James E. Williams and Jill M. Williamson
There is more to a successful Third Party Risk program than risk rankings and questionnaires. A successful program relies on buy-in at all levels and integration with existing processes and controls. If your third party risk program is administered by the legal and/ or compliance team working in a vacuum, you may be doing more harm than good. Third party risks run across many functions and new risks are arising with more frequency.
In many ways, the accounting and finance function is the most important function for mitigating third-party risk. The finance team plays two crucial roles in third party risk mitigation:
1) Implementation of compliance controls: Many risk controls require continued monitoring by those that pay the bills. Some examples include invoicing requirements to ensure compliance with contract requirements such as restrictions on using sub-contractors and interface with government officials, and invoice detail and supporting documentation requirements.
2) Identification of red flags Those that pay the bills are also in the best position to identify certain red flags. Some examples of such red flags include third party, third country, or third country currency payment instructions, repeated failures to comply with contract restrictions, generic or vague descriptions for services rendered, or questionable service fees, expediting fees, or gifts and entertainment.
It should be noted that third party compliance risk controls may differ significantly from traditional SOX or accounting controls. Traditional SOX/accounting controls are primarily based on a binary financial threshold, i.e. payments over $5,000 require two signatures. Compliance risk controls that are responsive to business needs have more components; e.g. payments to high risk third parties, in certain regions, require heightened scrutiny or higher levels of approval. Implementation of these controls will require revision of the accounting practices guidelines, training of relevant individuals, and adjustments to software systems used for these processes.
Read the full article here.
About the Authors
James E. Williams served as Vice President, General Counsel, and Corporate Secretary at Liquidity Services from November 2005 – April 2016. James contributed to the Company’s market leadership by building the legal, compliance and risk management team and counseling the Board and executive team on all governance, legal and risk management matters.
Jill M. Williamson is of Counsel at Rimon Law where she advises clients on a wide variety of compliance matters. She has served in house as the Chief Compliance Officer at Liquidity Services, Inc., where she built their compliance program from the ground up and as Deputy Chief Compliance Officer at Cigna.