Risk-proof third-party due diligence with AI

The newest Department of Justice (DOJ) guidance released on April 30,2019, on the evaluation of corporate compliance programs highlights the DOJ's expectation that organizations have a clear understanding of their third-party relationships. And also of the reputations and relationships of these third parties with government officials.

As businesses continue to expand to all corners of the globe, their third-party ecosystems grow larger and more complex. While these relationships offer strategic advantages, they also create significant challenges for companies. To mitigate the risks of high-profile financial or reputational damage from any crooked links in the chain,they need to manage and scan through large volumes of data, including millions of news articles, to spot potential red flags.

Also, with the regulators' emphasis on risk-based due diligence, identifying the risk exposures each supplier brings, allows you to determine the level of risk assessment to carry out and focus efforts where they're needed most.

That's where a digitally enabled third-party due diligence process plays a critical role.

So, how can you build a flexible, scalable, and insight-led program?

By automating supplier onboarding workflow and gaining real-time visibility into their status in the process, you can unwind the complexities of managing disparate systems. This accelerates the due-diligence process and cuts costs.

Digital technologies can also screen millions of records of third-party data and news alerts to establish linkages and extract meaningful insights about possible risks.

Let's look at a few examples in which digital technologies, such as machine learning, artificial intelligence (AI), and automation, have enhanced third-party-risk management (TPRM):

Automated risk categorization
Building rules and risk-scoring algorithms into your system means you automatically categorize third parties based on their inherent risk exposure. These algorithms help identify the percentage of the supplier population that requires enhanced assessments.

Intelligent tagging and information deduplication
With intelligent tagging, you can identify and cluster similar datasets. For example, if multiple sources are reporting on a relevant news story, you still only see it once. This helps you cut through the noise to focus only on the most relevant red flags.

Digitized workflows and automated triggers
Introducing dynamic workflows to third-party risk assessment simplifies how you review and classify risk, making it easier to hone in on the insights from raw data. Automated triggers can then escalate the findings to relevant teams. For example, bribery issues go to compliance, labor violations go to the sustainability team, and so on.

Periodic screening with machine learning
Using machine learning, your organization can filter out false positives over a period of time with a fraction of the effort it would take to do so manually. With technology that learns to recognize the difference between a true hit and a false positive, you enhance the accuracy and efficiency of the alerts-clearing process (Figure 1).

A digital TPRM solution allows you to scan earlier assessments, identify patterns among true hits and false positives among the red flags, and automate the process. By understanding users' flagging and alert clearance behavior over time, you can highlight areas that need remediation.

Interactive dashboards and audit trails
Customizable dashboards that provide near-real-time updates have been a game-changer when tracking and monitoring third-party compliance percentages. They give everyone visibility of the progress of risk-remediation actions and detailed audit trails, making reviews far less time-consuming.

System of engagement
What's the answer to connecting disparate systems and stopping teams from operating in silos? A system of engagement (SOE). As they integrate with sourcing platforms, compliance databases, and vendor management tools, relevant stakeholders across the business gain end-to-end visibility of the risks in the supply chain.

Fuzzy search criteria
Another way technology filters unstructured data to reveal only relevant red flags is by using fuzzy logic. The search triggers alerts based on exact matches or near matches, on names, addresses, countries, or more. Connecting the dots this way gives you information on close associates, subsidiaries, or parents that make in-depth risk analysis possible.

Natural language processing
Cognitive computing can manage unstructured supplier data. Natural language processing, machine learning, and text analytics can uncover insights and analyze sentiments from unstructured data to create and manage risk profiles. With NLP, you can, for example, understand local audit reports in languages you don't speak.

From a compliance perspective, a digitally enabled due-diligence framework allows you to integrate disparate teams, monitor third-party risks more accurately, and enhance productivity. And, from a sourcing perspective, digital enablers increase real-time visibility, accelerate red-flag remediation, and cut onboarding cycle times.

But what's most important to remember as we continue to explore the potential of AI is that it does not replace people or their experience and judgment in risk and compliance. Technology augments human intelligence, adding value by improving accuracy and productivity.

Learn more about how to deliver an end-to-end, third-party-risk management solution and address a breadth of potential risks.