new vendor/new service

Assessment completed by vendor; SMEs evaluate responses

Initial intake form completed; Inherent risk determined

Deep dive discussions with vendor/onsite visit conducted

Due diligence kicks-off

Residual risk determined and communicated to business; elements of continuous monitoring established

A1 9


A

A26 March 2019








A1 10


A

A26 March 2019








A1 11


A

A26 March 2019








A1 12


A

A26 March 2019








A1 13


A

A26 March 2019








A1 14

A

A 2001543799/500771_2/500771/475787

Internal Audit



26 March 2019Adam Newmark Director, Internal AuditWellington Management Company LLP


A

A26 March 2019

Internal AuditTitle Line 2Priorities

Talent planning

Strategy & Synergies

Stakeholder outreach

Execution

A1 2


A

A26 March 2019


Capabilities

Team dynamics

Define hiring needsTalent planning



Execution

A1 3


A

A26 March 2019


Capabilities

Team dynamics

Define hiring needs

Key stakeholders

Global vs regional requirements

Define value proposition

Talent planning



Execution

A1 4


A

A26 March 2019


Capabilities

Team dynamics

Define hiring needs

Key stakeholders



Integration with Compliance & ORM

Committee engagement

Advisory opportunities

Talent planning



Execution

A1 5


A

A26 March 2019


Capabilities

Team dynamics

Define hiring needs

Key stakeholders



Integration with Compliance & ORM

Committee engagement

Advisory opportunities

Audit standards

Annual goals

And beyond

Talent planning



Execution

A1 6

A

A 2001543426/500921_0/500921/475698

Q&A with our CEO



26 March 2019Brendan Swords CFA, Chief Executive O�cerWellington Management Company LLP


A

A26 March 2019

StrategyTitle Line 2Alignment

Ownership model

Business model

Culture

Investment platform

Long-termism

Control own destiny

Attract/retain talent

Investment-led

Partnership (no silos)

Singular purpose

Investment-led

Diversified

Pristine balance sheet

Not all things to all people

Single global P&L (no silos)

Fiduciary mindset

Excellence

Respectful

Apprenticeship model

Humble

Trusting

Magnetic

Collegial (no silos)

Community of boutiques

Career research track

Globally integrated (no silos)

Humility and courage

A1 2

A

A 2001542152/500764_5/500764/500764

Global Trading Supervision



26 March 2019Tonda Bourque Associate Director, Global TradingRuby Salter Compliance Analyst, Capital Markets ComplianceAlex Vander Baan Trader, Americas Equity TradingWellington Management Company LLP


A

A26 March 2019

Market structure, regulation, and innovationTitle Line 2Changes from a trading perspective

Equi

ty/F

ixed

inco

me

trad

ed vo

lum

e

Time

1998US adopts alternative trading system rules to structure ECNs

1999Regulatory ATS allows ECNs to operate as broker dealers with exchange registration and eliminates and market making obligations

Electronic Trading of US Treasuries and European Government bonds begins

2000NASDAQ for profit

More powerful computers and development of algorithms enable high frequency trading

2007Quant crash

As a result of Regulation National Market System (NMS), US securities industry updates its trading model to facilitate automated trading and immediate price discovery

2009 – 2012Standardization of credit default swap (CDS) contracts enables electronic processing and centralized clearing of CDS trades

2005Formed to compile the “Consolidated Book”•Forcedpricecompetition

across exchanges •1centpriceincrements•Accessrules

(sharing of market data such as quotations)

NASDAQ and FINRA begin full dissemination of transaction and price data for all US corporate bonds

2001Tech crash

CS AES launced

Decimalization•Facilitatedsmaller

lots and market

2008Credit crisis

BATS exchange

Shorts sale bans•Temporary

ban to prevent “bear raids”

2010Flash crash

Direct edge exchange

Circuit breakers•Tradingpausestopreventwildprice swings

2004Dual list NYSE Sec

Equity

Fixed income

2009 – 2016Fixed income ETFs undergo further development and increased growth

Electronic platforms to facilitate bond trading experience global growth

2006NYSE for profit

2011Upstick rule•Restricts

short selling

A1 2


A

Global Trading – supervisionTitle Line 2Trader experience

A

A26 March 2019 A1 3


A

Global Trading – supervisionTitle Line 2Supervisor experience

A

A26 March 2019

Alert functionalityCentralized storage of rules EQ, FI, FX

Rules created to monitor compliance with policies, procedures, regulation, risk

Real time alerts pushed to trading managers

Enhanced review of trader judgement AND Memorialization of review

Audit trail

Trend analysis – used for supervisory reviews and oversight groups

Examples include: unallocate, aggregation, contra orders, manual order entry

A1 4


A

Global Trading – supervisionTitle Line 2Control framework

A

A26 March 2019

Global Trading Compliance Internal Audit

Who •BusinessManagers•TradeCoordinationDirectors/Managers•LineDirectors/Managers

•CapitalMarketsCompliance

•ComplianceandForensicTestingTeam

•InternalAuditTeam

What 1.Realtimemonitoringofdeskalternatives

•Contraorderplacements

•Non-standardallocations

•Orderscreatedmanually

•Ordersun-aggregated•Ordersun-cancelled•Warningoverrides•Re-allocation

2.Escalation•Researchanddocument

•ERCinstructed•Approvedallocationexceptions

•SampletestingonaperiodbasisinEquity,FI,andFX

•Examples:Pricebasedreviewofexecutionsrelativetoavailablebenchmarks/datasets,BestEx,Allocation

•Targetedreviewofprocessesforpotentialgapsorweaknesses

•Examples:FINewIssue,EQIPO,BestExecution,AllocationSupervision

Wetakeamulti-facetedapproachtosupervisionoftradingpersonnelandtradingactivity.Asthefirstlineofdefense,ourteamincludesdedicatedsupervisorswhooverseetradingactivityonaglobalandregionallevel,aswellasmanagersservinginplayer/coachrolesdirectlyonthedeskinordertoprovidealineofsightsupervision.

A1 5

Copyright © 2018 All Rights Reserved2000000298/501814_0/G1422/G1422

A

A

Important noticeTitle Line 2

©2018 Wellington Management. All rights reserved. | As of December 2018

Wellington Management Company llp (WMC) is an independently owned investment adviser registered with the US Securities and Exchange Commission (SEC). WMC is also a commodity trading advisor (CTA) registered with the US Commodity Futures Trading Commission. In certain circumstances, WMC provides commodity trading advice to clients in reliance on exemptions from CTA registration. WMC, along with its affiliates (collectively, Wellington Management), provides investment management and investment advisory services to institutions around the world. Located in Boston, Massachusetts, Wellington Management also has offices in Chicago, Illinois; Radnor, Pennsylvania; San Francisco, California; Beijing; Frankfurt; Hong Kong; London; Luxembourg; Singapore; Sydney; Tokyo; Toronto; and Zurich. This material is prepared for, and authorized for internal use by, designated institutional and professional investors and their consultants or for such other use as may be authorized by Wellington Management. This material and/or its contents are current at the time of writing and may not be reproduced or distributed in whole or in part, for any purpose, without the express written consent of Wellington Management. This material is not intended to constitute investment advice or an offer to sell, or the solicitation of an offer to purchase shares or other securities. Investors should always obtain and read an up-to-date investment services description or prospectus before deciding whether to appoint an investment manager or to invest in a fund. Any views expressed herein are those of the author(s), are based on available information, and are subject to change without notice. Individual portfolio management teams may hold different views and may make different investment decisions for different clients.

In Canada, this material is provided by Wellington Management Canada ulc, a British Columbia unlimited liability company registered in the provinces of Alberta, British Columbia, Manitoba, New Brunswick, Newfoundland and Labrador, Nova Scotia, Ontario, Prince Edward Island, Quebec, and Saskatchewan in the categories of Portfolio Manager and Exempt Market Dealer. In the UK, this material is provided by Wellington Management International Limited (WMIL), a firm authorized and regulated by the Financial Conduct Authority (FCA). This material is directed only at persons (Relevant Persons) who are classified as eligible counterparties or professional clients under the rules of the FCA. This material must not be acted on or relied on by persons who are not Relevant Persons. Any investment or investment service to which this material relates is available only to Relevant Persons and will be engaged in only with Relevant Persons. In Germany, this material is provided by Wellington Management International Limited, Niederlassung Deutschland, the German branch of WMIL, which is authorized and regulated by the FCA and in respect of certain aspects of its activities by the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin). This material is directed only at persons (Relevant Persons) who are classified as eligible counterparties or professional clients under the German Securities Trading Act. This material does not constitute investment advice, a solicitation to invest in financial instruments or financial analysis within the meaning of Section 34b of the German Securities Trading Act. It does not meet all legal requirements designed to guarantee the independence of financial analyses and is not subject to any prohibition on dealing ahead of the publication of financial analyses. This material does not constitute a prospectus for the purposes of the German Capital Investment Code, the German Securities Sales Prospectus Act or the German Securities Prospectus Act. In Hong Kong, this material is provided to you by Wellington Management Hong Kong Limited (WM Hong Kong), a corporation licensed by the Securities and Futures Commission to conduct Type 1 (dealing in securities), Type 2 (dealing in futures contracts), Type 4 (advising on securities), and Type 9 (asset management) regulated activities, on the basis that you are a Professional Investor as defined in the Securities and Futures Ordinance. By accepting this material you acknowledge and agree that this material is provided for your use only and that you will not distribute or otherwise make this material available to any person. In Singapore, this material is provided for your use only by Wellington Management Singapore Pte Ltd (WM Singapore) (Registration Number 201415544E). WM Singapore is regulated by the Monetary Authority of Singapore under a Capital Markets Services Licence to conduct fund management activities and is an exempt financial adviser. By accepting this material you represent that you are a non-retail investor and that you will not copy, distribute or otherwise make this material available to any person. In Australia, Wellington Management Australia Pty Ltd (WM Australia) (ABN19 167 091 090) has authorized the issue of this material for use solely by wholesale clients (as defined in the Corporations Act 2001). By accepting this material, you acknowledge and agree that this material is provided for your use only and that you will not distribute or otherwise make this material available to any person. Wellington Management Company llp is exempt from the requirement to hold an Australian financial services licence (AFSL) under the Corporations Act 2001 in respect of financial services provided to wholesale clients in Australia, subject to certain conditions. Financial services provided by Wellington Management Company llp are regulated by the SEC under the laws and regulatory requirements of the United States, which are different from the laws applying in Australia. In Japan, Wellington Management Japan Pte Ltd (WM Japan) (Registration Number 199504987R) has been registered as a Financial Instruments Firm with registered number: Director General of Kanto Local Finance Bureau (Kin-Sho) Number 428. WM Japan is a member of the Japan Investment Advisers Association (JIAA) and the Investment Trusts Association, Japan (ITA). WMIL, WM Hong Kong, WM Japan, and WM Singapore are also registered as investment advisers with the SEC; however, they will comply with the substantive provisions of the US Investment Advisers Act only with respect to their US clients.

A1

COMPLIANCE & RISK MANAGEMENT FORU M · Third party due diligence Continuous monitoring of high risk...

Documents

Transcript of COMPLIANCE & RISK MANAGEMENT FORU M · Third party due diligence Continuous monitoring of high risk...