Catelas Risk Oversight helped our client manage their 3rd parties by automatically identifying who to train and uncovering those unknown, at-risk individuals.

Background

When our client needed to acquire or partner with 3rd parties to meet business needs, they opened themselves up to liabilities. Many of these 3rd parties did not fully appreciate the cost of violating the FCPA or local anti-bribery legislation. Our client, a public company, with operations in 30 countries, was concerned that, despite broad on-line training, many internal employees & contractors, along with 3rd party personnel, just did not ‘get’ the importance of following policy. Additionally, Compliance felt very remote from local operations and was unfamiliar with the people who actually represented them on the ground.

Our client wanted to identify the key internal & external individuals responsible for all their 3rd parties in each region; additionally they wanted to make sure they provided extra, more focused training, to these key people and for high risk partners, they wanted to add these people to their 1st level due diligence. Their problem, was how to identify who matters, when you are so remote from the business in these regions and when ERP & CRM data is sparse and often in error.

Action

Our client deployed the Catelas Compliance Control & Risk Oversight solution to enrich the on-boarding process by identifying the key people representing each 3rd Party. Their previous on-boarding process focused mainly on the senior level executives – names, provided by the 3rd party themselves, of people quite disconnected from our client’s business – and failed to identify potential areas of risk among all the employees. Knowing who mattered, meant our client now knew who to train and how to focus that training; and in high risk cases, who to conduct list checks on.

Value

Our client was able to identify and remediate risk prior to on-boarding a third party. The initial on-boarding report was comprehensive, reducing the need for outsourcing due diligence and allowing more work to be conducted in-house.

Additionally, Catelas automatically listed the internal & external individuals who mattered across their existing 3rd party network and allowed our client to provide focused training to these individuals. Automatically knowing who to train and their roles, without relying on a dated CRM system increased the robustness of our client’s 3rd party Compliance program, without requiring any additional effort.

Additionally, the Catelas solution is ‘self-healing’. As employees come and go, both at our client and at the 3rd party, Catelas automatically tracked this and identified the new ‘key people’ who needed training. Catelas then emailed the third party who subsequently scheduled the training.