Speaker 1: Welcome, everyone, and thank you for joining this, our first webinar of 2017. Today, we're going to take you through a close look at the development of third-party risk management practices, and take you through the results of a research study we recently conducted with the Center for Financial Professionals, or CETPRO for short.

Speaker 2: Thank you, Joe, and welcome, everyone. In researching the vendor risk management space, we've talked to many different companies in different sectors. We've conducted telephone interviews and face-to-face discussions. We've done secondary research to look at other published information, attended various conferences, as we all do. And, of course, we've commissioned this particular primary research report, which was conducted by the Center for Financial Professionals, or CETPRO. I'll run through a brief introduction, and then we'll go through the research in detail, and we'll close out then with a Q&A session. The inclusion of the development of third-party relationships is an essential part of business. It's growing in the global economy as that expands. Now, we are seeing some anti-global sentiment reflected in part, I suppose, with the election of Donald Trump, the hard Brexit approach by the UK and their departure from the EU. However, on the other side of that pendulum, it probably was noteworthy to see that the Chinese premier yesterday embraced globalism in his speech at the Davos talks, and that's the first time a Chinese premier has ever attended these talks. So there's swings and roundabouts in this issue. The management, therefore, of third parties and the inherent risks that these third parties can represent remains a really important issue, and one which must be managed. So good third-party management is in the neighbourhood's good business and better performance, while poor practices really do expose an organisation to financial and reputational damage. Now, I'm just going to start off by way of background, and before getting into our own results, but it was noteworthy to just look at a Deloitte study and set the scene from 2016. Interestingly, almost 9 out of 10 organisations that they polled, and there were 170 organisations from various different industries, you can see the source there on the bottom right, report that they faced a disruptive incident with third parties in the last two to three years, and 11% of them reported that it was a complete failure. So being let down by a third party obviously can range from inconvenience to catastrophe, literally, and I suppose it's the possibility, or it would appear the probability of being let down, that makes us all nervous and keeps us awake at night. It is reputation that's on the line, as one relies more and more on the value chain in the organisation, as we do see more globalisation, and the need for control and management becomes more important. So this would appear to explain the drive to insource, as you see here, 58.4% insource third-party governance and risk management, that's their acronym there, TPTRM, third-party governance risk management. So speaking of reputations, we'll just take a brief look at some of the enforcement actions that have been taking place. Now, this webinar is not about the fines, but let's be honest, the fines are represented where they are the evidence of this continuing exposure organisations face when they fail to implement and operate risk mitigation programmes to protect and promote the company, its finances and its reputation. I'm not going to read through them all, but I think you're just looking at the top three represent $73 million in fines in the first two weeks of 2017, and the bottom three were – the bottom four, sorry, are all from December of 2016 – I'm sorry, the bottom three. The interesting case there is probably Mondelēz International, which I think was the first enforcement action settlement of the year. It's an interesting one. As we understand, and we might be corrected on this, the exposure to risk for Mondelēz didn't come about by any poor practice on their part in the first instance. We understand that they did not recruit the agent or pay the money that was at the centre of this issue. It would appear that the risk arose out of their acquisition of Cadbury some years before, and it appears that in this instance they acquired that exposure to risk through that acquisition of another business, and the activities that that other business appeared to have conducted at this time. So it's interesting when we look at third-party risk management, it's not just about the here and now. We often have to look backwards as well, retrospectively, and make sure the conduct of people in the business and third parties that are appropriate. We can't let today go by without obviously just briefly referencing the Deutsche Bank settlement. It's not directly related to third parties, but it is related to conduct of business and the implications of that. The settlement has now been agreed at $7.2 billion, and that I think brings in total the banking sector has paid $24 billion in fines related to the financial crisis. I suppose, look, the impact of that is that their United States listed shares fell 3.2%. I mean, this really is what happens at the end of the day, not to mention the reality of the reputational damage. One other one, and then we'll move on. Very brief, but very relevant to the announcement this week of the long-running investigation into Rolls-Royce, and it concluded, and they've accepted a fine of 671 million sterling, which will be payable to three different countries. You have the UK, which is the primary country here, the US, and Brazil. I think it again highlights the impact on finances and reputation, clearly. But in this case, something very different as well has emerged. The SFO, which is the serious fraud office in the UK, led by a guy called Green, has been flexing its muscles and has been implementing tried-and-trusted procedures that we've seen used in the US into the UK through legislation that appeared in 2014. Primarily among this was the use of what's called a DPA, or a Deferred Prosecution Agreement. So the way that they were able to conduct this investigation was to get cooperation from Rolls-Royce and its management into practices that go all the way back to 1989, we believe, through the DFA. So this really, they're now going to look for extended powers, and we'll all be sitting back to see how that goes. Thank you.