Innovation in Compliance with Tom Fox Third-Party Management: A risk-based approach - Part 3: Kairi Isse on Implementation and Maintenance
Mar 22, 2023
Kairi Isse, Managed Services Group Manager focused on third-party risk and AI-assisted due diligence. She discusses post-contract implementation and why ongoing monitoring matters. She outlines AI-driven adverse media searches, the balance of machine and human review, and audit trails and managed services for sustainable vendor oversight.
AI Snips
Chapters
Transcript
Episode notes
Ongoing Monitoring Is The Critical Phase
- Ongoing monitoring is the critical phase where third-party risk actually manifests and must be managed.
- Kairi Isse explains that third parties sit outside direct control, so breaches or bribery at vendors can damage reputation and cause large fines.
Combine Inside-Out And Outside-In Monitoring
- Design monitoring to include both inside-out and outside-in checks across the third-party lifecycle.
- Kairi recommends combining due diligence questionnaires and documentation with global database checks, adverse media, and investigations continuously.
Regulatory Focus Shifts To Effectiveness Not Just Design
- Regulators emphasize not just design but effective implementation and operation of compliance programs.
- Kairi notes the 2020 DOJ update pushes clients to prove ongoing, earnest application and real-world effectiveness of controls.