Compliance Risk Assessment and 3 rd Party Due Diligence & Monitoring
|
|
- Laureen Edwards
- 8 years ago
- Views:
Transcription
1 Advisory Services May, 2011 Compliance Risk Assessment and 3 rd Party Due Diligence & Monitoring
2 Compliance Risk Strategy 3 rd Party Due Diligence 3rd Party Auditing The differing ways in which a company approaches overall compliance risk will have impact on the implementation of an effective program Third Party/Business Partner program. Compliance Risk Management Third Party Due Diligence Third Party Auditing Risk Tolerance Third Party Population When to exercise? Go to market strategy Levels of due diligence Scope? Steps before and after contracting Frequency? 6
3 Many companies are engaged in a complex web of 3 rd party relationships and face challenges in developing and implementing scalable, efficient processes to address the risks associated with such 3 rd Parties: Example risk factors: Manufacturers Joint Venture Partners Logistics / Supply Chain Resellers Distributors Contractors Value Added Resellers Lobbyists Consultants Sales Agents Regulatory Fraud risk Licensing / Contract Compliance Anti-corruption Export controls Anti-money laundering Recovery of revenues / costs Compliance with key terms Grey market / piracy Conflicts of interest Intellectual property The current regulatory environment expects, and regulators are increasingly demanding that companies know who is conducting business on their behalf and the risks associated with doing business with them. Companies use 3rd party business partners to assist them in various activities including, but not exclusive to sales, marketing, consulting and procurement. The pure number and complexity of such relationships and their role are sometimes unknown and not part of a Company s global risk assessment. A methodology designed to identify, assess, accept, and monitor relationships with 3rd party business partners is a key component of a strong compliance program. 2
4 Compliance Risk Strategy 3 rd Party Due Diligence 3rd Party Auditing The differing ways in which a company approaches overall compliance risk will have impact on the implementation of an effective program Third Party/Business Partner program. Compliance Risk Management Third Party Due Diligence Third Party Auditing Risk Tolerance Third Party Population When to exercise? Go to market strategy Levels of due diligence Scope? Steps before and after contracting Frequency? 6
5 Business partner compliance framework The following framework is designed to address the key risks related to 3 rd party relationships and sets out the potential elements of an effective, robust Business Partner Compliance program. Each activity builds on the last step to ensure an efficient risk based approach: Business Partner Data ERP systems Vendor master CRM systems Standardize or systematize using third party databases, industry specific factors, questionnaires, etc. Identify, Consolidate, and De-Duplicate Business Partners Risk Assessment Risk Analysis & Rating Business Partner Risk Classification Segmented into Low, Medium & High Risk Perform Due Diligence Approvals & Contracting / Contract amendments Reporting / Monitoring Continuous Reassessment Auditing Incident response and remediation Control environment and tone at the top Governance, executive sponsorship, compliance enforcement Training, polices and change management Technology, tools and information management 3
6 Partner approval, contracting and continuous reassessment The extent of approval required will depend on the level of risk. Final decisions can include conditions for approval that require enhanced internal controls or monitoring. Approval team reviews evaluations: Approval Level of effort High Medium Low + Head of Compliance + Central or Regional Compliance Officer Local Management Conditional Approval: Enhanced internal controls Additional monitoring Enhanced contractual terms Schedule Internal Audit Further Investigation Rejection Contracting / Contract Renewal / Amendments to T&Cs (e.g. FCPA language, payment terms) Business partner on boarding should be periodically revisited to ensure there have been no significant changes to the partner profile. This can include: annual re-certifications; updating questionnaire responses every one to three years; or revisiting due diligence procedures as appropriate. 6
7 Due diligence considerations Depending on a the results of the partner risk assessment, appropriate levels of due diligence should be conducted. The level of due diligence undertaken should be commensurate to the risk exposure: Example Low Risk Procedures Additional Medium Risk Procedures For all business partners, obtain certification from new Business Partner and/or employee requesting partner onboarding Consider conducting minimal checks of entity against an industry leading compliance database (e.g. WorldCompliance) or restricted entity listing to identify informative indicators via watch lists, sanctions lists, or PEP designation Consider comprehensive surveys (tiered based on level of risk) addressing compliance risk factors, such as ownership structure, compliance history, internal controls programs, etc. Amend standard contractual language to reflect appropriate provisions (e.g. FCPA, right to audit clause) Consider 3 rd party due diligence reports that may include analysis of: Compliance databases and regional-specific business/company/regulatory information databases; Additional High Risk Procedures English-language and relevant foreign-language media database; Litigation databases across relevant jurisdiction(s); and Commercial open source search engine for any readily-apparent adverse information. Consider enhanced 3rd party due diligence reports that, depending on the location of the entity and availability of information, may include: on-site public record searches at government offices, ministries and court houses; reputational and business information interviews with source contacts (diplomatic, commercial, intelligence, etc.); source information assessments of noteworthy relationships to political, military or government officials; and discreet inquiries with commerce officials, local embassies, etc. Consider requiring relevant training (e.g anti-bribery, compliance with Code of Conduct) prior to onboarding 5
8 Compliance Risk Strategy 3 rd Party Due Diligence 3rd Party Auditing The differing ways in which a company approaches overall compliance risk will have impact on the implementation of an effective program Third Party/Business Partner program. Compliance Risk Management Third Party Due Diligence Third Party Auditing Risk Tolerance Third Party Population When to exercise? Go to market strategy Levels of due diligence Scope? Steps before and after contracting Frequency? 6
9 Reporting and continuous monitoring After a business partner is on-boarded, the business will need to consider ongoing transactional risk. This could include procedures such as: Evaluating partner data sources (e.g. CRM, POS, ERP) and developing dashboards for monitoring key partner metrics Periodic reviews of transaction detail to ensure transactions are limited to compliant partners Monitoring training records for compliance with training requests Periodic reviews of accounting records, marketing funds / partner incentives and time & expense records Monitoring Whistleblower/helpline activity for business partner involvement Monitoring status of onboarding process activities and reviewing outstanding requests Channel Audits Investigation into unusual business practices Changes to T&Cs Prevent deals with high risk partners Escalate performance issues to Sales 7
10 Compliance audits with business partner contractual terms Companies seek to improve their competitive advantage, grow revenues, and reduce development time and costs through their relationships with 3rd parties. Periodic independent inspections of activities under these contracts can improve the value received. Companies can get more performance from these agreements and maintain their good relationships through effective and sensitive contract enforcement. Benefits of a robust licensing or contract compliance program includes: Compliance with key terms Identification of potential revenue leakage / incremental revenue Enhanced 3 rd party relationships / trust and increased communication Improved predictability of future payments / enhanced reporting controls Improvements to the drafting of future contracts Partners / Channel understands you take contractual terms seriously Flushes out contract language misinterpretations, side letters, etc. Provides better understanding of the customer base usage and compliance Analyze data Identify key contracts & terms Counterparty site inspection Validate reporting and present findings 8
11 Contacts Patricia Etzold Partner - Forensic Services New York Tel: Cell: patricia.etzold@us.pwc.com Ryan Murphy Director - Forensic Services Chicago Tel: Cell: ryan.d.murphy@us.pwc.com 14
THOMSON REUTERS ACCELUS
THOMSON REUTERS ACCELUS ACCELUS Screening Resolution Service Executive Summary Thomson Reuters Accelus offers Screening Resolution Service (SRS): an outsourced screening service for Corporates and Financial
More informationCutting-Edge Third Party Risk Management
Cutting-Edge Third Party Risk Management SCCE Utilities & Energy Compliance & Ethics Conference Flora A. Francis Compliance Counsel Flow & Process Technologies GE Oil & Gas Houston, Texas February 25,
More informationGlobal Compliance Audit
WHITE PAPER Global Compliance Audit Understanding the Critical Importance of FCPA and Export Management Compliance 333 Route 46 West Suite 200 Mountain Lakes, NJ 07046 1.866.611.7874 973.808.3366 fax 973.227.1873
More informationManaging Third Party Risks in a Global Supply Chain
Managing Third Party Risks in a Global Supply Chain The Companies You Keep William Marshall, Hong Kong Ross Denton, London Jasper Helder, Amsterdam Baker & McKenzie Amsterdam N.V. is a member firm of Baker
More informationForeign business partners under the FCPA
Foreign business partners under the FCPA by Tom Fox 1 TITLE about the writer Thomas Fox has practiced law in Houston for 25 years. He is now assisting companies with FCPA compliance, risk management and
More informationwww.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services
www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can
More informationIntroduction. Corporate Investigation & Litigation Support
Introduction Established in 2014 two companies, Carratu and MLI came together to create CarratuMLI Risk Management. In the joining of these two companies, we have created one of the UK s premier providers
More informationDeloitte Forensic. Deloitte Forensic. Capability Statement
Deloitte Forensic Deloitte Forensic Capability Statement Deloitte named a Kennedy Vanguard Leader in Forensic Investigation Consulting, based on capabilities. Source: Kennedy Consulting Research & Advisory;
More informationSimplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance
Simplify the Complexity of Managing 3rd Party Anti-Bribery / FCPA Compliance Arm Stakeholders with Critical Information to Assess 3rd Party Relationships and Comply with the Foreign Corrupt Practices Act
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationWHITE PAPER Third-Party Risk Management Lifecycle Guide
WHITE PAPER Third-Party Risk Management Lifecycle Guide Develop and maintain compliant third-party relationships by following these foundational components of a best-practice assessment program. Third
More informationForeign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations
Foreign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations Clarity in a complex world www.mintzgroup.com How We Work: Because the reputations of companies and individuals
More informationContract and Procurement Fraud. Vendor Management
Contract and Procurement Fraud Vendor Management Introduction Organizations must take steps to reduce vendor fraud, including: Conducting vendor due diligence Managing vendor risks via contracts Ensuring
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationDOUBLECHECK VENDOR MANAGEMENT
August 2014 DOUBLECHECK VENDOR MANAGEMENT Managing Risk & Compliance Across 3rd Party Relationships SOLUTION VIEWPOINT Governance, Risk Management & Compliance Insight 2014 GRC 20/20 Research, LLC. All
More informationFifth annual survey. Look before you leap Navigating risks in emerging markets
Fifth annual survey Look before you leap Navigating risks in emerging markets Table of contents 1 Executive summary 3 Significant concerns over compliance and integrity-related risks 4 Bribery leads the
More informationBusiness Intelligence Services Identifying what s beneath the surface
Business Intelligence Services Identifying what s beneath the surface For private circulation only www.deloitte.com/in Contents Introduction 03 How can we help? 04 The Deloitte Difference 07 Contacts 08
More informationFEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS. Purpose
FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB 2014-07 OVERSIGHT OF SINGLE-FAMILY SELLER/SERVICER RELATIONSHIPS Purpose This advisory bulletin communicates the Federal Housing Finance Agency s (FHFA)
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationAnti-money laundering and countering the financing of terrorism the Reserve Bank s supervisory approach
Anti-money laundering and countering the financing of terrorism the Reserve Bank s supervisory approach Hamish Armstrong In September 2010, a Bulletin article set out the Reserve Bank of New Zealand s
More information{>> Foreign Corrupt Practices Act //]
{>> Foreign Corrupt Practices Act //] FCPA Defintion FCPA Definition FOREIGN CORRUPT PRACTICES ACT - The risk of doing business abroad has just increased dramatically as non compliance with the Foreign
More informationBDO NORDIC. Investigation, fraud prevention and computer forensics. You can guess. You can assume. Or you can know. And knowing is always better.
BDO NORDIC Investigation, fraud prevention and computer forensics You can guess. You can assume. Or you can know. And knowing is always better. CONTENT OUR SERVICES 3 Investigation - Identifying the facts
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationRisk Based Approach putting it into practice
Risk Based Approach putting it into practice Collin Lobo Regional Head of Financial Crime Risk Middle East, Pakistan and Africa Disclaimer This presentation / document has been prepared to assist improve
More informationWolfsberg Anti-Money Laundering Principles for Correspondent Banking
Wolfsberg Anti-Money Laundering Principles for Correspondent Banking 1 Preamble The Wolfsberg Group of International Financial Institutions 1 has agreed that these Principles constitute global guidance
More informationOMNI TECHNICAL SOLUTIONS. Business Ethics, Compliance, Anti-Corruption and Anti-Money Laundering Policy
OMNI TECHNICAL SOLUTIONS Business Ethics, Compliance, Anti-Corruption and Anti-Money Laundering Policy Updated: September 2015 Table of Contents 1. Introduction... 2 2. Business Ethics... 3 2.1 Compliance...
More informationGuidance for Industry: Starting Material Supplier Management
Guidance for Industry: Starting Material Supplier Management Version 1.0 Drug Office Department of Health. Contents 1. Introduction... 3 2. Purpose of this document... 3 3. Scope... 3 4. Selecting and
More informationFINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER
FINANCIAL INSTITUTIONS: MANAGING OPERATIONAL RISK WITH RSA ARCHER As a board-level discussion topic at all financial institutions (FI) today, operational risk is real and public disclosure of significant
More informationFCPA COMPLIANCE: THE BENEFITS OF AUTOMATING THIRD-PARTY DUE DILIGENCE
MED 2 Brand Profile Integrated M Event Offerin Editorial Cale Media Specs FCPA COMPLIANCE: THE BENEFITS OF AUTOMATING THIRD-PARTY DUE DILIGENCE EXECUTIVE SUMMARY In today s global business climate, organizations
More informationCompliance. Group Standard
Group Standard Compliance Serco is committed to good governance practices and the management of risks supported by a robust business compliance process SMS-GS-G2 Compliance July 2014 v1.0 Serco Public
More informationManaging bribery and corruption risk in commercial insurance broking
Financial Conduct Authority Thematic Review TR14/17 Managing bribery and corruption risk in commercial insurance broking Update November 2014 Managing bribery and corruption risk in commercial insurance
More informationAegon Global Compliance
Aegon Global Compliance GLOBAL Charter COMPLIANCE CHARTER aegon.com The Hague, June 1, 2013 Information sheet Target audience: All employees and management of Aegon companies Issued by: Aegon N.V. Group
More informationProcurement Capability Standards
IPAA PROFESSIONAL CAPABILITIES PROJECT Procurement Capability Standards Definition Professional Role Procurement is the process of acquiring goods and/or services. It can include: identifying a procurement
More informationKNOW YOUR THIRD PARTY
Thomson Reuters KNOW YOUR THIRD PARTY EXECUTIVE SUMMARY The drive to improve profitability and streamline operations motivates many organizations to collaborate with other businesses, increase outsourcing
More informationHow to Develop Successful Enterprise Risk and Vendor Management Programs
Project Management Institute New York City Chapter January 2014 Chapter Meeting How to Develop Successful Enterprise Risk and Vendor Management Programs Christina S. Kite Senior Vice President Corporate
More informationTHE PULSE: LIFE SCIENCES WEBINAR HOW COMPLIANT IS YOUR BUSINESS? A PROACTIVE APPROACH TO REGULATORY COMPLIANCE
THE PULSE: LIFE SCIENCES WEBINAR HOW COMPLIANT IS YOUR BUSINESS? A PROACTIVE APPROACH TO REGULATORY COMPLIANCE Dr. Simone Mitchell & Sammy Fang Tuesday 4 August 2015 Introductions and outline 1. The need
More informationCONTRACT MANAGEMENT FRAMEWORK
CONTRACT MANAGEMENT FRAMEWORK August 2010 Page 1 of 20 Table of contents 1 Introduction to the CMF... 3 1.1 Purpose and scope of the CMF... 3 1.2 Importance of contract management... 4 1.3 Managing contracts...
More informationDirect Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference
Direct Line Insurance Group plc (the Company ) Board Risk Committee (the Committee ) Terms of Reference Chair An Independent Non-Executive Director In the absence of the Committee Chairman and an appointed
More informationO C T O B E R 2 0 0 9
Cor r espondent Account KYC Toolkit A GUIDE TO COMMON DO CUMENTATION REQUIREMENT S O C T O B E R 2 0 0 9 Table of Contents Introduction 3 Project 4 Findings 5 Due Diligence for Correspondent Accounts 6
More informationLeading practices in effective channel management. kpmg.com
Leading practices in effective channel management kpmg.com b Leading Practices in Effective Channel Management Executive summary For IT vendors (vendors), sales and marketing programs are generally the
More informationANTI BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY
ANTI BRIBERY AND FOREIGN CORRUPT PRACTICES ACT COMPLIANCE POLICY THIS POLICY DOES NOT CREATE A CONTRACT OF EMPLOYMENT OR ALTER THE AT WILL NATURE OF ANY EMPLOYEE S EMPLOYMENT IN ANY WAY. 1. Statement of
More informationDRAFT. Anti-Bribery and Anti-Corruption Policy. Introduction. Scope. 1. Definitions
DRAFT Change History: Anti-Bribery and Anti-Corruption Policy Control Risks Group Ltd Commercial in confidence Introduction This document defines Control Risks policy on the avoidance of bribery and corruption.
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationHSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE
HSBC FINANCE CORPORATION CHARTER OF THE RISK COMMITTEE I. Committee Purpose The Risk Committee is appointed by the Board of Directors of HSBC Finance Corporation (the Corporation ) and is responsible,
More informationPrivacy and Outsourcing
Privacy and Outsourcing Doron Rotman, National Privacy Service Leader August 2007 ADVISORY You can outsource liability you can t outsource responsibility and accountability! 1 1 Introduction Sourcing defined
More informationMANAGING FCPA AUDITS ON A GLOBAL SCALE
MANAGING FCPA AUDITS ON A GLOBAL SCALE Jennifer Ellison, Senior Legal Compliance Manager Baker Hughes Marianne Ibrahim, Senior Counsel, Audits and Investigations Baker Hughes @CW_2015 DISCUSSION TOPICS
More informationASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES
ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES THIS POLICY SETS OUT THE REQUIREMENTS FOR SAFEGUARDING COMPANY ASSETS AND RESOURCES TO PROTECT PATIENTS, STAFF, PRODUCTS, PROPERTY AND
More informationTECHNOLOGY ERRORS AND OMISSIONS LIABILITY PROTECTION APPLICATION. General Information
TECHNOLOGY ERRORS AND OMISSIONS LIABILITY PROTECTION APPLICATION Please attach copies of your standard contracts and agreements, most current audited or annual financial statements, loss runs for the past
More informationGUIDANCE NOTE ON OUTSOURCING
GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3
More informationGE Capital Commercial Distribution Finance. Sam Yourd May 7, 2013
Commercial Distribution Finance Sam Yourd May 7, 2013 GE Overview GE: Overview We ve been at work building, powering, moving and curing the world for a long time. Building Powering Moving Curing employees
More informationMorgan Stanley. Policy for the Management of Third Party Residential Mortgage Servicing Providers
Morgan Stanley Policy for the Management of Third Party Residential Mortgage Servicing Providers Title Policy for the Management of Third Party Residential Mortgage Servicing Providers Effective Date Owner
More informationClient Update SEC Releases Updated Cybersecurity Examination Guidelines
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt
More informationFCPA / Anti-Corruption Due Diligence What You Don't Know Can Hurt You
www.pwc.com FCPA / Anti-Corruption Due Diligence What You Don't Know Can Hurt You Agenda 1. Quick primer on FCPA 2. Current trends in Anti-Corruption due diligence 3. The need for Anti-Corruption due diligence
More informationVendor risk management leading practices Glenn Siriano KPMG LLP DRAFT
Vendor risk management leading practices Glenn Siriano KPMG LLP KPMG International is a Swiss cooperative that serves as a coordinating entity for a network of independent member firms. KPMG International
More informationLANTHEUS HOLDINGS, INC. Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy
LANTHEUS HOLDINGS, INC. Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy 1. Introduction. Applicability. This Foreign Corrupt Practices Act and Anti-Bribery Compliance Policy (this Policy
More informationHow To Know If You Can Get A Job At A Company
What Maritime Lawyers Need to Know about the Foreign Corrupt Practices Act (FCPA) and other anti-corruption laws? Presented by Evelyn M. Suarez & Jim Barratt 2015 Port Administration & Legal Issues Seminar
More informationVendor Risk Management in the New Regulatory Environment. kpmg.com
Vendor Risk Management in the New Regulatory Environment kpmg.com Vendor Risk Management in the New Regulatory Environment 2 Vendor Risk Management in the New Regulatory Environment Background Regulators
More informationFRANCHISORS AND FRANCHISEES: UNDERSTANDING COMPLIANCE RISKS
FRANCHISORS AND FRANCHISEES: UNDERSTANDING COMPLIANCE RISKS Franchisors and Franchisees: Understanding Compliance Risks What do KFC, Liberty Tax Service, Fatburger, and Orkin have in common? In addition
More informationHow small banks manage money laundering and sanctions risk
Financial Conduct Authority Thematic Review TR14/16 How small banks manage money laundering and sanctions risk Update November 2014 How small banks manage money laundering and sanctions risk update TR14/16
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationSHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS
SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014
More informationRISK AND COMPLIANCE COMMITTEE CHARTER
1. GENERAL SCOPE AND AUTHORITY 1.1 Introduction This charter governs the operations of the Risk & Compliance Committee of Redflex Holdings Limited (RHL or Company). 1.2 Purpose The Risk & Compliance Committee
More informationEnhanced Customer Due Diligence ADVISORY / FINANCIAL SERVICES
Enhanced Customer Due Diligence ADVISORY / FINANCIAL SERVICES Prof. Dr. Peter A.M. Diekman RA Aruba, 16 November 2010 Content Banking requirements Correspondent banking Monitoring and Filtering 1 Banking
More informationOperations. Group Standard. Business Operations process forms the core of all our business activities
Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations
More informationCorporate Governance. Document Request List Funds
Document Request List Funds Please provide documents noted below, as applicable, in English. For new funds or existing funds where requested documents are currently being developed, please provide draft
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationPROTIVITI FLASH REPORT
PROTIVITI FLASH REPORT Even Retailers and Consumer Products Manufacturers Must Manage Compliance with the U.S. Foreign Corrupt Practices Act and Other Anti-Bribery Laws May 3, 2012 Recent reports of alleged
More informationManaging General Agents (MGAs) Guideline
Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission
More informationBUSINESS PRINCIPLES FOR COUNTERING BRIBERY A MULTI-STAKEHOLDER INITIATIVE LED BY TRANSPARENCY INTERNATIONAL
BUSINESS PRINCIPLES FOR COUNTERING BRIBERY A MULTI-STAKEHOLDER INITIATIVE LED BY TRANSPARENCY INTERNATIONAL Transparency International is the global civil society organisation leading the fight against
More informationExecutive Summary. Guidelines on Merchant and ISO Underwriting and Risk Monitoring MARCH 2014 COUNSEL DEVELOPED BY
TM MARCH 2014 Guidelines on Merchant and ISO Underwriting and Risk Monitoring Executive Summary DEVELOPED BY www.deanarich.com COUNSEL Venable LLP Jeffrey D. Knowles Ellen Traupman Berge Leonard L. Gordon
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationSample Data Security Policies
This document provides three example data security policies that cover key areas of concern. They should not be considered an exhaustive list but rather each organization should identify any additional
More informationShare with a colleague. 27 June 2012 London. Contact. Graham More Partner +44 20 7466 2002. Susannah Cogman Partner +44 20 7466 2580
Page 1 of 5 Transparency International issues Anti-Bribery guidance on due diligence for Transactions Transparency International ("TI") has issued guidance for anti-bribery due diligence in mergers, acquisitions
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationICC Guidelines on Agents, Intermediaries and Other Third Parties
Policy statement Prepared by the ICC Commission on Corporate Responsibility and Anti-corruption ICC Guidelines on Agents, Intermediaries and Other Third Parties Summary These ICC Guidelines on Agents,
More informationBoard of Directors Meeting 12/04/2010. Operational Risk Management Charter
Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4
More informationGuidance to Licenceholders and Potential Licenceholders regarding Internet/E-business Developments. Appendix H
Guidance to Licenceholders and Potential Licenceholders regarding Internet/E-business Developments Page 1 of 10 Page 2 of 10 1. INTRODUCTION 1.1 Background to these Guidance Notes The Isle of Man Financial
More information3 rd Party Vendor Risk Management
3 rd Party Vendor Risk Management Session 402 Tuesday, June 9, 2015 (11 to 12pm) Session Objectives The need for enhanced reporting on vendor risk management Current outsourcing environment Key risks faced
More informationFCPA 10 Hallmarks Self- Assessment
FCPA 10 Hallmarks Self- Assessment How exposed is your business to corruption risk? Take this assessment to find out if your systems are sufficiently robust to protect your business October 2014 Prepared
More informationIT audit updates. Current hot topics and key considerations. IT risk assessment leading practices
IT audit updates Current hot topics and key considerations Contents IT risk assessment leading practices IT risks to consider in your audit plan IT SOX considerations and risks COSO 2013 and IT considerations
More informationCRM for Real Estate Part 1: Why CRM?
CRM for Real Estate Anne Taylor Contents Introduction... 1 Typical Challenges for Real Estate... 2 How CRM can Help... 3 Conclusion... 6 Introduction Some Real Estate organizations are still asking why
More informationGlobal EY FIDS Forensic Data Analytics Survey 2014
Global EY FIDS Forensic Data Analytics Survey 2014 Big risks require big data thinking The Eighth International Pharmaceutical Compliance Congress Dubai, United Arab Emirates Vincent Walden Partner, EY
More informationCUSTOMER DUE DILIGENCE FORM FOR SERVICE PROVIDERS & SUPPLIERS PROFILE 1. NAME OF ORGANIZATION: 2. CUSTOMER LEGAL NAME: COUNTRY OF INCORPORATION: 3.
CUSTOMER DUE DILIGENCE FORM FOR SERVICE PROVIDERS 1. NAME OF ORGANIZATION: & SUPPLIERS PROFILE 2. CUSTOMER LEGAL NAME: 3. COUNTRY OF INCORPORATION: 3.1 DATE OF INCORPORATION AND REGISTRATION NO.: 4. COUNTRIES
More informationCS 101 November 15, 2010
CS 101 November 15, 2010 Introductions David Kahan, 04 David.Kahan@ey.com Manager, IT Advisory Seha Islam, 08 & 09 Seha.Islam@ey.com Staff, IT Advisory 1 Facts about Ernst & Young $24.5 billion in revenue
More informationIDENTITY MONITORING: KEEPING A FINGER ON THE PULSE OF CLIENT IDENTITY CHANGES
IDENTITY MONITORING: KEEPING A FINGER ON THE PULSE OF CLIENT IDENTITY CHANGES By Neil Jeans The views and opinions expressed in this paper are those of the authors and do not necessarily reflect the official
More informationCompliance and Ethics at the Federal Reserve Bank of New York
Compliance and Ethics at the Federal Reserve Bank of New York Operational Risk and Internal Audit Course Marina Adams, Compliance Officer and AVP David K. Clune, Compliance and Ethics Officer Kevin White,
More informationHow To Be A Compliant Customs Organization
Managing Cross Border Regulations Global Customs GM is one of the world s largest manufacturers of passenger motors vehicles GM maintains a family of global brands including: Buick, Cadillac, Chevrolet,
More informationSPG 223 Fraud Risk Management. June 2015
SPG 223 Fraud Risk Management June 2015 Disclaimer and copyright This prudential practice guide is not legal advice and users are encouraged to obtain professional advice about the application of any legislation
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationFraud and the Government Internal Auditor
Fraud and the Government Internal Auditor January 2012 Fraud and the Government Internal Auditor January 2012 Official versions of this document are printed on 100% recycled paper. When you have finished
More informationSoftware as a Service: Guiding Principles
Software as a Service: Guiding Principles As the Office of Information Technology (OIT) works in partnership with colleges and business units across the University, its common goals are to: substantially
More informationChannel-Distribution Challenges
Drive Revenues and Maximize Marketing Efforts with Product Lifecycle Management Channel-Distribution Challenges Channel-distribution organizations face many challenges in today s marketplace. Eroding margins
More informationThe rise of third party relationships means rise in risk and regulation. Non-compliance is risky business for financial institutions
The rise of third party relationships means rise in risk and regulation Non-compliance is risky business for financial institutions Increasing dependency on third parties by banks has resulted in mandatory
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationPrivacy Governance and Compliance Framework Accountability
Privacy Governance and Framework Accountability Agenda Global Data Protection and Privacy (DPP) Organization Structure Privacy The 3 Lines of Defense (LOD) Model: Overview Privacy The 3 Lines of Defense
More informationOFAC Compliance Overview and Recent Trends
OFAC Compliance Overview and Recent Trends Frederick E. Curry III Deloitte Transactions and Business Analytics LLP December 2015 Institute of International Bankers & Conference of State Bank Supervisors
More informationFor Private circulation only www.deloitte.com/in. Creative. Clear. Focused. Forensic Services
For Private circulation only www.deloitte.com/in Creative. Clear. Focused. Forensic Services Do you conduct background checks on employees and vendors? Do you educate employees about the importance of
More information