Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
For companies with hundreds to thousands of third-party relationships all over the world, what's the best way to manage related risks? How do you get started, what approaches have worked, and what mistakes should you avoid? Tyco’s compliance leader Matt Tanzer will discuss how his company has approached the global challenge, first evaluating and then implementing global processes to manage the risks presented by thousands of third parties all over the world. Joining him will be Scott Moritz of Daylight Forensic, which has assisted Tyco with the process. This will be a practical, hands-on session, designed to provide real-world advice, based on one company’s extensive experience.
Featuring:
* Tyco International VP and Chief Compliance Officer Matt Tanzer
* Daylight Forensic & Advisory Executive Director Scott Moritz
More From This Author
See More
Lanny Breuer, selected by President Obama to head the Criminal Division of the Justice Department in January 2009, will discuss practical matters for companies dealing with the Justice Department, including topics such as cooperation, attorney-client privilege, and the importance of pre-existing compliance programs. Breuer will also discuss the Department’s increasing use of proactive law-enforcement strategies and tools, such as wiretaps, to combat financial fraud.
Get ready for a fun, interactive, high-energy conference closer from Second City Communications, the business solutions division of the world-famous comedy theatre. Using observations, ideas, and insights garnered from the entire three-day conference, Second City Communications will play back what they’ve heard, offering a real-time wrap-up of key conference takeaways, and providing a host of ideas you can bring back to your company. This is a closing session you won’t want to miss! Featuring: * Second City Communications CEO Tom Yorton
Like Web 2.0, do you have a “Code 2.0”? PepsiCo Chief Compliance Officer Stephen Naughton will share his team’s research into trends related to codes of business conduct. The session will leverage research that PepsiCo conducted while attempting to revise and update its own code and will focus on the most interesting innovations and developments. Featuring: * PepsiCo, Inc. VP, Compliance and Chief Compliance Officer Stephen M. Naughton
Compliance, ethics, and legal executives at Johnson & Johnson, Best Buy, and The Travelers Companies will provide details on their social media policies, programs, and experiences, focusing on a variety of cultural, legal, and disclosure-related issues. Featuring: * Johnson & Johnson Senior Counsel & Assistant Corporate Secretary Douglas K. Chia * Best Buy Chief Ethics Officer Kathleen Edmond * The Travelers Companies, Inc. SVP, Chief Compliance Officer & Group General Counsel David Baker * Compliance Week Columnist; President, Docket Media LLC; Founder and Editor, Securities Docket, Bruce Carton (moderator)
Transcript
Third-Party Relationships: Opportunities to...
Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
Presenter's Notes: 1
Third-Party Relationships: Opportunities to...
Scott KirsnerCompliance Week Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
Presenter's Notes: 2
Third-Party Relationships: Opportunities to...
Matt TanzerVP and Chief Compliance CounselTyco InternationalScott MoritzExecutive DirectorDaylight Forensic & Advisory LLC Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
Presenter's Notes: 3
Third-Party Relationships: Opportunities to...
Scott KirsnerCompliance Week Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
Presenter's Notes: 2
Third-Party Relationships: Opportunities to...
Matt TanzerVP and Chief Compliance CounselTyco InternationalScott MoritzExecutive DirectorDaylight Forensic & Advisory LLC Third-Party Relationships: Opportunities to Control Risk and Pitfalls to Avoid
Presenter's Notes: 3
What is Tyco?
4 What is Tyco? Vital GlobalCompany60 Countries 110,000 Employees $17B 2009 Revenue Tyco is a leading provider of security products and services, fire protection and detection products and services, valves and controls, and other industrial products. ADT Worldwide Safety Products Flow Control
Presenter's Notes: June 7, 2010 4
Agenda
Agenda
Presenter's Notes: 5 (2) All employees listed within this document are employees of Deloitte Consulting LLP
Overview of Tycos Third-Party Program
Overview of Tycos Third-Party Program Each of us is now fully accountable for the management and oversight of any third party relationships we sponsor. Ed Breen, CEO, April 2009 - to the whole organization Commitment Tyco committed unprecedented time and effort to its FCPA compliance program to prevent bribery by third parties. Mandate came from the CEO, the Management Team, Board of Directors and Audit Committee. All Business Presidents fully committed to build best-in-class processes to prevent bribery. Scale 4 Business Segments603 Legal Entities57 Countries Retain Third Parties151 Countries Where Third Parties Located >1000 Business Sponsors24-Person Program TeamMultiple external experts in anti-bribery, program management, data storage, FCPA certification, document review, third-party analysis and forensic analysis
Presenter's Notes: 6 (2) All employees listed within this document are employees of Deloitte Consulting LLP
Tycos
Tycos Third-Party Relationship Types A broad range of third parties were assessed, across every country in which Tyco operates. Accountants/Accounting FirmsADT Authorized DealerADT Mobile Germany Sales RepresentativeAgent/DistributorsAgentsCharitable OrganizationsCommercial ConsultantConsultantsCustoms Agents/BrokersDistributorsEnvironmental ConsultantsEPCs (Engineering, Procurement, Construction firms) Freight Forwarding Agents/BrokersGeneral ContractorsLawyers/Law FirmsLobbyistsMarketing/AdvertisingOtherOther consultantPure ResellersReal Estate Agents/BrokersSub-ContractorsTax Agents/SpecialistsTrade Association Business Relationship Types
Presenter's Notes: 7 (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #1 : Hold a Business Sponsor Accountable
Step #1 : Hold a Business Sponsor Accountable All Business Sponsors certify their understanding of their responsibilities to accurately and fully represent data on their third partiesBusiness Sponsors required to keep all third party data up-to-date and confirm relationships regularly Controls and Accountability Business Sponsor CertificationI certify that I have reviewed the Third Party Business Relationship Definitions.discussed any questions I may have about the definitions with the Regional Compliance Council, and that the intended relationship identified above is true and accurateAs part of my continuing commitment to Tycos Vital Values, and to further Tycos compliance with anti-bribery laws worldwide, I have a responsibility to help ensure that the third parties we do business with share our dedication to integrity and conducting business in an ethical manner. In furtherance of this responsibility, I am acting as the Business Sponsor for the third party, and confirming that I have submitted all required documentation in support of the third party to the Third-Party Compliance team at [email address]. I understand the Tyco Ombudsman is available at [tel #] as a resource to address any issues that may arise from this process.______________________Tyco Sales Manager, XXXX
Presenter's Notes: June 7, 2010 8
Step #3 : Obtain Business Justification
Step #3 : Obtain Business Justification Discontinued third parties require the Controller to inactivate the third party and to certify that the third party has been inactivated Third Party Numbers By Tyco Business
Presenter's Notes: 11 (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #1 : Hold a Business Sponsor Accountable
Step #1 : Hold a Business Sponsor Accountable All Business Sponsors certify their understanding of their responsibilities to accurately and fully represent data on their third partiesBusiness Sponsors required to keep all third party data up-to-date and confirm relationships regularly Controls and Accountability Business Sponsor CertificationI certify that I have reviewed the Third Party Business Relationship Definitions.discussed any questions I may have about the definitions with the Regional Compliance Council, and that the intended relationship identified above is true and accurateAs part of my continuing commitment to Tycos Vital Values, and to further Tycos compliance with anti-bribery laws worldwide, I have a responsibility to help ensure that the third parties we do business with share our dedication to integrity and conducting business in an ethical manner. In furtherance of this responsibility, I am acting as the Business Sponsor for the third party, and confirming that I have submitted all required documentation in support of the third party to the Third-Party Compliance team at [email address]. I understand the Tyco Ombudsman is available at [tel #] as a resource to address any issues that may arise from this process.______________________Tyco Sales Manager, XXXX
Presenter's Notes: June 7, 2010 8
Step #1 : Collect Third-Party Data
Details on Third Parties were collected from all Tyco businesses worldwide Dedicated systems supported data collection, processing and reportingUnique Identification Number assigned to every Third Party to ensure data integrityDATA PRIVACY A KEY CONSIDERATION Step #1 : Collect Third-Party Data Third Parties By Business Region
Presenter's Notes: 9 FOR COMPLETION BY Michael Storck / Torsten RoethelPlease create this slide with charts / explanation to include:#s of entities#s of third parties#s by relationship(Other charts?)Process for collection, standardization and audit of data, including timingInitial results from data collection findings of note (+ any potential issues)Additional slides can be included in the AppendixSee Appendix for samples of formatting (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #2 : Develop a Risk Assessment Score
Daylight applied objective risk criteria to perform high-level due diligence on all third parties Once a Third Party was designated as high risk, Tyco imposed increased scrutiny and heightened obligations Risk Assessment Scoring Daylight conducted Level one investigative due diligence on all Tyco third parties, producing a risk score for each third party ranging from 0 to a maximum of 1,405Tyco evaluated Daylights 101 risk rules and added points to more heavily weight categories based on Tyco experienceThird Parties that scored 200 points or higher were classified as high riskTyco validated high risk classification based on actual experience and knowledge Step #2 : Develop a Risk Assessment Score
Presenter's Notes: 10 Completed By: DaylightPlease create this slide with charts / explanation to include:Numbers of risk rules used / appliedBreadth of data on which rules are based (description of Daylights unique data mining approach)Several rule examplesConservative nature of Risk Assessment err on side of cautionProcess for applying rules to a third partyAdditional slides can be included in the AppendixSee Appendix for samples of formatting (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #3 : Obtain Business Justification
Step #3 : Obtain Business Justification Discontinued third parties require the Controller to inactivate the third party and to certify that the third party has been inactivated Third Party Numbers By Tyco Business
Presenter's Notes: 11 (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #3 : Review Business Justification
Step #3 : Review Business Justification Tycos businesses conducted a second review, with an emphasis on the high-risk third parties, to determine whether there was a commercial reason to continue High-Risk Third Parties by Region High-Risk Third Parties by Business
Presenter's Notes: 12 (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #4 : Perform Further Investigative Diligence
Tyco requires further Investigative Due Diligence for third parties with a risk score totaling 200 or above (high risk). Level 3 All searches in Level 2, plus:Foreign public records search by in-country investigatorsSite visit to headquarters inclusive of photographs, neighborhood investigation and source interviews, and, extended scope liaison with information sources Level 2 Identify substantive adverse reportsLiaison with information sources to address law enforcement, regulatory and reputation concernsContact references Step #4 : Perform Further Investigative Diligence
Presenter's Notes: 13 Completed by: DaylightPlease create this slide with charts / explanation to include:Levels of due diligence#s of third parties undergoing due diligenceProcess / case managementAuditability of process, use of UINConservative nature of approach (emphasis on caution)Findings of note (+ potential issues)Additional slides can be included in the AppendixSee Appendix for samples of formatting (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #5 : Obtain Compliance Certifications
The system will use Tycos Unique Identification Number linking the third party to the overall Third Party Program results, including risk scores and due diligence findingsBusiness Sponsors review certifications electronically; Internal Audit and Law will have access to the database Tyco is automating the collection, reporting, and tracking of its Third-Party Compliance Certifications Step #5 : Obtain Compliance Certifications
Presenter's Notes: 14 Complete by: Integrity InteractivePlease create this slide with charts / explanation to include:#s of third parties for FCPA certification#s by relationship, risk level, (other breakdown?)Process for FCPA certificationAuditability of process, use of UINConservative nature of approach (emphasis on caution)Findings of note (+ potential issues)Additional slides can be included in the AppendixSee Appendix for samples of formatting (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #6 : Evaluate Written Documentation
Document requirements vary depending on the type of third party and the risks presented Tyco reviewing contracts to confirm that existing documentation complies with Tycos requirements and, if not, amending or creating new documents as needed Collect current documents and capture key data elementsValidate basic information and divide third parties into relationships to be continued or discontinuedGroup documents by compliance category: compliant / requires FCPA language / new document / terminate Conduct compliance gap analysis and prepare amendmentsFinalize and negotiate all such amendments and agreements Store all executed copies of amendments/agreementsSend termination notices as applicable COLLECT STRATEGIC ANALYSIS IMPLEMENT STORE Step #6 : Evaluate Written Documentation
Presenter's Notes: 15 Completed by: Sirisha Gummaregula / Colin LevinePlease create this slide with charts / explanation to include:#s of third parties in scope#s by relationship, risk level, document type#s of languages and jurisdictionsProcessAuditability of process, use of UINFindings of note (+ potential issues)Additional slides can be included in the AppendixSee Appendix for samples of formatting (2) All employees listed within this document are employees of Deloitte Consulting LLP
Step #7 : Provide Training
Tycos program includes both employee training and third party training Step #7 : Provide Training Compliance Forms Dedicated Intranet Pages Desk Reference Accountability Handbook Leader Videos Managers Toolkit
Presenter's Notes: 16 Completed by: Sirisha Gummaregula / Colin LevinePlease create this slide with charts / explanation to include:#s of third parties in scope#s by relationship, risk level, document type#s of languages and jurisdictionsProcessAuditability of process, use of UINFindings of note (+ potential issues)Additional slides can be included in the AppendixSee Appendix for samples of formatting (2) All employees listed within this document are employees of Deloitte Consulting LLP
Controls: Risk-Based Third-Party Qualification...
Controls: Risk-Based Third-Party Qualification Requirements Qualification Requirements Vary Based on Assessed Risk
Presenter's Notes: 17
Controls: Comprehensive, High-Level Governance
Controls: Comprehensive, High-Level Governance Enterprise Steering CommitteeComprised of Senior Management ADT Steering Committee TFC Steering Committee TSP Steering Committee SG Steering Committee CorporateSteeringCommittee SBU Committees comprised of:SBU PresidentCFO / ControllerSBU CounselRegional Compliance Counsel (for Third Party Region) ADT SBU Committees TFC SBU Committees TSP SBU Committees SG SBU Committees Segment CommitteesSegment PresidentChief Financial OfficerGeneral CounselProject LeaderCompliance Team Member
Presenter's Notes: June 7, 2010 18
Matthew Tanzer
Matthew Tanzer Vice President and Chief CounselCompliance and Regulatory AffairsTyco International Matt Tanzer is Vice President and Chief Counsel Compliance and Regulatory Affairs for Tyco International. As the companys senior compliance counsel, Matt is responsible for coordinating Tycos global compliance program and policies. He and his team work closely with senior management to promote a culture of ethics and integrity worldwide, providing legal advice, counseling, education and business support with regard to myriad laws, regulations, policies and procedures around the world.Matt has extensive international experience, having worked on compliance and transactional issues in many countries, including Australia, Brazil, China, France, Hungary, India, Indonesia, Italy, Singapore, UK and others. Having started his career as an environmental lawyer, Matt also has substantial expertise in international environment, health and safety regulatory requirements.Prior to joining Tyco, Matt spent 12 years with General Electric in a variety of compliance roles, as well as several years in private practice. Matt spent almost 5 years with GEs Plastics business, 3 years with GEs Lighting business, and 5 years with GE's Corporate Environmental Programs. All of these roles were focused on global corporate compliance. Matt earned his law degree at Harvard Law School. He has a Masters Degree in Oceanography from the Scripps Institution of Oceanography and a Bachelors Degree in Geology from Cornell University. Matt is past Chair of the American Bar Associations In-House Counsel Committee, and was previously Chair of the Air Quality Committee (2003 2005). Matt joined Tyco in 2004.
Presenter's Notes: June 7, 2010 26
Scott Moritz
Scott MoritzExecutive DirectorDaylight Forensic & Advisory LLC Scott Moritz is an executive director with Daylight Forensic & Advisory where he leads the Anti-Bribery and Investigative Due Diligence practices. He has more than 23 years investigating corruption, transnational crime and money laundering. Before joining Daylight, Scott was with KPMG where he was national director of corporate intelligence for the U.S. forensic practice. Scott was a special agent with the Federal Bureau of Investigation for nearly 10 years. He is widely recognized for his expertise in international anti-corruption investigations and is a leading authority on the performance of due diligence investigations. Scotts international investigative experience includes in-depth investigations in Russia, the Commonwealth of Independent States (CIS), Hong Kong, China, Southeast Asia, the Middle East, Sub-Saharan Africa, and South and Central America. He has published and spoken on a variety of subjects including the Foreign Corrupt Practices Act, money laundering, forensic accounting, complex investigations and white collar crime. He has appeared on CNBC, CNN, Fox News, and MSNBC and been quoted or published in The New York Times, Fortune, Forbes, Ethisphere, the FCPA Blog, Securities Docket, Compliance Reporter, Fraud Magazine, Fortent Inform, Money Laundering Alert, Crains New York Business, CFO Magazine, The Chicago Tribune, The Christian Science Monitor, Directors & Boards, and Corporate Board Member. Scott earned a bachelor's degree from Jacksonville University and graduated from the FBI Academy in Quantico, Virginia. He is a certified fraud examiner (CFE), certified anti-money laundering specialist and certified information privacy professional.
Presenter's Notes: June 7, 2010 27
Slide 28
Presenter's Notes: 28