Ahead of the Vendor & Third Party Risk USA Congress, Anders Rodenberg, Director of Sales, Bureau van Dijk and Bill Hauserman, Sr Director, Compliance Solutions, Bureau van Dijk discuss in depth, regulatory risk and the financial health of service providers.
Please tell us about yourself, your professional experience, and your current focus?
“Anders A. L. Rodenberg, M.Sc. is the Head of Financial Institutions and Advisory in North America for Bureau van Dijk. Originally from Scandinavia, Anders previously served as Head of Compliance for the Nordic European Region at Bureau van Dijk before transferring to the U.S., which gave him key compliance insight and experience on both sides of the Atlantic.
Anders has been involved in multiple projects in areas ranging from Credit risk of clients and suppliers, Tax risk, Sanctions Risk, Money Laundering risk to FATCA and FCPA, helping to improve the overall risk management at various financial institutions, insurance companies and traditional corporates. Much of his work has been focused on creating operational efficiencies and reducing financial and regulatory risk through global standardization as well as introducing global ownership structures into risk models and procedures. Anders has met with regulatory authorities and industry leaders in numerous countries, giving him key industry knowledge with a special focus on trends and developments. He also often speaks at conferences. Anders graduated from Aarhus University in Denmark and studied at London School of Economics and Copenhagen Business School.”
Bill has spent the last 12+ years bringing the promise of automation to previously analyst-driven due diligence tasks. The goal is to focus the all-important risk analyst time on important decision-making vs. tedious data discovery tasks. By marrying the best in structured private company data with existing or new enterprise due diligence tools, a paradigm shift in typical third-party due diligence is now available. As Director of Compliance Solutions, Americas and leader of the Compliance Global Practices Group at Bureau van Dijk, Bill has insight on best practices for performing due diligence with a global focus. Bill has seen firsthand the wasted time and effort of trained risk analysts because both the internal and external data sources are deficient. These deficiencies create unknown risk and elevate the cost of due diligence. But worse, can create a false sense of security among banking and corporate Compliance staffs.
Why is it important, and what are the benefits, for risk professionals to review regulatory risk and financial solvency indicators early?
Any due diligence process should have a primary goal of stopping the effort as soon as a significant policy exception is highlighted. For instance, why send a questionnaire to a third-party, perform a financial assessment and have a risk analyst create a due diligence plan when the third-party is owned by a sanctioned individual? That scenario happens far too often today because the information is not available either during on-boarding or very early in the engagement with a third-party. The goal for every due diligence risk analyst should be to “fail fast”. Find the obvious problem so you don’t spend time on wasted effort. One size does not fit all when it comes to due diligence. Policy and data analysis guide the effort.
At the Vendor & Third Party 2017 Congress you will be giving a presentation on your insight regarding effective review of regulatory risk and financial health of service providers. Why do you believe this is a key talking point for risk professionals right now?
Historically vendor risk management has been mainly focused on the financial risk of a vendor, but today the regulatory risk is equally as important. For instance, rules have been in place from OFAC since 2008 making it illegal to work with a vendor who is sanctioned. And not just the vendor, but the individuals and companies that own and control that vendor. The reality has been that until Bureau van Dijk achieved the Orbis database global scope for private and public company information, this rule had no way to be enforced or adhered to. This applies to reputational risk as well. Many banks and corporations see this risk dwarfing regulatory risk as far as impact on market caps.
How can Bureau van Dijk assist financial institutions with this?
Validate the legal status of vendors and those that control and manage them for most vendors.
Speed up on-boarding new vendors.
Drive down the time it takes for risk analysts to render risk decisions regarding vendors.
Allow daily monitoring of the control and management of vendors for sanctions, PEP and adverse media.
Cut down on the refresh process time and effort.
When assessing the financial viability of public and private companies, what are the top three things to remember?
1) Instant “Probability of Default” assessment: There are around 70.000 public companies globally and more than 220 million private companies of which around 30 million have detailed financial information available. For public and private companies, it is hence possible to get instant probability of default/financial strength indicators for around 30 million third parties.
2) Need for global financial format: Because of the different accounting standards and local adjustments of these standards a global financial format is crucial for cross border comparison. If financial input to a credit risk model are not standardized it is not possible to know if variations of probability of default is the result of actual different financial performance or just variations in accounting standards.
3) Global ownership: Because of globalization and interconnectedness of entities, financial health cannot be view in isolation without potential exposure to financial risk of owners. Adding global ownership and the owners’ financial health into a credit risk assessment has become key. Adding global ownership to vendor portfolios also enables better spend analysis.
How do you see third party risk management changing over the next 6-12 months, and how will these changes affect professionals in this area?
Currently, most risk assessments, both automated and via risk analysts are performed using self-reported or structured data sources. But the volume of useful unstructured data is increasing well beyond the capacity for most systems or people to absorb and analyze it. This unstructured data, once it can be analyzed, will be providing much of the information to inform due diligence processes. What we see is that the structured data, such as Orbis, will be used to “train” new risk tools to make use of vast quantities of unstructured data. The impact will materially change the way due diligence is performed and the cost of that due diligence.