110 likes | 317 Views
Managing Third-Party Relationship Risk Compliance Week June 4, 2009. Matthew Tanzer Vice President and Chief Compliance Counsel Tyco International. Matthew Tanzer. Vice President and Chief Counsel Compliance and Regulatory Affairs Tyco International
E N D
Managing Third-Party Relationship RiskCompliance WeekJune 4, 2009 Matthew Tanzer Vice President and Chief Compliance Counsel Tyco International
Matthew Tanzer Vice President and Chief Counsel Compliance and Regulatory Affairs Tyco International Matt Tanzer is Vice President and Chief Counsel – Compliance and Regulatory Affairs for Tyco International. As the company’s senior compliance counsel, Matt is responsible for coordinating Tyco’s global compliance program and policies. He and his team work closely with senior management to promote a culture of ethics and integrity worldwide, providing legal advice, counseling, education and business support with regard to myriad laws, regulations, policies and procedures around the world. Matt has extensive international experience, having worked on compliance and transactional issues in many countries, including Australia, Brazil, China, France, Hungary, India, Indonesia, Italy, Singapore, UK and others. Having started his career as an environmental lawyer, Matt also has substantial expertise in international environment, health and safety regulatory requirements. Prior to joining Tyco, Matt spent 12 years with General Electric in a variety of compliance roles, as well as several years in private practice. All of these roles were focused on global corporate compliance. Matt earned his law degree at Harvard Law School. He has a Master’s Degree in Oceanography from the Scripps Institution of Oceanography and a Bachelor’s Degree in Geology from Cornell University. Matt is currently Chair of the American Bar Association’s In-House Counsel Committee, and was previously Chair of the Air Quality Committee (2003 – 2005). Matt joined Tyco in 2004.
What is Tyco? GlobalCompany 60 Countries 110,000 Employees $20.2B 2008 Revenue Vital Tyco International
Six Steps to a Comprehensive, Global Third-Party Management Program Step 1: Identify All Third Parties Globally Massive Undertaking • Enterprise can have thousands of third-parties globally Requires Top Management Commitment • CEO, CFO, Controllers, Audit, Legal Scope of Initial Review: • All vendors with activity in the past two years • All customers with transactions greater than $50,000 in the past two years • Review Master Vendor Lists and Master Customer Lists • Categories of Third Parties Identified Tyco International
Step 1: Identify All Third Parties Globally Categories of Third-Parties Who Present Most Risk Completed Data Collection Tyco International
Step 1: Identify All Third Parties Globally Tyco International
Step 2: Preliminary Risk Assessment Total Number By Region By Country Transaction Amounts Over $1M Tyco International
Step 3: Rationalization and Consolidation • Consider rationalizing and culling third-party list – reduce the numbers: • If Not Active, archived third-party from all appropriate systems • If Active, identify key information including a Business Sponsor and Business Justification • Goal: significant reduction in number of Active third-parties Step 4: Enhanced Due Diligence on High Risk Third-Parties • More in-depth investigation of higher risk entities • Based on preliminary risk assessment scores Tyco International
Step 5: Strict Payment Procedures ESNURE CONTROLLER OVERSIGHT • Valid tax invoice • Wire transfer payment (No cash) • Applicable supporting documentation: • 3rd party requisition form (only applicable for new third party) • Written agreement or documents (emails/faxes) evidencing relationship with third party • In the absence of agreement or documents, written representation from business sponsor • Payment only to actual service provider • Payment only to a bank account in the country which the third party is established Tyco International
Step 5: Strict Requirements for New Third Parties The following should be required BEFORE any new third party is retained: • A Sponsor – A sponsor is an employee who understands why the third party is used and what services it renders; generally someone from the sales team who is closest to the third party. The sponsor CANNOT be the approver. • An Approver – AnApprover should be the P/L Owner or Controller, and include Legal review. Higher level approval should be required if payments or total commissions will exceed established thresholds. • 3rd Party Requisition Form • Completed Due Diligence • Completed FCPA certification (compliance commitment) • Written agreement with FCPA and other required language Tyco International
Step 6: General Policy Requirements • Enterprise-Wide Elements • Business Sponsor • Business Justification • FCPA Certification • Questionnaire • Risk Assessment/DD • Written Agreements • Training Not all elements required for all third-parties. Higher risk third parties require higher level of review. Tyco International