THE 'APPLE' of GRC
"The Network has delivered a platform that is fresh, beautiful, and simply elegant for the user, adding interface assets that work to engage employees, while providing administrators and executives with the tools needed to truly manage compliance in a proactive fashion."
– Michael Rasmussen, GRC Analyst
Third Party Risk
It is no longer enough to ensure a commitment to ethics and compliance within your own company. The new global expectation is that you know who your third parties are, have vetted them, and are consistently monitoring for misconduct and remediating incidents that occur.
Third party ethics and compliance reaches across multiple areas, including:
- Anti-Corruption (FCPA, UK Anti-bribery Act) – The commitment of third parties to conduct business in a fair and ethical manner, avoiding corruption.
- Code of Conduct & Ethics – The commitment of third parties to ethical and lawful business practices and awareness of the compliance program.
- Privacy (HIPAA, HITECH, FTC) – The ability of third parties to maintain the privacy of customer records and to implement an appropriate information security and disclosure program.
- Import & Export (OFAC) - The commitment of third parties to conduct business in a fair and ethical manner, avoiding fraud, abuse, or deceptive tactics.
To be defensible and withstand scrutiny, your organization must have a thorough and consistently enforced global third party risk program in place. We’ve developed a world class program, which is configurable to meet your company’s specific needs and includes:
- Policy Management: Distribute company policies to third parties and track their attestations. We include best practices policy templates for several topics, including Third Party Risk.
- Compliance Management: Create third party risk assessments and consistently monitor your third party relationships for misconduct.
- Incident Management: Investigate instances of policy violations or misconduct by your third parties.
- Third Party Code of Conduct: Establish the guidelines of acceptable behavior for third parties and inform them how to report misconduct.
ABOUT THIRD PARTY RISKS
"Organizations are complex entities that extend to hundreds or thousands of business relationships around the world. Organizations must actively manage and monitor risk and compliance across the life-cycle of a business relationship." – Michael Rasmussen, GRC 20/20
THE DOJ'S FCPA GUIDANCE REGARDING THIRD PARTIES
1. Companies should understand the qualifications and associations of its third-party partners, including its business reputation, and relationship, if any, with foreign officials.
2. Companies should have an understanding of the business rationale for including the third party in the transaction.
3. Companies should undertake some form of ongoing monitoring of third-party relationships.
4. Companies should inform third parties of the company’s compliance program and commitment to ethical and lawful business practices.