My client called me in a panic. “They hate me. What do I do? How do I handle this?” For over a year, my client (we’ll call her Amanda) had been working on an investigation in Eastern Europe. The investigation had been long and slow, leading everyone to be exhausted, including her. As the investigation wrapped up, two senior leaders were fired for misconduct, leaving resentment and anger in the officer. In response, management decided to relocate Amanda, parachuting her into Romania to keep an eye on things and revamp the culture. People were cold and didn’t answer her calls.

What was she to do? And more importantly, what are you to do when you perceive robust distrust and anger in pockets of your organization? Remember six things.

You’re here to Get a Job Done

First, remember that you’re here to do a job. While resentment or mistrust may be present, in the end, it doesn’t matter whether everyone likes you. You’re in the organization to drive an ethical culture and ensure compliance with the law. In the face of indignation, remember that your mission is critical. By holding tight to your purpose, you can weather the resistance.

You are Not Your Job…

Podcast superstar. Big time compliance author. Fierce leader. All these things and more define my friend Mary Shirley. Mary is the Head of Culture of Integrity and Compliance Education at Fresenius Medical. She’s also the co-host of the wildly popular podcast Great Women in Compliance and co-author of the recently-published book Sending the Elevator Back Down. I caught up with Mary to talk about her international career, what she’s learned from her podcasting and authoring experiences, and what she sees in the future of compliance.

You’ve had a fascinating international career. Can you tell me about it?

If you’d told me 15 years ago that I wouldn’t be living in Wellington, New Zealand, I’d probably have been shocked and appalled! I was born in Hong Kong and grew up in New Zealand. In 2010 I made an impromptu decision to move to Singapore, where I got a job in Tata Communications’ global compliance program.

After Singapore I moved to Dubai to be the Head of Compliance for Aggregko. It was my first time in the Middle East and I loved soaking up the new way of life. Next I was drawn back to Asia, this time Hong Kong to work in Compliance consultancy as a Senior Advisor for the Red Flag Group.

While at the Red Flag Group I met my Compliance mentor and sponsor, Mark Stanley, who had an exciting new role heading up the Asia Pacific Compliance function at Fresenius Medical Care. I was motivated by his passion and vision, so I joined his team, serving the company in Hong Kong, Singapore (yep, that’s round two for those counting) and finally Boston, USA which is where I’m currently based. It probably won’t surprise you to hear that I’ve been making the most of visiting new cities in the US and Caribbean for the past three years!

Definitely not! That’s incredible. Where is your favorite place you’ve lived?

I consider Singapore to be my second home. It is where I was embraced with open arms by the expat and community and my local colleagues, grew into myself as an adult and reached potential I didn’t know was in me. It is very safe and free from natural disasters. When you grow up on the pacific rim of fire that is kind of a big deal.

I love Singapore. There’s nothing like getting a Singapore Sling at the Raffles Hotel, the place where the drink was born. Switching gears, you’ve got a wildly popular podcast called Great Women in Compliance. Tell us how that came to be…

When it comes to imposition on the business, third-party due diligence programs often rank highest on the list. Third-party program rollouts or expansions are frequently fraught with challenges. One of the greatest challenges is deciding what to do with third-parties that the business is already using, frequently referred to as “legacy third-parties.”

Part one of this blog series reviewed the considerations compliance officers should mull over when determining what to do with legacy third-parties. Part two below describes various options available to deal with legacy third-party challenges. As you’ll see, there is no one-size-fits-all answer to the third-party conundrum.

The Choices

There are several ways of dealing with legacy third-parties. You can…

Go All In

Want to rip off the bandage? Go all in and include the whole gambit of legacy third-parties in your new or expanded program. The benefits of this approach are numerous. First, although the business will likely complain, the bulk of the third-party review will be done all at once, meaning that once the initial discomfort is over, the third-party program will be significantly less onerous. Second, the business won’t suffer fatigue as the third-party program continuously expands, with businesspeople being repeatedly called upon to give information about new categories of their currently-used third-parties. Third, this approach is usually the most efficient. Doing the work all at once means that it goes quickly.

On the downside, going all-in may create a giant bottleneck of false positives and potential hits to clear. If you have a small team or little capacity, this could take months (see Part I for more details on capacity considerations).

Only Screen at Contract Renewal or if the Contract is Amended…

Join me on Thursday, January 14th at 12:00 p.m. EST for the perennially popular webinar unveiling the Top Trends and Predictions for 2021! Once again Carrie Penman (NAVEX Global) and I will break down what we see as the most critical trends for 2021, along with predictions and top tips for your program this year. Plus, as a participant, you will receive a copy of the Top Trends eBook (co-authored by me) to help you go into the new year with actionable information to make your program soar. SIGN UP HERE! See you there!

“We finally got the budget to start a proper third-party program!” my client exclaimed. “Great!” I said, “How many third-parties will you be starting with?” “Ten thousand.” Alarm bells went off in my head. I could already see the problems. How would she find reliable data? How would she and her team of three deal with the hundreds, if not thousands, of immediate false positives that typically come from that volume of screening? And most importantly, how would she deal with the businesspeople already using those ten thousand third-parties inevitably pushing back saying “but we’ve used them for years!”

Whether implementing a third-party program for the first time or expanding an existing one, the issue of legacy third-parties inevitably brings up monumental challenges. A “legacy third-party” is one that is already in use by the business that has not undergone due diligence. Bringing in or expanding a third-party program is already difficult. Deciding what to do with legacy third-parties can be a nightmare.

In part one of this two-part series, we’ll review the issues to consider before deciding what to do with legacy third-parties. In part two, we’ll go over different approaches to managing this challenge to help you decide the best path forward.

Considerations

There are several issues with legacy third-parties, each of which should be considered when determining the best path forward. These include…