Reducing the Risk in thiRd-PaRty

ELM Solutions

Reducing the Risk in thiRd-PaRty RelationshiPsA Practical Guide for Compliance Professionals

Intermediary

Contractor

Service provider

Outsourcer

Distributor

Dealer

Subcontractor

Franchisee

Vendor

agent

Business Partner

Representative

Supplierclient

this eBook will PRovide you with thRee key takeaways:

1third-party relationships

mean both great benefits

and great risks

2Management programs

based in best practices

mitigate third-party risk

3effective technology

is a crucial component

15minute read

ELM Solutions

ELM Solutions

1

taBle oF contents

intRoduction ................................................................................................................................................................................................................................................................... 2

chaPteR 1: ZeRoInG In on ThIRd-PARTy RISk ......................................................................................................................................................4

chaPteR 2: APPRoACheS To ThIRd-PARTy RISk MAnAGeMenT ..........................................................................................9

chaPteR 3: TeChnoloGy – A RequIReMenT foR SuSTAInAble PRoGRAMS ......................................... 20

chaPteR 4: key ConSIdeRATIonS foR A TeChnoloGy SoluTIon ..............................................................................23

conclusion ..........................................................................................................................................................................................................................................................................29

TABLE OF CONTENTS

Reducing the Risk in thiRd-PaRty RelationshiPsA Practical Guide for Compliance Professionals

ELM Solutions

2

intRoduction

What company does not rely on business relationships with third parties in some way? The services of third

parties are a necessity for most organizations in order to operate successfully in today’s global economy.

Third-party business relationships can deliver great benefits, but they also introduce a multitude of risks. every week the business news calls attention to enforcement actions for corporate regulatory violations, which often involve third parties. In fact, it has been widely reported that the majority (as high

as 90% in a recent year) of enforcement actions under the foreign Corrupt Practices Act (fCPA) involve third

parties.

Third-party relationships also introduce risks in the areas of security, privacy, reputation, finances, insolvency, business continuity, and geopolitics. Research shows that many organizations struggle

with the challenge of managing these risks, especially as the number of relationships grows. The good news

is that resources, such as best practice recommendations, are available to guide organizations in

establishing third-party management programs to fit their specific circumstances. And technology can help

to ensure that these programs are truly effective, efficient, and sustainable.

INTRODUCTION

ELM Solutions

3

of organizations have a business model that relies

heavily on vendors

“At the nation’s biggest banks and credit card companies, the list of third parties typically runs to more than 20,000 names; some firms might have 50,000 suppliers.” – Mckinsey & company

intRoduction

Krivin, Dmitry, et al. “Managing third-party risk in a changing regulatory environment.” McKinsey Working Papers on Risk, Number 46. McKinsey & Company, May 2013.

249 compliance & ethics

professionals responsible for

day-to-day operation of C&E

programs62% 187 senior executives in

ethics/compliance/anti-

corruption worldwide

average number of third parties per company3,868

Corporate exposure to third-party risk is wide-ranging

Society of Corporate Compliance and Ethics and NYSE Governance Services. 2014 Compliance and Ethics Program Environment Report.

Kroll and Compliance Week. Anti-Bribery and Corruption Benchmarking Report. 2014.

ELM Solutions

4

In an Industry Week article on third-party risk, Crowe horwath risk consultants Patrick Warren and Michael Varney present a categorization of third-party threats that manufacturers and other companies may face:

ChApTER 1

ZeRoing in on thiRd-PaRty Risk

ChApTER 1 / ZeRoInG In on ThIRd-PARTy RISk

Warren, Patrick and Michael Varney. “Third-Party Risk and What to do About It.” IndustryWeek, 23 May 2014.

Regulatory and legal violations

Breaches of systems and data

Reputation damage

Financial dependence (e.g., based on reliance on a single

supplier of a key item)

systemic events

geopolitical events

http://www.industryweek.com/supplier-relationships/third-party-risk-and-what-do-about-it

ELM Solutions

5

“We are seeing third-party vendors as a very significant source of cyber risk. You could have

a moat around a heavily fortified castle but if the bridge is down to your vendors, then your

fortifications become worthless.” – lisa J. sotto, partner and head of Global Privacy

and Cybersecurity, hunton & Williams


Perlroth, nicole. “heat System Called door to Target for hackers.” The new york Times, 5 feb. 2014.

“…The reality [is] that a large company is actually a sprawling network of interconnected vendors, and that weak security at any one vendor can

lead to a breach thatcosts hundreds of millions of dollars.”

– The New York Times

$$$ $

$$

PWC. “Managing cyber risks in an interconnected world – key findings from the Global State of Information Security® Survey 2015.” 30 Sep. 2014.

ELM Solutions

6

Risk categories for financial institutions apply broadly


The uS federal deposit Insurance Corporation (fdIC) devotes an entire chapter in its Compliance examination Manual for bank examiners to a discussion of third-party risk. While the focus is on financial institutions, the fdIC summary provides a useful categorization for organizations in other industries as well. In addition to reputation risk, credit risk (similar to financial dependence), and country risk (including geopolitical events), the fdIC includes:

Compliance risk — beyond potential violations of laws and regulations, practices or products of a third party may breach an organization’s internal policies and standards

Strategic risk — A third party may make “adverse business decisions” or execute business decisions in ways that are at odds with an organization’s strategic goals

Operational risk — losses may occur as a result of “inadequate or failed internal processes, people, and systems, or from external events” associated with a third party

Transaction risk — for any number of reasons, including poor planning/preparation, systems failure, mistakes, or fraud, a third party may fail to deliver products or services as expected

federal deposit Insurance Corporation. “Third Party Risk.” Compliance Examination Manual VII-4, Jan. 2014.

http://www.fdic.gov/regulations/compliance/manual/index.html

http://www.fdic.gov/regulations/compliance/manual/index.html

ELM Solutions

7ChApTER 1 / ZeRoInG In on ThIRd-PARTy RISk

A third-party representative’s conduct in violation of a law/regulation can generate costs to the organization beyond any direct fines and penalties levied by a government enforcer — for example, the costs of investigations, disruption of operations, etc. Such conduct may also lead to damage to the organization’s reputation and other equally serious consequences.

often third parties are engaged to assist a company in moving into new geographic regions and/or markets. It is imperative to determine both the full scope of the laws of the company’s home country, as well as any locale- and/or market-specific rules that are in play. Regulatory intelligence is clearly a critical component of any third-party risk management program.

– Michael Rasmussen of gRc 20/20

one of the most prevalent third-party risks: the threat of regulatory non-compliance

ELM Solutions

8

These survey results underscore companies’ concern with the regulatory risk associated with third parties. There appears to be heightened concern with third-party risk related to stringent anti-corruption laws and regulations, as evidenced by the focus on this in the guidance and research highlighted in the next chapter.

209 senior

compliance, audit,

risk, and ethics

officers worldwide

how much is the changing regulatory landscape driving companies to reassess their third-party relationships?


deloitte and Compliance Week. “Compliance Trends Survey 2014.” May 2014.

Increasing ongoing oversight (i.e., auditing, monitoring) on a prospective basis

Reassessing some or all of their existing business partners

bringing many of their business activities under more direct control and oversight

not at all

85%Reassessing

15%

49%

31%

5%

ELM Solutions

9ChApTER 2 / APPRoACheS To ThIRd-PARTy RISk MAnAGeMenT

A wealth of resources are available to help companies structure a third-party risk management program based in best practices. In addition to guidance issued by various regulatory bodies, corporate compliance and risk management experts write regularly on the topic of third-party risk.

A few of these experts’ recommendations are highlighted here, along with a brief look at what companies are doing with regard to third-party risk management. A more in-depth discussion of third-party risk management best practices is covered in the elM Solutions white paper, “Getting your Arms Around Third-Party Relationships.”

Tom Fox, independent consultant and author on FCpA compliance, describes five steps of the “life Cycle of Third Party Management” in his fCPA Compliance and ethics blog. These steps provide a convenient way to organize this discussion of best practices and current programs:

business Justification

questionnaire

due diligence

Contract

Relationship Management

ChApTER 2

aPPRoaches to thiRd-PaRty Risk ManageMent

1

2

3

4

5

http://www.wkelmsolutions.com/experts-corner/grc/getting-your-arms-around-third-party-relationships

http://www.wkelmsolutions.com/experts-corner/grc/getting-your-arms-around-third-party-relationships

https://tfoxlaw.wordpress.com/2014/03/31/life-cycle-of-third-party-management-step-1-business-justification/

https://tfoxlaw.wordpress.com/2014/03/31/life-cycle-of-third-party-management-step-1-business-justification/

ELM Solutions

10

Business JustiFicationTom fox suggests that the business justification should be prepared by the “business sponsor” of the third party and serve the needs of both the business unit and the compliance practitioner. It becomes part of the third party’s “compliance review file.”

Questions that the business justification should answer:

Y who? what? where? when? etc. on the third party organization

Y how was the third party identified?

Y what is the planned engagement?

Y why has this entity been selected for this engagement?

1 QuestionnaiRe 2for fox, a third-party questionnaire is a “mandatory step.” The third party’s response provides valuable data to inform the plan for due diligence.

Key questionnaire topics:

Y ownership structure

Y Financial qualifications

Y Personnel

Y Physical facilities

Y References

Y Politically exposed persons (PePs)

Y the ultimate beneficial owner(s) (uBos)

Y the compliance regime

Y appropriate compliance training and awareness

fox. “life Cycle of Third Party Management – Step 2 questionnaire.” 1 April 2014fox, Thomas R. “life Cycle of Third Party Management – Step 1 business Justification.” fCPA Compliance and ethics blog, 31 March 2014.

ChApTER 2 / APPRoACheS To ThIRd-PARTy RISk MAnAGeMenT

ELM Solutions

11

Regulatory authorities and compliance and risk experts alike recommend that third parties be categorized by the degree of risk posed. due diligence is then driven by risk category: the most intense scrutiny is focused on the relatively small number of third parties that represent the greatest risk. tasks at each level might include:


Y Internal review of available documentation and news on the third-party company, its owners, its financial healthY Checks against watch lists and other trusted sources for potential red flags

– Corruption, sanctions, other criminal activity

– Politically-exposed persons (PePs)

– Conflicts of interest

Y More in-depth internet searches and review of international media

Y More detailed background on directors and shareholders

Y Screening and searches of in-country and sector-specific information sources

Y In-person interviews with third-party owners/managers that will be responsible for the relationship

Y Interviews of references and business and/or political associates

Y Audit/review of the third party’s policies, controls, audit reports, and financial records

Y Independent in-country investigation of the third party’s compliance with relevant laws, regulations, and licensing requirements

Y In-house legal review of documentation collected

Risk categoRy:

LowRisk categoRy:

MediumRisk categoRy:

high

DUE DILIgENCE3

ELM Solutions

12


how are companies handling due diligence today?

187 senior

executives in

ethics/compliance/

anti-corruption

worldwide

of companies report conducting due diligence on third parties

97%

kroll and Compliance Week. Anti-bribery and Corruption benchmarking Report. 2014.

69% Reference checks

64% Information collected

by the business unit

56% Public databases (english only)

Most frequently noted components of due diligence

51% Adverse media searches

(local language)

51% Corporate legal department review

50% Public database (local language)

50% local jurisdiction corporate

registry sources

DUE DILIgENCE3


ELM Solutions


187 senior

executives in

ethics/compliance/

anti-corruption

worldwide

383 compliance

professionals in

companies with

anti-corruption

programs worldwide

time and cost are the most important

factors limiting anti-corruption due diligence

$+


dow Jones Risk & Compliance. “The dow Jones State of Anti-Corruption Survey 2014.” dow Jones Risk & Compliance, 22 April 2014.

77% Allegations/rumors

of paying bribes in the third party’s background,

but no proof

64% A history of litigation

60% The third party is a

politically exposed person

55%While the third party is well-known in the region, it is not

known to perform the work it would be doing for us

Factors that influence a decision not to work with a particular third party

how are companies handling due diligence today?DUE DILIgENCE3

ELM Solutions

14

CONTRACT4The contract with each third party should contain adequate protections to mitigate the risks that have been identified in the previous steps. Templates can provide a good starting point and ensure that all pertinent items are taken into account. points to consider include:

Commercial terms, viewed through a compliance lens fox recommends review of the commercial terms from a compliance perspective. for example, compare the planned compensation of the third party — whether in the form of commission, a discount rate, or other remuneration — to the norm for the industry, geography, etc. Rates that are higher than normal could signal potential corruption.

Compliance terms and conditions The experts agree that third-party contracts must include specific compliance terms and conditions, such as: anti-corruption affirmations, breach notice provisions, subcontractor approvals, audit rights, ongoing training requirements, annual certifications, re-qualification terms, etc.

Termination provisions finally, it’s important to lay out the conditions that will permit the organization to terminate the contract and the associated steps to be taken.


fox. “life Cycle of Third Party Management – Step 4 – The Contract.” 3 April 2014.

“… Contract termination is an inevitable phase in the third party relationship lifecycle.

As many risks as there are in the active phase of a third party relationship, there are

some that remain and also new ones that arise when the relationship is ending.”

Switzer, Carole. “breaking up is hard To do – Avoiding Pain by Planning for the end of a Third Party Relationship.” oceg.org Blog, 19 July 2014.

– carole switzer, OCEG

ELM Solutions


Are third parties required to sign an agreement agreeing to adhere to compliance standards?

Society of Corporate Compliance and ethics and nySe Governance Services. 2014 Compliance and ethics Program environment Report.

249 compliance &

ethics professionals

responsible for

day-to-day

operation of C&E

programsRequire third parties to sign an agreement to adhere to the company’s integrity standards

44% COMpANY’SINTEgRITYSTANDARDS

YESRequire third parties to sign an agreement to abide by a third-party or supplier code of conduct

23% SUppLIERCODE OFCONDUCT

YES33%

NO

CONTRACT4

“… Companies have begun creating ‘Supplier Codes of Conduct’ that lay out their expectations for suppliers to operate in a responsible and ethical manner … The multinationals then reference those codes of conduct and require that the supplier/partner comply with them.” – Baker & Mckenzie

baker & Mckenzie. “The companies you keep – Global Supply Chain Management: five Steps to Managing Third-Party Risk.” baker & Mckenzie, 2013

ELM Solutions

16

Management of third-party relationships involves a host of ongoing tasks, including: monitoring, training, responding to queries, handling issues, investigations of suspected violations, tracking and analyzing metrics, and auditing. fox notes that multiple roles in an organization play an important part in the management of every third-party relationship:

The relationship manager Most likely the business sponsor, acts as the liaison between the company and the third party, and is responsible for “monitoring, maintaining and continuously evaluating the relationship”

A compliance professional Acts as a resource and works with the relationship manager to answer compliance questions and “provide advice, training and communications” to the third party

An oversight committee Made up of senior management, reviews each third-party relationship at least annually and has approval authority over third-party requests for payments or non-monetary compensation

Audit Regularly executes “a systematic, independent and documented process” to establish “the extent to which your compliance terms and conditions are followed” by the third party


fox. “life Cycle of Third Party Management – Step 5 – Management of the Relationship.” 4 April 2014.

“You not only have a legal obligation to monitor the actions of your suppliers/partners,

but to respond appropriately to any issues that arise, and most importantly, remedy

the problems.”– Baker & Mckenzie

RELATIONShIp MANAgEMENT5

ELM Solutions


dow Jones Risk & Compliance. “The dow Jones State of Anti-Corruption Survey 2014.” dow Jones Risk & Compliance, 22 April 2014.

deloitte and Compliance Week. “Compliance Trends Survey 2014.” May 2014.

383 compliance

professionals in

companies with

anti-corruption

programs worldwide

209 senior

compliance, audit,

risk, and ethics

officers worldwide

are companies auditing third-party compliance?

“sometimes” audit “always” do43% 16%

“never” annually

16%at least quarterly

42% 19%how frequently do companies monitor their business partners?”

“Regulators expect companies to do a lot more regarding their vendors and other third parties. It’s not just about giving out their code of conduct; it’s about rigorous due diligence, training, oversight, and performing periodic compliance reviews.”


–thomas Rollauer, Executive Drector, Center for Regulatory Strategies, Deloitte & Touche LLP

ELM Solutions



say they neveR train third parties on anti-corruption efforts.58%

19.8% train annually

14.4% every 2 years

7.5% every 3-5 years

of those who do train:

do train third parties

52.6%

4.9%

Provide on-line or web-based training

distribute or post printed materials for review

42.3% Conduct in-person on-site training

42%

“Everybody has some form of anti-bribery policy in place. What they’re not doing is

educating their third parties, which is where most of the risk is.”

– Melvin glapion, Managing director, kroll


187 senior

executives in

ethics/compliance/

anti-corruption

worldwide

ELM Solutions

19

+


Vetting third parties before a business relationship?

Monitoring compliance after a relationship begins?

Auditing anti-bribery and corruption program compliance among third parties?

Training of third parties on anti-bribery policies and procedures?


how effective do you believe your company’s protocols and procedures are?

57%

43%

33% 33%

30% 29%

eFFective ineFFective

7%

17%

An important additional step is the periodic evaluation of the health of the third-party management program overall

pROgRAM REvIEw

187 senior

executives in

ethics/compliance/

anti-corruption

worldwide

ELM Solutions

20

“In a complex business environment, technology is essential for successful 3rd party

management.” – oceg

Given the numbers and variety of third-party relationships in which most companies engage, the implementation of a third-party management program can be a daunting challenge. A risk-based approach to due diligence and monitoring, the collaborative participation of multiple functions in the organization, and an effective technology solution are all critical for a sustainable program. The right technology solution offers benefits throughout the third-party management life cycle: Y Streamline development and ensure the consistency of the business justificationY Simplify both the creation of the third-party questionnaire and its collectionY Efficiently manage risk assessment and due diligence and ensure their defensibility Y provide a reliable framework for the third-party contractY Facilitate ongoing training, management, and oversight of third partiesY Support information-sharing and collaboration between functions involved in third-party management (e.g., compliance and legal)

ChApTER 3 / TeChnoloGy – A RequIReMenT foR SuSTAInAble PRoGRAMS

ChApTER 3technology – a ReQuiReMent FoR sustainaBle PRogRaMs

OCEG. “Integrated Third Party Management.” GRC Illustrated, 2014

ELM Solutions

21

essential tools


templates, checklists, and document assembly capabilities

Serve to standardize the various documents required and streamline their preparation, including business justifications, questionnaires, and even contracts

Rules and workflow engines Automate and bring consistency and efficiency

to necessary processes, ensure that the right people are involved, and enforce follow-up requirements and deadlines

Can help effectively structure preparation and review/signoff processes for the business justification, risk assessment, due diligence, and contracts, as well as the collection of questionnaires and the ongoing monitoring and renewal processes

central database and document management system Provides a single location

to store and access all pertinent information and documentation on each third party, including the business justification, questionnaire response, risk ratings, due diligence results, contract, attestations, etc.

Centralization simplifies information sharing among all of the individuals involved in third-party management

calendaring and task management features enable tracking of

important milestones and scheduling of review intervals (e.g., due diligence) appropriate to each third party

audit and logging capabilities Capture key documents, decisions, actions, events, etc.

and ensure the maintenance of adequate audit history for each third party

Robust reporting facilities ensure that those responsible for making

decisions about third-party relationships have the information needed to guide those decisions

ELM Solutions

22

Virtually every function associated with governance, risk, and compliance (GRC) comes into play in the ongoing management, oversight, and training of third parties. Technology can provide an enduring foundation for effective communication and collaboration among the various players and ensure their ability to fulfill their respective responsibilities. To do this successfully, a technology solution must address:


Proactive management of third parties exercises every aspect of GRC

Compliance management To enable continuous tracking and alerting of changes in regulatory and other compliance obligations; simplify procurement of legal opinions on the relevance and implications of these changes to third-party risk; and support appropriate response to changes in compliance obligations as they relate to third parties

Ongoing risk management To support continued monitoring of risk indicators; simplify scheduling of periodic due diligence reviews; enable recalculation of risk levels and generation of new due diligence tasks in response to changes

policy management To enable regular policy communications with third parties; provide access to the company’s code of conduct and applicable policies; manage attestations required from third parties (e.g., that they have read and agree to applicable policies, have completed related training, etc.); and maintain records of these activities

Management of internal controls and audit To streamline scheduling and planning for audits of third-party activities; provide visibility to enable identification of compliance gaps; and maintain an ongoing audit history

Incident and issue management To support intake, triage, and investigation of third-party related inquiries and allegations from a variety of internal and external sources; streamline identification, assignment, and tracking of any needed corrective actions (e.g., contract term revisions, additional payment controls, more frequent monitoring); provide early notification to legal staff and expedite engagement of legal resources to assist in resolution

ELM Solutions

23

The right technology solution can enable organizations to implement best practices and effectively manage the risk associated with third-party relationships across the business. Important factors to consider when evaluating a technology solution for third-party risk management include:

Y does it support a risk-based approach?

Y does the solution provide global visibility to third-party risk across the organization?

Y does it offer an easy to use, secure portal for communicating with third parties?

A brief discussion of each of these factors follows.

ChApTER 4 / key ConSIdeRATIonS foR A TeChnoloGy SoluTIon

ChApTER 4key consideRations FoR a technology solution

ELM Solutions

24

A risk-based approach enables prioritization, so that the most rigorous third-party due diligence and management efforts are focused on the highest risk relationships. This allows more efficient use of available resources and provides greater assurance that needed protections will be implemented where the risk is highest. The technology solution must support valid, accountable, and consistent risk management and due diligence processes – and do so on a continuing basis as changes occur. An effective solution is characterized by:

Y A customizable risk model that employs weighted risk factors, both pre-defined industry standard and company-specific

Y Integrated monitoring of internal and external data sources (e.g., for watch lists, PePs info, negative news, etc.) for detection of risk factors

Y Automated calculation — and recalculation as changes occur — of risk scores and recommended due diligence levels

Y Auto-generation of due diligence tasks by risk level

Y Alignment with industry standards (e.g., ISo 31000, oCeG) for risk management and due diligence

Y Customizable templates for key third-party management documents

Y A single system to identify, analyze, evaluate, mitigate, and monitor third-party risk

Y An historical view of changing third-party risk levels over time


Support for a risk-based approach

ELM Solutions

25

An effective third-party risk management solution must support a risk-based approach to enable prioritization of due diligence and management efforts to the highest risk relationships


1000s of third parties

What are the risk factors/indicators?

Gather information/data

Run Risk Model Use risk factors to calculate risk score that determines the risk level of each third party

Risk Scoring

Low Med High

Low Med High

Low

Med

High

Risk Assessment Customized due diligence plan

ELM Solutions

26

A global view of third-party risk, and the associated management efforts, enables the regular collaboration that is crucial to effective management. The solution must support all of the functions involved in managing third parties — business, compliance, risk, legal, audit, policy, etc. — and the employment of attendant services (e.g., outside counsel). The only truly viable way to provide such enablement and support is through a platform-based solution. A technology platform should provide the capabilities described earlier, across organizational boundaries, including:

Y A central database and document management system for storage of all pertinent third-party information

Y Shared rules engine, workflow engine, and audit and logging

Y Robust, comprehensive reporting and analytics capabilities

The platform should enable the seamless integration of third-party risk management with broader risk management and other legal and gRC management systems. It should also provide the ability to integrate with enterprise systems — such as transaction monitoring systems, and internal and external services — such as hotlines and regulatory and risk content providers.


Global visibility to third-party risk across the organization

ELM Solutions

27

A platform-based technology solution should provide robust reporting and analytics


Less than $15,00030%

Between $15,001 - $75,00025%

Between $75,001 - $200,00035%

Greater than $200,00110%

Joint Venture Partner 3%

Consultant 7%

Distributor 10%

Agent 20%

Supplier 60%

Banking & Finance 25%

Light Manufacturing 20%Pharmaceutical &

Healthcare 20%

Consumer Services 10%

Transportation & Storage 8%

Heavy Manufacturing 7%

Utilities 6%Other 4%

Distribution of third parties by category type

Distribution of third parties by sector

Spread of annual $ spend with third parties

ELM Solutions

28

Regular, effective communications with third parties is facilitated through an easy-to-use and secure portal that enables third parties to both submit and receive information. The portal should give third parties ready access to policy and other compliance-related training and information that apply to them. It should provide straightforward mechanisms to respond to questionnaires and submit attestations and certifications, as well as to ask compliance-related questions and raise issues.


ACCeSS + ReSPond + SubMIT + leARn + CeRTIfy + InquIRe + RePoRT

An easy-to-use, secure portal

ELM Solutions

29

every third-party relationship introduces some level of risk. In order to maximize the value and minimize the risk of these relationships, organizations must put processes in place to assess the types and degree of risk and implement appropriate measures to mitigate that risk. Risk and compliance experts have offered models to assist companies in developing third-party management programs based in best practices. even with such best practices-based processes in place, the magnitude of the effort can easily overwhelm available resources. The right technology solution can effectively support these processes and ensure a third-party risk management program that is efficient, defensible, and sustainable for the long term.

CONCLUSION

conclusion

Reducing the Risk in thiRd-PaRty

Documents

Transcript of Reducing the Risk in thiRd-PaRty