I just returned from the second annual Third Party Risk Management and Oversight Summit hosted by Financial Risk Associates and Compliance Week. It was an unusual event, which The Man From FCPA can heartily recommend to all anti-corruption practitioners when it is offered in the future. As the title indicated, the two-day event focused solely on third-party risk management. The panelists and speakers were largely drawn from companies and consisted mainly of compliance practitioners—with a sprinkling of regulators and smattering of lawyers—but even most of the legal-eagle types were in-house counsel assigned to work on or with corporate third-party risk management teams.
This allowed for a very deep dive into what companies are doing to manage third party risks both on the sales side and supply chain side. There are some very innovate ways companies are looking at this issue from the compliance angle. The key concepts seemed to be around the dynamic nature of third-party risks. A company needs to have the nimbleness and agility to respond to this dynamic nature rather than simply have a static paper program going forward.
One of the ways to provide this agility is through enlisting other corporate disciplines, with subject matter expertise in areas outside compliance to help in the third-party risk management and oversight process. A prime example is a corporate IT or InfoSec department that can consider such risk issues around third parties. These efforts can bring a level of both transparency and accountability to your third-party risk management process ,which can work to not only protect a company but also make the process more efficient internally.
Many of the corporate in-house representatives came from companies with more mature than average compliance programs. This meant that questions such as whether to audit a third party had long ago been answered, in the affirmative. This led to interesting insights around the post-contract management of third parties. I hope this event becomes an annual or even bi-annual Summit as it allowed participants to take a deep dive into an area where the surface is usually only scratched at most major compliance conferences.