Better Risk Management Starts with Better Data Management
For compliance teams, establishing proper data management initiatives may not be high on the priority list, but they’re becoming more and more relevant to third-party due diligence programs. There are a variety of reasons for this, but two of the primary ones are: 1) the burgeoning volume and velocity of new business data being generated globally, and 2) intensifying compliance requirements by regulators seeking to protect the market, consumers, and businesses from misconduct and corruption.
In today’s global economy, we can confidently expect that compliance and fraud risk exposure will also continue to trend upward, fueled by the consistent progression of digital technology and the demand for faster, more agile financial transactions. In a recent risk management survey conducted by a leading global research and advisory firm, fully 89% of respondents said that they believed their organization’s level of risk had remained steady or increased in the past 12 months.1
Government regulatory bodies institute policies to help protect individuals and businesses from the effects of fraud and corruption. Failure to comply results in painful penalties, as well as reputational damage, which was named as the top concern of respondents to the risk management survey as a consequence of ineffective risk management.2 This tells us that there is much to do around data and third-party due diligence.
How Better Data Management Improves KYTP Programs
The due diligence process as it applies to suppliers and other third parties is used to detect and prevent events like money laundering, terrorism financing, financial fraud, and other improper activity. A reliable and effective data framework is the backbone of the effort to know your third parties (often abbreviated to KYTP).
We must ensure a thorough understanding of the data and its sources so that this backbone can properly support the entire process, from screening and onboarding to relationship management and onward through the life cycle of the business relationship. With this, you can avoid or minimize spending valuable time and resources collecting, fixing, and finding data you may or may not possess. Here are two key areas where an effective KYTP program would depend on proper data management:
Process efficiency. Failure to understand your data creation, curation and access processes can increase cost unknowingly. Are you providing needed third-party data to your decision makers, or do they spend a great amount of time searching for and correcting it? Are there standardized and required fields for population at the entry point of data? How do you augment or enrich missing or potentially old data? Take these guiding questions and know that any unnecessary delay due to poor data management can impact both compliance and the bottom line.
Due diligence accuracy. Are you able to trust the current third-party data available to you? Are you accepting self-reported data? How do you validate data provided by suppliers and third parties? Adding trusted third-party referential file resources can help bolster confidence that your due diligence process is working correctly. Proper attention to this aspect of data management can help you increase data accuracy during data collection and analysis.
Ways to Jump Start Compliance Data Management Initiatives
Here are some introductory suggestions for compliance teams without much experience advocating for better governance of the third-party risk data they need to work with:
Implement a “search before create” process. Unnecessarily duplicating data you already have can negatively impact your decisions as well as their timeliness. Additionally, receiving incorrect data at the creation point can either slow your decisioning process down or render the ultimate outcome invalid. Techniques such as comparing your input to your database and then to third-party referential data can be used in both these cases. Look for a technology solution designed to streamline data management, matching and validating by comparing your data with an external source of global, trusted reference data. This approach helps your KYTP processes empower you to make better decisions, act quickly and drive better due diligence results.
Centralize data. This tactic — often referred to as having a “single source of truth” — is very much aligned to the goals of finance and risk focused organizations. Bringing all data within your organization in a single location provides straightforward access to data concerning your third parties and increases confidence in data analysis and due diligence. In the risk management survey cited earlier, over a third of respondents — 37% — said that lack of cleanliness and standardization of risk data was a top challenge to risk management in their companies.3
Bring in third-party data. Performing due diligence exclusively with internally-sourced data can give you an incomplete picture of your third parties. Essentially, you don’t know what you don’t know. Using external referential data, including firmographic, operational, and financial data, helps fill in important details, such as:
This concept is explored in more detail in the article “The Truth About a Single Source of Truth for Data.”
Credit scores — Particularly with vendors or suppliers, where a potential financial relationship is involved, credit scores can be a good indicator of risk. Consider an external data solution that monitors the business credit files of those you do business with.
Corporate linkages and networks — An integral part of knowing your third party is knowing the larger outfit or organization that owns it. In our world of global conglomerates, active divestitures and M&As, it would benefit your due diligence process to be able to see a more complete third-party “family tree” to inform entity verification and joint or minority ownership visibility.
Beneficial ownership — In some cases, potential third-party risk or involvement by “bad actors” may not be visible with surface-level data. Ultimate beneficial ownership (UBO) data helps connect the dots between individuals and complex business structures to help you see who might really be benefiting from your business relationship, and whether that might spell trouble for your business.
In the current business environment — whether or not you want to call it “post-pandemic” — remote and digital transactions have become much more common as compared to in-person traditional methods. This includes greater use of remote strategies for monitoring third-party relationships and for identifying risks in supply chains and other business networks.
This translates to a greater-than-ever reliance on properly managed data to enable due diligence programs to work as they should — to make screening more efficient and accurate, to make risk management more comprehensive, and to help compliance become better known as a business value creator rather than a cost center.
Learn more about how we help compliance teams streamline their processes and manage risk more efficiently.
1 “Change the Culture of Risk Management to Increase Business Resilience” (a commissioned study conducted by Forrester Consulting on behalf of Dun & Bradstreet), August 2022.
Methodology: Forrester conducted an online survey of 423 risk management decision-makers at organizations in the United States, Canada, and United Kingdom between June and August 2022. Survey participants included decision-makers in finance; supply chain/procurement; and governance, risk, and compliance roles.