Automation Best Practices For ABAC Compliance
March 7th, 2017
The unrelenting pace of change in today’s regulatory environment continues to generate a seemingly unending, and increasingly onerous, list of ABAC laws and regulations that companies must understand and comply with if they are to avoid attracting the attention of government watchdogs.
With each new piece of legislation, or escalation in the enforcement of existing regulations, the challenges facing the compliance department increase. In particular, multinationals routinely struggle to vet their third parties in accordance with Anti-Bribery and Anti-Corruption (ABAC) laws, such as the Foreign Corrupt Practices Act, the U.K.’s Bribery Act, and Brazil’s Clean Companies Act. To make matters worse, corporate compliance officers must balance a limited budget and resources with a desire to be compliant. In fact, a common refrain heard around the world is compliance departments “must do more with less.”
Technology allows companies to vet, engage, monitor, and manage third parties in a consistent manner, no matter the size, location, or type of third party.
In an effort to adopt cost-effective approaches to third-party compliance, companies often turn to off-the-shelf spreadsheet programs or “homegrown” systems, such as the organization’s existing accounting programs. This approach may meet the organization’s immediate needs; however, such an approach is rarely scalable and often prone to error. Within short order, the workaround breaks down, leaving the company without the resources to satisfy their own expectations of compliance, never mind that of regulators.
Easing the Third-Party Compliance Burden with Automation
Ensuring compliance with ABAC regulations involves many critical steps, such as the creation and enforcement of corporate policy that prohibits bribery and corruption, reporting mechanisms for alleged violations, and frequent review and oversight to ensure the company’s ABAC program functions as intended. In addition to robust policies and procedures, technology can support and enable the following compliance-related best practices:
1. Gathering of third-party data
Technology can help companies collect, maintain, and analyze information relating to a third party and its principals and minimize the need for manual entry. Automating third-party questionnaires shifts administrative burden from the company to its third parties. It also facilitates the translation of forms from English to the third party’s language. Simple tasks such as prepopulating an existing third party’s responses to a previous questionnaire, allows both the third party and the compliance department to focus on updating the information, not entering it from scratch.
2. Centralization of critical data
Without a dedicated compliance platform in place, companies often store third-party related data in multiple platforms. Maintaining data in this way is time consuming, expensive, and subject to error. A centralized repository that reflects the latest relationships, analytics, and intelligence allows companies to make timely and fully informed decisions regarding each third party it engages and retains. Further, stakeholders need access to just one platform to gather a complete picture of the company’s third-party compliance risk.
3. Performance of objective risk assessments
Automation of the compliance process allows companies to apply quantitative measures to assess the risk across the entire third-party population. Factors such as the type of third party, its location, where it conducts business, how much revenue it generates for the company, the extent to which the third party participates in government tenders, can all play a role in determining compliance risk and the corresponding level of due diligence.
4. Automated screening of third parties
Hundreds of sanction, embargo, and government databases exist to help companies screen their third parties. Technology allows a compliance department to screen their third parties against multiple databases simultaneously. Further, an automated approach to compliance allows companies to schedule ongoing monitoring of compliance-related databases at predetermined intervals such as every six or nine months.
5. Consistent application of the third-party compliance process
Once a company creates its compliance workflow and embeds that approach within the technology platform, it will operate as intended until changed. From this perspective, technology supports an objective, repeatable process that fosters transparency within the compliance department and throughout the company. It also allows a company to demonstrate an audit trail and, consequently, a sustained effort to maintain ABAC compliance.
6. Meeting regulatory expectations: employing a systematic, technology-driven approach to compliance
Technology allows companies to vet, engage, monitor, and manage third parties in a consistent manner, no matter the size, location, or type of third party. When applied correctly, dedicated workflow—as well as the application of multi-factor risk models to identify red flags for review and resolution—enhances a company’s visibility and depth of analytics available to manage and measure the third-party compliance process.
Given that compliance departments must do more with less, technology holds the key to third-party compliance. Without a purpose-built, dedicated compliance solution, most companies will struggle to meet even the most basic regulatory requirements. Technology removes subjective assessments and ad hoc analysis and replaces them with objective and repeatable compliance-driven processes.
Operating and applying the processes and analytics embedded within a technology solution ensures consistency and demonstrates to regulators a concerted effort to meet their expectations.