We spoke with Sylwia Wolos, Head of Enhanced Due Diligence Proposition, to understand third party risk requirements for financial institutions.
Risks are ever-changing and emerging in this fast-moving, modern world. Regulators are constantly raising the bar and a volatile geopolitical landscape is causing new risks to emerge, as businesses grow and expand their customers, products and explore new operating territories.
Compliance programs need to be adjustable to quickly identify and respond efficiently to new risks, and flag when enhanced due diligence (EDD) is required for both customer due diligence processes as well as third party risk.
In her interview, Sylwia Wolos explains that in the financial sector, customer due diligence and third party due diligence screening processes overlap.
While subjects within the due diligence process differ; the search tools, the access to sources, the knowledge expertise of languages or industries are the same.
Wolos believes that the key to success is the right technology.
Ahead of the game
Financial institutions with a wealth of experience in ‘know your customer‘ processes are often in a much better position compared with non-financial companies that work on improving the transparency of the supply chain. This is because of the experiences and knowledge that they can translate from their anti-money laundering policies to anti-bribery corruption policy or other regulatory compliance practice.
A solution with multiple benefits
There are various reasons to update a third party compliance program with the newest solutions:
- A process needs to be agile and adaptable to respond to changing risks and regulations.
- Productivity; as it’s quicker to onboard agents and suppliers using software management tools.
- Avoiding duplicating work by aligning across divisions (AML and ABC overlapping process parts).
- An increase in accuracy of assessment and content collection through available technology and research tools.
- More robust and more secure tools in the EDD landscape to comply with strict data processing rules.
Leading by example
A great example of successful automation of a third party risk compliance program, through our content and our partner’s software solution, was given in a webinar discussion in December 2017.
During our webinar, Elisa Rampinini, Compliance Manager from Pentair, said: “Our new compliance program onboarded 90 percent of new third parties within a day from submission.”
Sylwia Wolos summarized: “I think it will be very difficult to comply with the new GDPR (General Data Protection Regulation) requirements around personal data processing rules without the right technology and automation in place.
“I realize that reviewing the existing process is a costly exercise, but I have no doubt the potential gain will justify it.”