Compliance program digitalisation & controls uplift
Client aims
-
Digitalisation of their compliance program without the need for any expensive new platform(s).
-
An uplift to their compliance control environment, including business partner due diligence, risk assessments and action planning, a global approach to conflicts of interest, gifts & hospitality, facilitation payments, sponsorships & donations and guidance requests.
Criticality
-
The company was undergoing significant growth and needed to ensure its compliance program kept pace.
-
As part of a reorganisation, the compliance team had been centralised with strong reporting lines to the Chief Compliance Officer. Their program, controls and working tools needed to mirror this centralisation.
-
Enforcers and regulators require companies to demonstrate their compliance programs are designed effectively and operating efficiently.
Other options
-
The client could have bought an off-the-shelf GRC / compliance platform. This would have been expensive and would have required implementation, including integration towards existing systems.
-
To use a large law, consulting or accounting firm.
-
To continue on their current trajectory and accept the status quo.
Results
-
Dashboards showing a live picture of compliance controls and data feeds. One version showing all data was made specifically for the compliance team, whilst another version showed line managers globally their own tailored view of relevant data. For example – the status of conflicts of interest in their team, the completion rates for e-learnings and the risks and actions for which their department is responsible.
-
Comfort over completeness of the business partner due diligence system through an automated connection to SAP.
-
A global approach to conflicts of interest, including a revised policy and a declaration tool rolled out globally. Declarations by over 6 000 employees on an annual basis were automated.
-
New and uplifted controls were implemented for gifts & hospitality, facilitation payments, sponsorships & donations and guidance requests.
-
A report providing a clear opinion and comfort on the compliance program, with recommendations for possible further improvements.
How the project was completed
-
A core team was formed from compliance and IT personnel.
-
Systems used included ServiceNow for the workflows in ‘declare & approve’ controls such as conflicts of interest, easy-to-use databases for risk assessments & action planning, and PowerBI for the compliance and line manager dashboards.
-
Rollout of the uplifted controls and dashboards was undertaken in a coordinated effort across the global compliance team. An e-learning informed all employees about new policies and controls.
What did the client buy from NorthStar?
-
NorthStar’s knowledges & experience from previous compliance program reviews, digitalisation and control uplift projects.
-
An assurance report on the compliance program.
-
Data structures for all uplifted controls and systems that would eventually feed into compliance and line manager dashboards.
-
Designs and graphics for the compliance and line manager dashboards.
-
Leadership, coordination and reporting on the project, including at the highest level of seniority.
-
Comfort that NorthStar could provide the necessary leadership on change management to make a success of the project.
-
Proven ability to form and lead teams. Significant input was sought from all parts of the business, Compliance, IT, Audit, Legal, Procurement and other departments.
Sales Agents & Intermediaries
Mapping, policy, controls & systems readiness
Client aims
-
A clear policy on sales agents & intermediaries, easily understood by the business.
-
Oversight of high risk agents and intermediaries globally. Focus on completeness, with a single, central and global mapping.
-
An understanding of the quality of contracts with sales agents and intermediaries
-
Fit-for-purpose payment controls for commissions and other high risk disbursements.
-
Systems readiness for due diligence and continuous monitoring of the sales agents & intermediaries.
Criticality
-
The Chief Compliance Officer was new to the organisation.
-
There was significant use of sales agents & intermediaries, including in high risk jurisdictions.
-
Previous mapping efforts were known to be outdated, with high risk business partners not subjected to due diligence or adequate monitoring.
-
Lack of policy clarity and awareness was causing confusion amongst business leaders.
Other options
-
Engage a large law or consulting firm with the associated expensive rates and risk of inexperienced team members being assigned to the project.
-
To accept a significant risk of irregularities occurring in the sales process.
Results
-
A complete list of sales agents & intermediaries was provided, covering all operations globally.
-
There was an analysis of previously-unknown sales agents & intermediaries. This analysis could easily be taken into the client’s annual risk assessment.
-
The full mapping was risk-ranked and analysed versus spend and jurisdictional risk.
-
The quality of due diligence and contracting was reviewed on a risk-weighted sample basis.
-
The process raised awareness amongst leaders and employees on the risks of sales agents & intermediaries and the importance of robust onboarding & monitoring processes.
-
A draft for new policy wording on sales agents & intermediaries.
-
Recommendations for systems and processes. In a later (separate) project we completed due diligence on the sales agents & intermediaries in a project spanning two years.
How the project was completed
-
The historical use of sales agents & intermediaries was reviewed, and the current (incomplete) listing was analysed.
-
Interviews were conducted with key employees and leaders.
-
Data was gathered / extracted and analysed showing potential unknown sales agents & intermediaries. Emphasis was placed on looking for confirmatory data (for example in the ERM system) and external sources.
-
Completion of a detailed analysis and draft reporting.
-
Discussions with leaders to confirm our observations and anchor support for next steps.
What did the client buy from NorthStar?
-
Partner level implementation – hands-on work from knowledgeable and experienced compliance experts.
-
A report detailing the process followed during the project and our findings, plus recommendations for next steps.
-
Leadership, coordination and reporting on the project, including at the highest level of seniority.
-
Proven ability to form and lead teams. Significant input was sought from all parts of the business, Compliance, Audit, Legal and other departments.
Investigations
Client aims
-
To handle a large increase in cases without compromising on quality.
-
Flexibility, given the uncertainty of high volumes continuing. Not every month saw increased case volumes. Sometimes support was needed, other times it was not.
Criticality
-
The work was critical because the client had experienced a significant increase (+100%) in notifications.
-
Further, there was a risk of fatigue / ‘burnout’ amongst the in-house team with high caseloads and travel obligations.
Other options
-
Hire more employees, with the risk of over-staffing if the high caseload did not continue.
-
Use large law or consulting firms to handle the additional work, with expensive rates and the risk of inexperienced staff being assigned to cases.
-
Accept slower case handling times, or the build up of a significant case backlog (whilst acknowledging that an enforcer would not be likely to accept such an outcome).
Results
-
Agreeing a case prioritisation that allowed the right cases to be handled by in-house experts. Meanwhile, cases that could not be handled were passed to NorthStar. In most cases these were matters that required travel, or medium-priority matters that the in-house team could not prioritise.
How the project was completed
-
NorthStar resources travelled at short notice to collect documentation and to interview witnesses and subjects. Desktop research and analysis was performed in parallel.
-
NorthStar worked to the client’s investigation process, and our employees accessed client systems in-house, minimising risks around data privacy and confidentiality.
What did the client buy from NorthStar?
-
Partner level implementation – hands-on work from experienced investigations experts. Forensic skills, deep interview and analysis experience.
-
Investigation reports and recommendations suitable for the level of engagement.
-
Direct close-out of cases in dialogue with the owners in line management.
Compliance maturity scan
Client aims
-
A way to measure and analyse the maturity of a company’s compliance program.
-
Benchmarking versus other companies who complete the maturity scan, plus external benchmarks.
Criticality
-
They needed a way to understand whether the companies were ready for compliance tools and services, or if additional “hygiene factors” needed to be in place before they would make such purchases.
Results
-
A questionnaire allowing a very quick online assessment based on fewer than 10 questions.
-
Automated analysis and benchmarking of the online questions.
-
A detailed questionnaire of nearly 50 questions, including metadata. Detailed analysis and benchmarking versus other respondents and external data.
-
Alignment to the client’s sales process and preferred methodologies.
How the project was completed
-
NorthStar held initial discussions and scoping with stakeholders.
-
We reviewed the client’s sales process and undertook desktop research.
-
The questionnaires were developed in draft form, with follow-up discussions and two rounds of feedback.
-
The final delivery included two questionnaires (‘online’ and ‘detailed’), metadata, testing results and a bank of possible analyses.