Last year we canvassed the opinions of over 200 compliance professionals to understand the challenges they are facing. What is evident from the results is that managing risk and compliance is more complex than ever, and to be successful, companies need to employ the right people and have the right processes and tools in place. Technology has a growing role to play in helping compliance professionals, particularly in relation to counterparty management. Time and time again, compliance professionals rank management of intermediary risk as the most demanding area of their work.
Rebecca Palser of Risk Advisory speaks to Scheugnet Nel, to get her views on the benefits of using technology. And to find out what lessons she learned when she developed and implemented an online platform at NBCUniversal to help manage the company’s international intermediary landscape.
What prompted NBCUniversal to adopt an online counterparty management platform?
We were grappling with two main issues at the time. Firstly, we had excellent corporate policies for intermediary risk management, but to implement them we used an unwieldy “toolkit” which detailed the steps and the associated documents required, such as the risk matrix, due diligence questionnaire, training materials, and included a spreadsheet to capture metrics.
Secondly, our then parent company, General Electric, demanded quarterly metrics. We struggled to produce these because we had to get individual business units to update the spreadsheet each quarter. It was incredibly time-consuming and the resultant data was often inconsistent and unverified.
What were you trying to achieve?
At the time, our priorities were to streamline and automate at least some of the manual processes, improve our ability to pull metrics efficiently, and to be able to oversee and audit our intermediary landscape against our procedures.
We initially considered developing a tool internally using a workflow platform we inherited from GE, but it quickly became apparent that this would be time-consuming and wouldn’t deliver the functionality we needed. We therefore engaged an external provider to develop a solution with us.
What were the biggest challenges?
Truly operationalising the system took longer than we’d expected.
At the outset we were still refining our intermediary compliance procedures. Before undertaking an exercise like this, you need to ensure your underlying policies and procedures are defined in advance: how you assess risk, how many risk categories you have and ultimately what each category requires in terms of screening, training, approvals and other controls.
It also took us longer than expected to implement the system internally. As with pretty much any compliance process, you need to train and re-train the employees. This takes time and internal resource and isn’t a “one-time-only” exercise. We held regular technical training sessions with the system users, and clinics with particular businesses to address specific concerns.
Also, when we rolled the system out, we didn’t want to burden the businesses. So, existing intermediaries were only on-boarded as contracts came up for renewal. As a result, it was really only after a period of about 2-3 years that we had all intermediaries in the system.
Did the system deliver the benefits you envisaged?
Yes, the system delivered clear benefits for the compliance team.
For the first time, we had oversight of the intermediary procedures across all business units, could pull and analyse detailed metrics and audit any file from our desks. It felt ground-breaking! I don’t think you can overstate the value of having a central, accessible, auditable online folder for each intermediary, where all risk assessments, diligence, contracts, training records, approvals, audit reports etc. are stored. Anyone who has had the misfortune of being involved in a regulatory enquiry or an internal investigation will know the challenge of trying to gather all relevant documents.
Automation was another easy win. We created a standard set of questions about the intermediary which the user would answer. Based on the answers, the user would be directed to a specific set of controls, including the level of screening required, training to be undertaken, level of internal approvals etc. It also ensured that our business people ordered the right level of screening from our provider and reports were automatically logged in the right folder.
Were there benefits across the wider business too?
Yes. Our salespeople appreciated having the due diligence questionnaire sent automatically. They still had to own compliance and manage their intermediaries, but not having to send out this form, usually at a time when they were in the middle of negotiating commercial terms, was beneficial for them.
It’s also simple for an online tool to send out automated email reminders for contract renewals, re-screening, approvals and any specific controls. This took the pressure off stretched legal teams.
One of the other benefits that we had not envisaged was the creation of a database of intermediaries accessible across all business units. Different units could leverage work already done elsewhere. It also created a central list of intermediaries which for one reason or another the businesses were not to engage. This sharing of data across the organisation was not happening prior to the launch of the intermediary platform and was a big win from a commercial perspective.
Why didn’t you do it sooner?
There is a concern that using a technological solution will create a “tick-box” approach and create a situation where risks are not being managed properly. In my view, there are elements of any good program which can be automated to alleviate the burden on compliance teams without handing over the reins. Using an intermediary management tool can free up internal resource to focus on the real risks.
There is also a concern that a technical solution might overly complicate and delay the appointment of intermediaries because it is inflexible and overly bureaucratic. Here, I think we need to be honest with our internal clients: implementing an effective intermediary management platform will mean that there is no hiding behind a paper-based process. Businesses need to make sure they are conducting all the required steps, and that this can be measured and audited. Given the risk intermediaries pose we simply have to ensure we’re proactively managing this risk and use whichever tools are at our disposal.
What advice would you give readers considering implementing a counterparty management platform?
Spend time getting your underlying policies and procedures right; use the best-practices your advisors or system providers can share; then make sure you have the buy-in of all the stakeholders across the business, especially the leadership who will approve the policies, determine the budgets and ultimately make sure this stays on the agenda and gets done. If you can address user issues and concerns in the development phase, you’re much more likely to have buy-in when it comes to roll out.
Finally, plan and prepare for the development and roll it out carefully to make sure you allow enough time to properly implement the system. For us, the implementation of the platform – over time! – turned what was seen as a burdensome compliance policy, into an operational process. It wasn’t perfect and will always evolve, but it revolutionised the way in which we managed one of the biggest risks to the business.
Prior to setting up her own compliance consultancy practice last year, Scheugnet Nel spent nine years at NBCUniversal as senior international compliance counsel, working across international operations in the development and implementation of the company’s compliance program. Scheugnet’s expertise includes implementation of third party risk management procedures and tools; controls around minority joint ventures and M&A risk assessment, diligence and integration.
Scheugnet completed a BA in English and Drama before receiving her law degree in 1997 from the University of Cape Town.
Rebecca Palser is Global Product Director at Risk Advisory and responsible for the management and development of the group’s online compliance portal, LUMA. Rebecca has worked for Risk Advisory since 2003, and has experience working with clients implementing and managing intermediary compliance programmes and expertise in integrity due diligence and investigations.
*The Risk Advisory Group surveyed over 200 compliance professionals from across the UK, Europe and beyond to pinpoint the key issues for the industry going into 2016. The survey was based on discussions with members of our Women in Compliance networking group, and can be accessed on Risk Advisory’s website.