How do you keep today’s risk from becoming tomorrow’s headline?EY Forensic & Integrity Services Third-party risk management

3EY Third-party risk management |2 | EY Third-party risk management

Protect your business against third-party risks.Regulatory inquiries, corporate investigations and embezzlement schemes span many industries and sectors, but the vast majority of them have one thing in common: third parties.

Streamlining third-party risk management enables better decision-making, reduces costs and saves time so you can focus on higher-value priorities.

Traditionally, companies rely on internal information, such as the activity, geography and cost of services, to determine who requires additional scrutiny. Companies then issue questionnaires and commission open-source investigations for third parties that require additional due diligence. Many companies commission these reports on 100% of their third parties. The process is slow, subjective and expensive, and often results in incomplete findings.

Companies can and should prescreen their third parties using data analytics and publicly available data before deciding whether to conduct deeper diligence. Prescreening allows companies to make decisions more quickly, objectively and inexpensively.

Third parties may drive cost savings and efficiencies, but some of them pose significant risks.

A well-designed compliance program should apply risk-based due diligence to its third-party relationships.

U.S. Department of Justice

2 | EY Third-party risk management

Prescreen /prē-’̍skrēn/: To preliminarily assess a third party using data analytics and objective corporate registration and enforcement data from around the globe to determine whether the third party requires additional risk-management procedures.

5EY Third-party risk management |4 | EY Third-party risk management

EY Forensics third-party risk management solution is a technology-driven risk assessment tool to instantly assess risks around anti-bribery and corruption, sanctions, and conflicts of interest. Solution designers included former chief compliance officers, federal prosecutors and regulators, and data and technology professionals.

Featured benefits• Allows compliance personnel to employ a defensible methodology to

focus on the few third parties that pose the greatest risk

• Permits business sponsors to see instantaneously how compliance and procurement will view a potential business partner’s compliance risk

• Provides more objective, standardized risk assessment of each new business partner

• Enables rapid engagement of new business partners

• Fosters better alignment between business and compliance personnel

• Reduces the cost of evaluating relatively low-risk business partners

• Creates a “single source of truth” that collects the basis and outcome for each decision you make about your business partners

How the EY Forensics approach is different

4 | EY Third-party risk management

Prescreening

Global third-party lookup

Integrated surveys and investigations

Review and approval management

7EY Third-party risk management |6 | EY Third-party risk management

32Open-source investigations and diligence reporting

If you need it, our EY team offers traditional due-diligence reporting. When you commission a due-diligence report, we consult hundreds of compliance databases for issues such as sanctions or political exposure, identify adverse media and prior enforcements, and consolidate all critical open-source information in readily digestible written reports.

Features include:• Supplements open-source

diligence reporting with in-country access to local information and media sources, reflecting EY Forensics’ presence in 70 countries

• Integrates effortlessly with your workflow, delivering and recording investigation results directly into your solution

• Focuses on decision-critical data points

End-to-end workflow management

Our flexible technology guides and captures every aspect of your third-party risk management, from selection to approval (or rejection), and every step in between. Among other features, it facilitates the identification of potential business partners, allows compliance intervention, communicates with third parties, and logs every decision and its rationale in an accessible timeline. The workflow is visible to both compliance and business personnel, reducing distracting check-ins and increasing cross-functional trust.

Features include:• Sends multilingual, customizable

questionnaires and statutorily required email alerts to your third parties

• Digitizes and standardizes your workflows to reflect your compliance, procurement and business processes

• Flags risk-profile changes across all existing business partners as the data refreshes, triggering renewed compliance review

• Provides real-time reporting dashboards to facilitate compliance efficiency and management reporting

EY Forensics third-party risk management solutionOur risk-based modular approach to third-party risk management allows businesses the flexibility to employ elements of our technology solution that best suit their needs. Whether your business is conducting a single investigation or requires end-to-end third-party risk management, we offer any one or more of the following:

1. Third-party prescreening

2. End-to-end workflow management

3. Open-source investigations and diligence reporting

Third-party prescreening

We use data analytics to instantly return risk scores that account for each business partner’s actual ownership and management structure, as well as the inherent risk posed by geography, government exposure and business line. Our multifaceted prescreening approach helps companies prioritize resources and focus on known risk. We can deliver prescreening as a one-time service, long-term implementation in our client-controlled technology, or fully outsourced to EY teams.

Features include:• Assesses the risk of, among other

factors, sanctions and political exposure, legal proceedings, state ownership, and financial health by accessing hundreds of millions of records of corporate entities and billions of ownership records from around the world

• Grades business partners as high-, medium- or low-risk based upon your compliance and procurement risk tolerance and your known compliance risks

• Instantaneously ranks a preferred business partner and its peers, allowing your business sponsor to select lower-risk partners before compliance intervention

1

EY | Assurance | Tax | Transactions | Advisory

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via ey.com/privacy. For more information about our organization, please visit ey.com.

Ernst & Young LLP is a client-serving member firm of Ernst & Young Global Limited operating in the US.

About EY Forensic & Integrity ServicesEmbedding integrity into an organization’s strategic vision and day-to-day operations is critical when managing complex issues of fraud, regulatory compliance, investigations and business disputes. Our international team of more than 4,000 forensic and technology professionals helps leaders balance business objectives and risks, build data-centric ethics and compliance programs, and ultimately develop a culture of integrity. We consider your distinct circumstances and needs to assemble the right multidisciplinary and culturally aligned team for you and your legal advisors. We strive to bring you the benefits of our leading technology, deep subject-matter knowledge and broad global sector experience.

© 2020 Ernst & Young LLP. All Rights Reserved.

US SCORE no. 09727-201US2011-3624763ED None

This material has been prepared for general informational purposes only and is not intended to

be relied upon as accounting, tax or other professional advice. Please refer to your advisors for

specific advice.

ey.com/us/forensics

EY Forensic & Integrity Services

Our third-party risk management professionals help business leaders understand and manage risk exposure that can emerge from their relationships with external organizations. We guide strategic investments to effectively manage third-party risk, and assist in assessing risks and developing technology-enhanced programs to enable scalable and sustainable risk functions. Our full suite of services can help businesses transform, implement and manage all of their third-party risk management efforts.

Forensic & Integrity Services Third-party Risk Management teamErnst & Young LLP

Corey Dunbar Principal+1 212 773 1808 corey.dunbar@ey.com

David Gonzalez Senior Manager+1 732 516 4183 david.gonzalez2@ey.com

Kris Curry Principal+1 732 516 4855 kris.curry@ey.com

Chris Matteson US Forensics Compliance Services Executive+1 215 841 0556 chris.matteson@ey.com

Liban Jama Principal+1 202 327 7593 liban.jama@ey.com

Joshua PresentSenior Manager+1 215 841 0427 Joshua.Present@ey.com