Compliance factors

The Third-Party Manager Compliance Checklist may be used to manually mark compliance process factors as complete as you move to a third-party StatusClosed Third-party Status used for searching, for example, Active or Inactive. Approval Status is a subset of the Status. See Approval Status. Case Status used for searching, for example, Only Open Cases or Only Closed Cases. of approved, denied, or other status. An Implementation Manager typically assists during implementation to set up compliance factors.

Using compliance factors

To use compliance factors, you will add each step in your compliance process. Then, you may vary which steps are in the process by Third-Party TypeClosed The type of third party, for example, Channel Partner, Vendor, Supplier, or DO NOT ENGAGE., Category, and/or Risk RatingClosed The risk assessment history which changes over time based on the risk model assigned and other factors. Details include how the relationship is categorized, the services provided, the country risk, due diligence questionnaire responses, and custom fields.. Optionally, you can enter a threshold percentage of the factors that must be complete before the final third-party Status is set.

During the third-party review process, you manually select factors to capture progress. In the following example, the default compliance factors are shown. Three factors are marked as Completed and the factor Send DDQClosed Due Diligence Questionnaire which can be sent to third parties for response. Questions can be added to a risk model to use in determining the overall risk rating for a third party. is marked as In Progress. The compliance process is 64% complete which meets the compliance thresholdClosed The percent of a compliance process that must be complete before a Status of approved, denied, or other value can be set. to make the Status button available. The Set Approval StatusClosed The status of the third party approval, for example, Pending, Approved, Denied for Compliance Reasons, and so on. Approval Status is a subset of Status. See Status. was selected to be Terminated/Rejected for Business with the Explanation that the third-party removed themselves from considerations.

Compliance groups

Compliance factors can be organized in groups. For example, you may want factors grouped for a geographical area to comply with different regional compliance steps.

  1. Select Settings, Content Control, then Fields/Lists.
  2. From the View dropdown list, select 3P Compliance Groups.

  3. To add a compliance factor, select Add New.

  4. Enter a Group Name.

  5. Enter the Order for the group in the list of all groups.

Setting up compliance factors

To set compliance factors:

  1. Select Settings, Content Control, then Fields/Lists.
  2. From the View dropdown list, select 3P Compliance Factors. The Default Compliance Factors display.

  3. To add a compliance factor, select Add New.

    1. Select the compliance Group to associate the factor with or select (none) for the factor to be available to all groups.

    2. Enter a descriptive Name for the factor.

    3. Enter the weighted Score (from 1 to 100) and the Order of importance.

    4. Select Active to make the compliance factor immediately available.

    5. Enter a description. The end users see the Name not the description.

    6. Select Save.

    7. Continue entering compliance factors until all are entered.

  4. Optionally, you can set a compliance threshold before the Status button becomes available to adjudicate the third-party as approved, denied, or another status.

    1. Select the Set Compliance Threshold button.

    2. In Compliance Threshold Percent, enter the percent of the compliance process to be completed before the Status can be entered. If you leave the default at 0%, the Status can be changed at any time.

    3. Select Save.

  5. In the Variance section, select Variance Mapping to see all defined variances for compliance factors. Select Print to generate a PDF for review.
    In the Variance section:

    Select the Restore Defaults button to return to the default settings for the Risk Tier, 3P Type, and 3P Category combination.

  6. Select the Update button to keep the changes or select the Restore Defaults button to start over.

Example

The following chart is an example of Due Diligence Requirements compliance factors that might be set for each of the Risk Tiers: High, Medium, and Low listed in the order of the compliance process. Notice that process 4 through 8 is omitted from Low risk third-parties. Process 6, Open Source Investigation, is not allowed on High risk third-parties. Process 7, Enhanced Due Diligence is omitted from Medium risk third-parties. Also shown is a sample of the settings for Reviewers and Approvers compliance factors steps.

The Low Risk Variance settings for the Due Diligence Requirements (above) follow.

  • Risk Tier would be Low
  • 3P Type would be (all)
  • 3P Category would be (all)
  • Process 4 though 8 would not be selected and will be omitted from the compliance process.

The settings for Reviewers and Approvers compliance factors shown above would be set up in a similar fashion.

In the Comparison of Factors section, you can see a visual representation of which factors have the most weight compared to the highest score set, and to the total score

Updating compliance factors for a third-party

To update the compliance factors for a third-party, follow the steps below.

  1. Select a third-party, then the Record Detail tab.
  2. Select Compliance Checklist.

  3. Manually select the In Progress and Completed radio buttons, as appropriate.

  4. Select Save. The compliance process percentage complete is updated.

  5. At any point, assuming the compliance threshold is met, you can select the Status button to approve, deny, or set another status.