catelas webinar session i 3rd party compliance & risk oversight 31 oct 2012

Copyright © 2012 Catelas Inc. All rights reserved Catelas 3rd Party Compliance & Risk Oversight

Catelas 360 Relationship Compliance

Rapid Event ResponseInvestigations

Training Gap AnalysisPEP lists

Periodic AuditsRisk Assessments

Fully Automated, Real-Time Visualization of your entire 3rd party Operations

On-boarding& Due Diligence


Session I

How much risk are you on-boarding with each new partner or acquisition?


Session I: Agenda

Panel Introductions Thomas Fox, Principal, tomfoxlaw.com

Martha Durcan, Chief Compliance Officer, Parametric Technology CorporationFCPA & UK Bribery Act

Eddie Cogan, Founder & CEO, Catelas, Inc.

Panel Debate & Discussion What risks exist, when you do business overseas?

What risks should you worry about with each new agent/partner/acquisition?

How to you better understand your risk and measure your risk exposure?

If a partner is high risk what options do you have?

Can technology help? What tech is available today?

How do you ensure you are prepared should you meet the DOJ / SEC?

Questions Email them to me at [email protected]

Or simply use the chat facility on the webinar.

mailto:[email protected]


2012 Enforcement ActionsKey Take-Aways

• Morgan Stanley-compliance programs do receive credit

• Pfizer – New “enhanced” compliance requirements and due diligence in the merger and acquisition context

• Tyco-Non-Prosecution Agreement for repeat Offender

• Opinion Release 12-01-how does your due diligence affect your use of agents?

October 31, 2012

Martha DurcanChief Compliance Officer

6

• Compliance assessment conducted by third party

• Charter of PTC’s Board of Directors Governance Committee

expanded to include compliance monitoring

• Dedicated Compliance Group established– Chief Compliance Officer appointed

• A key focus area is Anti-Corruption– New partner on-boarding process implemented

– Catelas compliance software purchased to automatically inventory 3rd party

relationships, uncover relationship history and to conduct internal investigations

Focus on Ethics and Compliance

7

• Partner Identification and Business Justification– There must be a business justification for each partner that has been approved by the

appropriate manager prior to initiating automated partner due diligence

• Partner Assessment – Due Diligence– Partner due diligence process is automated

• Partner Engagement

– Each partner signs a contract with PTC containing enhanced anti-bribery provisions

– PTC’s Anti-bribery Policy is delivered to each partner with the contract signed by PTC

• Partner Training

– Anti-bribery training will be provided to each partner

– The type of training received will be partner-specific based on perceived risk

• On-Going Monitoring

– Re-assessment at contract renewal and sooner based on deal and region-specific factors

Enhanced Partner Assessment Process

There are five key elements of our partner assessment process.

PTC CONFIDENTIAL

8

Challenges

• Partner Review in Emerging Geographies

– Overcoming challenges presented by different cultures, language, time zones

• Distinguishing the true risk profile of a partner

– Evaluating the Inherent risks (industry, country) versus partner specific risks

(type of partner, target customers of partner)

• Due Diligence on Partners with High Risk Scores

– Determining when and how much due diligence is adequate

Benefits

• Increased visibility (not just transparency) into partner relationships

• Broader awareness of compliance risks internally and externally

• Centralized system of record

Partner On-Boarding: Key Challenges and Benefits

9

• Red Flags– Do they differ by region?

– Examples of red flags that have lead to rejection of high risk partners

– Commonly missed items?

• Partner Training– Is on-line training effective?

• Partner Audits– Are they being done?

– How frequently?

– Process tips?

• Driving Behavioral Change Throughout the Organization– Effective tools

Discussion Questions


Compliance Burden

Compliance must clearly communicate, demonstrate and display the effectiveness of Compliance Programs that combat these risks:

Anti-Trust , anti-competitive business practices and Cartel

FCPA & UK Bribery Act

Indirect Revenue Recognition (JVs, Resellers, and hybrid 3rd Parties)

Partner On-boarding and Due Diligence

Code of Conduct, Sales and Marketing Policy

Supply Chain risk: vendor kick back, conflicts of interest

Data Theft, Intellectual Property and Privacy

Information Barriers and Employees with access to sensitive data

New and Departing Employees

"Demonstrating Compliance Effectiveness is Critical: [Regulators] want proof that the programs are actually working."

- Steve McGraw, from Compliance & Ethics Professional Magazine


Catelas360 – End to End Coverage

Published Lists(From World Compliance etc.) Global Sanction List Global PEP List Global Enforcement List Global Adverse Media List Global Foreign Official List

Employee / Contractor Attributes(From Contact / HR database e.g. PeopleSoft) Role: sales, finance, logistics Responsibility: VP, Dir, Mgr Location: Beijing, China Contact details: email, telephone

Company Attributes(From CRM e.g. Siebel) Company types: customer, partner, distributer, agent

Compliance Database Risk Scores Employee training certification Partner certification & agreements

HR CRM ComplianceFinanceLists

Financial Data(From Finance database) Total value of partner business Lists of transaction with partner

On-boarding PEP Lists

Policy Enforcement

Risk Alerts Risk Assessments

On-going Audit & due diligence

Internal Investigations

Identification Priority Review

Early Case Intelligence

Compliance Audit Legal

Email Log Files


3rd Party Transparency & Control

Partners grouped by Region & Relationship Strength

View Relationship History: What is being said? What work are they doing?

Who is key? In your company ? At the partner?

Every partner, globally, automatically ranked


Policy Enforcement & Monitoring

Policies focusing on specific risks

Rules focusing on specific behaviors

Advanced Analytics on identified risk

Risk broken down by time periods of interest

Results captured for Review with severity level


Litigation InvestigationsInternal Investigations

WITHOUT COLLECTING EMAILS Quickly identify the most relevant custodians based on their relationships

Only collect what's relevant. The key relationships lead us to the most relevantkeyword-based documents

Deliverables: Impact Report within a single day

Identification: Identify key players before collection

Intelligent Collection: of communications between key people

Priority Review of most relevant (< 1%) data within 1st day

Uncover ‘hot docs ’ for senior review within 1st day

Providing counsel with key strategic information about a matter, earlier enabling conflict resolution, better negotiations etc..


Topic 1

The on-boarding process―What are the risks?―Where should you focus?


Poll Question 1 – with Results

How mature is your Compliance program?<pick one answer>

1. We have policy and procedures. Employees sign up to these

2. We have a repeatable on-boarding process3. We monitor for risk with annual audits & interviews4. We monitor continuously - are looking to change

behavior

Answer 1

Answer 2

Answer 3

Answer 4


Topic 2

The on-boarding process―How do you uncover risks?―How do you measure these risks―What do you do about this risk?


Poll Question 2 – with Results

Do you see technology as an essential component of the Compliance function?

<pick multiple answers>1. No. We believe our on-boarding process is sufficient2. Yes for Financial Transaction Monitoring3. Yes for automating and documenting the on-boarding process4. Yes for understanding people, relationships and history5. Yes - all the above are important

Answer 1

Answer 2

Answer 3

Answer 4

Answer 5


Topic 3

The on-boarding process―How do you prevent risk in the fist

place?―Should you monitor for ‘bad

actors’?


Topic 4

The on-boarding process―How important is documentation?―What kind of audit trail should

you preserve?


Poll Question 3

Which part of the puzzle is your current focus?<pick one answer>

1. Building out a good on-boarding process2. Risk Monitoring - understand risk across existing portfolio3. Risk Prevention - Training, enforcement, incentives, behavior4. Documentation - ensuring a seamless audit trail

Answer 1

Answer 2

Answer 3

Answer 4


Session II

Your on-boarding process works, so now what?


Session III

Event Response & Remediation

when bad things happen, what should you do?


Catelas 360 Relationship Compliance

Puts Compliance in Control

Real Time Control

Respond to events Fast

Reduce Costs

Low cost, deep visibility from HQFor Legal, Compliance & Security


Thank You

Eddie Cogan617 407 [email protected]

mailto:[email protected]

http://www.catelas.com/

catelas webinar session i 3rd party compliance & risk oversight 31 oct 2012

Documents

automated partner

rights reserved catelas

partner identification

anticorruptionnew partner

high risk

risk exposure

party operationson

party relationships