A clear way to alleviate compliance stress and provide peace of mind is to take a risk-based approach to vetting third parties. Put simply, this involves identifying and evaluating third-party risks relative to each other and then devoting the greatest resources to the highest risk areas. This nuanced approach allows compliance managers to be value-driven and enable a good flow of business, while meeting their compliance obligations. However, even well implemented risk-based compliance programmes can leave teams under a mountain of third parties to work through, each of which requires vetting before onboarding or re-contracting can be completed.
Many compliance teams around the world are finding themselves under increased pressure from a rapidly changing risk environment. Despite this, the need for adequate FCPA and UK Bribery Act-related procedures continues. When combined with the increasing complexity of local regulations, these regulatory requirements often cause serious headaches for time-pressed and capacity-constrained compliance professionals.
Automated solutions: Problems solved, others created.
Many companies choose to approach their lower risk third-party screening through fully automated, IT-driven solutions. At a time when most teams are being asked to do more with less, these automated solutions enable teams to vet third parties more quickly than through manual research. Artificial Intelligence-led screening to determine ultimate beneficial ownership (UBO) and identify sanctions, political exposure and adverse media has improved exponentially over the last decade. Today, large data sets can be automatically reviewed, and ever more accurate name matching is reducing false positives. Each of these factors contribute to the key goal: reducing the amount of time required for human review.
As businesses continue to expand globally the local expertise required for adverse media, political exposure, sanctions compliance and UBO discovery increases accordingly. When combined with an increasingly complex regulatory environment, compliance officers can find themselves in unenviable positions. Screening reports sitting on their desks for review may have cited sources that are in a language they don’t understand or may be related to regulations in an unfamiliar jurisdiction.
Step forward managed screening... Designed to be an efficient and effective combination of technology and human expertise, these solutions use software to automate sanctions, political exposure and to a more limited extent, adverse media checks. They then augment these automated searches with an integrated human review by dedicated teams of experts to remediate false positives and conduct additional research to clarify complex cases. Ideally, managed screening reports should include a summary written by an expert local analyst to provide context for the results presented. This allows reviewers to utilise information reviewed by experts in a quick and easy to navigate report rather than large amounts of data with varying degrees of relevance. This technology can also be tailored to search only specific data sets designed to highlight the most pressing risk areas to the reviewer and can provide a full review of the information available in databases, allowing additional control over reporting and increasing the relevance of the information provided.
In addition to general false positive remediation of sanctions and political exposure matches, identifying beneficial ownership can be greatly enhanced by a human review of automated database results. This increases the accuracy of immediate shareholder and official registration information reporting by incorporating manual checks of available online corporate registries around the world. In some cases, it’s even necessary to access offline corporate record information and carry out media research designed to capture references to beneficiaries not identified in corporate records; something machines are yet to manage. While compliance screening is increasingly technology-enabled, sometimes more traditional methods need to be drawn upon.
Herein lies the key issue: the technology, while it may have improved immeasurably in the last few years, just isn’t there yet. Many fully automated solutions provide a large quantity of data without providing any context for the results found, leaving time-pressed compliance officers to make assumptions and at best educated guesses about the risks they face from third parties. We may well be having a very different conversation in another five years. Until then, the synergies provided by leveraging existing automated solutions with the nuanced review and research that no AI can substitute human beings for, means that compliance departments can still get the best of both worlds as they vet their third parties.