A typical workflow

A strong due diligence workflowClosed A series of tasks generated based on an event or form submission. yields a defensible decision to approve, reject, or retain a third-party based on a risk-based approach. A historical record is maintained of each step taken to mitigate risk.

New third-parties can be entered manually, via APIClosed Application Programming Interface (API) is the developer interface for the platform. Use the API to develop your own applications., or by request through an internal intake formClosed A form is a questionnaire to gather information..

The following are the steps to perform due diligence:

  1. Initial Intake The process begins with an optional internal intake form, which captures relevant information about the third-party entity.

  2. Third-Party onboarding The third-party entity is added to the system's database.

  3. Preliminary review A review of Global Database Check (GDCClosed Global Database Check screens over 1,500 lists for sanctions, embargoes, watchlists, court lists, and politically exposed persons. When a third party is entered, it is immediately screened. Re-screening frequency can be scheduled.) and media monitorClosed The Media Monitor screens for adverse news relevant to compliance concerns. hits is conducted to identify potential risks.

  4. Questionnaire invitation The third-party entity is invited to complete a comprehensive questionnaire, which gathers more detailed information about their operations, security practices, and compliance.

  5. Questionnaire completion The third-party entity completes the questionnaire, providing the necessary information for further review.

  6. Review and assessment The completed questionnaire is reviewed and assessed to determine the third-party entity's risk profile and compliance statusClosed Third-party Status used for searching, for example, Active or Inactive. Approval Status is a subset of the Status. See Approval Status. Case Status used for searching, for example, Only Open Cases or Only Closed Cases.. Based on the review and assessment, one of two actions is taken:

    1. Approve or deny The third-party entity's profile is either approved or denied based on the results of the review.

    2. Escalate for further review If the review reveals potential risks or concerns, the third-party entity is escalated for further review and possible investigation. Once the investigation is complete, the third-party entity is either approved or denied depending on the results of the review.