Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Catelas 360 Relationship Compliance
Rapid Event ResponseInvestigations
Training Gap AnalysisPEP lists
Periodic AuditsRisk Assessments
Fully Automated, Real-Time Visualization of your entire 3rd party Operations
On-boarding& Due Diligence
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Session I
How much risk are you on-boarding with each new partner or acquisition?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Session I: Agenda
Panel Introductions Thomas Fox, Principal, tomfoxlaw.com
Martha Durcan, Chief Compliance Officer, Parametric Technology CorporationFCPA & UK Bribery Act
Eddie Cogan, Founder & CEO, Catelas, Inc.
Panel Debate & Discussion What risks exist, when you do business overseas?
What risks should you worry about with each new agent/partner/acquisition?
How to you better understand your risk and measure your risk exposure?
If a partner is high risk what options do you have?
Can technology help? What tech is available today?
How do you ensure you are prepared should you meet the DOJ / SEC?
Questions Email them to me at [email protected]
Or simply use the chat facility on the webinar.
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
2012 Enforcement ActionsKey Take-Aways
• Morgan Stanley-compliance programs do receive credit
• Pfizer – New “enhanced” compliance requirements and due diligence in the merger and acquisition context
• Tyco-Non-Prosecution Agreement for repeat Offender
• Opinion Release 12-01-how does your due diligence affect your use of agents?
October 31, 2012
Martha DurcanChief Compliance Officer
6
• Compliance assessment conducted by third party
• Charter of PTC’s Board of Directors Governance Committee
expanded to include compliance monitoring
• Dedicated Compliance Group established– Chief Compliance Officer appointed
• A key focus area is Anti-Corruption– New partner on-boarding process implemented
– Catelas compliance software purchased to automatically inventory 3rd party
relationships, uncover relationship history and to conduct internal investigations
Focus on Ethics and Compliance
7
• Partner Identification and Business Justification– There must be a business justification for each partner that has been approved by the
appropriate manager prior to initiating automated partner due diligence
• Partner Assessment – Due Diligence– Partner due diligence process is automated
• Partner Engagement
– Each partner signs a contract with PTC containing enhanced anti-bribery provisions
– PTC’s Anti-bribery Policy is delivered to each partner with the contract signed by PTC
• Partner Training
– Anti-bribery training will be provided to each partner
– The type of training received will be partner-specific based on perceived risk
• On-Going Monitoring
– Re-assessment at contract renewal and sooner based on deal and region-specific factors
Enhanced Partner Assessment Process
There are five key elements of our partner assessment process.
PTC CONFIDENTIAL
8
Challenges
• Partner Review in Emerging Geographies
– Overcoming challenges presented by different cultures, language, time zones
• Distinguishing the true risk profile of a partner
– Evaluating the Inherent risks (industry, country) versus partner specific risks
(type of partner, target customers of partner)
• Due Diligence on Partners with High Risk Scores
– Determining when and how much due diligence is adequate
Benefits
• Increased visibility (not just transparency) into partner relationships
• Broader awareness of compliance risks internally and externally
• Centralized system of record
Partner On-Boarding: Key Challenges and Benefits
9
• Red Flags– Do they differ by region?
– Examples of red flags that have lead to rejection of high risk partners
– Commonly missed items?
• Partner Training– Is on-line training effective?
• Partner Audits– Are they being done?
– How frequently?
– Process tips?
• Driving Behavioral Change Throughout the Organization– Effective tools
Discussion Questions
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Compliance Burden
Compliance must clearly communicate, demonstrate and display the effectiveness of Compliance Programs that combat these risks:
Anti-Trust , anti-competitive business practices and Cartel
FCPA & UK Bribery Act
Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties)
Partner On-boarding and Due Diligence
Code of Conduct, Sales and Marketing Policy
Supply Chain risk: vendor kick back, conflicts of interest
Data Theft, Intellectual Property and Privacy
Information Barriers and Employees with access to sensitive data
New and Departing Employees
"Demonstrating Compliance Effectiveness is Critical: [Regulators] want proof that the programs are actually working."
- Steve McGraw, from Compliance & Ethics Professional Magazine
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Catelas360 – End to End Coverage
Published Lists(From World Compliance etc.) Global Sanction List Global PEP List Global Enforcement List Global Adverse Media List Global Foreign Official List
Employee / Contractor Attributes(From Contact / HR database e.g. PeopleSoft) Role: sales, finance, logistics Responsibility: VP, Dir, Mgr Location: Beijing, China Contact details: email, telephone
Company Attributes(From CRM e.g. Siebel) Company types: customer, partner, distributer, agent
Compliance Database Risk Scores Employee training certification Partner certification & agreements
HR CRM ComplianceFinanceLists
Financial Data(From Finance database) Total value of partner business Lists of transaction with partner
On-boarding PEP Lists
Policy Enforcement
Risk Alerts Risk Assessments
On-going Audit & due diligence
Internal Investigations
Identification Priority Review
Early Case Intelligence
Compliance Audit Legal
Email Log Files
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
3rd Party Transparency & Control
Partners grouped by Region & Relationship Strength
View Relationship History: What is being said? What work are they doing?
Who is key? In your company ? At the partner?
Every partner, globally, automatically ranked
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Policy Enforcement & Monitoring
Policies focusing on specific risks
Rules focusing on specific behaviors
Advanced Analytics on identified risk
Risk broken down by time periods of interest
Results captured for Review with severity level
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Litigation InvestigationsInternal Investigations
WITHOUT COLLECTING EMAILS Quickly identify the most relevant custodians based on their relationships
Only collect what's relevant. The key relationships lead us to the most relevantkeyword-based documents
Deliverables: Impact Report within a single day
Identification: Identify key players before collection
Intelligent Collection: of communications between key people
Priority Review of most relevant (< 1%) data within 1st day
Uncover ‘hot docs ’ for senior review within 1st day
Providing counsel with key strategic information about a matter, earlier enabling conflict resolution, better negotiations etc..
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Topic 1
The on-boarding process―What are the risks?―Where should you focus?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Poll Question 1 – with Results
How mature is your Compliance program?<pick one answer>
1. We have policy and procedures. Employees sign up to these
2. We have a repeatable on-boarding process3. We monitor for risk with annual audits & interviews4. We monitor continuously - are looking to change
behavior
Answer 1
Answer 2
Answer 3
Answer 4
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Topic 2
The on-boarding process―How do you uncover risks?―How do you measure these risks―What do you do about this risk?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Poll Question 2 – with Results
Do you see technology as an essential component of the Compliance function?
<pick multiple answers>1. No. We believe our on-boarding process is sufficient2. Yes for Financial Transaction Monitoring3. Yes for automating and documenting the on-boarding process4. Yes for understanding people, relationships and history5. Yes - all the above are important
Answer 1
Answer 2
Answer 3
Answer 4
Answer 5
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Topic 3
The on-boarding process―How do you prevent risk in the fist
place?―Should you monitor for ‘bad
actors’?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Topic 4
The on-boarding process―How important is documentation?―What kind of audit trail should
you preserve?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Poll Question 3
Which part of the puzzle is your current focus?<pick one answer>
1. Building out a good on-boarding process2. Risk Monitoring - understand risk across existing portfolio3. Risk Prevention - Training, enforcement, incentives, behavior4. Documentation - ensuring a seamless audit trail
Answer 1
Answer 2
Answer 3
Answer 4
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Session II
Your on-boarding process works, so now what?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Session III
Event Response & Remediation
when bad things happen, what should you do?
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Catelas 360 Relationship Compliance
Puts Compliance in Control
Real Time Control
Respond to events Fast
Reduce Costs
Low cost, deep visibility from HQFor Legal, Compliance & Security
Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight
Thank You
Eddie Cogan617 407 [email protected]