I normally write about cybersecurity and the cultural implications of software, technology, and policy on how people approach their own security—succeed or fail. However, running a business securely is more than just properly vetting employees, putting locks on doors, and battening down the firewalls: modern day enterprises are multi-national ventures that often must work with 3rd parties who supply equipment, raw materials, or services that are needed to make business work.
This means that businesses who work with 3rd parties find themselves in the sticky position of having to be certain that those they work with are on the up-and-up. In most security circumstances, business owners want to be sure that who they’re working with will not defraud them, but there’s a second consideration: the long arm and watchful eye of the law.
This is where a service like Hiperos comes in to play.
Where Logistics, Reputation, and the Law Collide: FCPA Compliance
The Foreign Corrupt Practices Act (FCPA) is more or less a piece of regulatory legislation that U.S. businesses must abide by that holds enterprises culpable for the bad acts of 3rd parties when it comes to bribery, importing materials from embargoed countries, or otherwise engaged in unfair or illegal businesses practices. Being caught connected to such a 3rd party could put executives in legal hot water but it also puts their company under a media spotlight that could ruin their reputation.
At first blush, being complaint with something like the FCPA feels like it might just be a simple policy problem. Legislation like the FCPA says that you must do a particular level of due diligence to show that you know the people you’re working with aren’t bad actors—basically risk management by showing that you’ve done the job of making sure you and your relationships are in the right.
However, even as a policy problem, the solution needs to take into account the vast amount of data needed to compile risk reports, investigate potential problems, and even just file the paperwork needed to show everything is on the up and up. A complete solution would require the ability to pull in documents of myriad sort, tag them with metadata, securely archive them, and then collate them into reports that can be delivered either to executives—who want to do their final risk management decisions—and as well to regulators—who intend an audit to see if you’re complaint.
Hiperos offers a solution that manages all of this via an easy-to-use, highly secure system that permits all of the above and more.
As data is generated related to FCPA compliance it is then input into the Hiperos solution by workers via mobile or web. Every time something is done it can be noted and documented from training and attestation from 3rd parties, tracking incidents, info/documents gathered from 3rd parties and internally, due diligence reports, as well as the results of investigations. All of this, Hiperos automates the production of reports based on particular rules (and expectations) that can be used to visualize different levels of risk or credibility.
If you’re still curious, you should look through the case studies that Hiperos has published on their website.
To put it in simple terms, Hiperos takes documents, reports, and paperwork and attempts to automate turning it into “actionable intelligence.”
Big Social Data for Reputation Management and Insights Into Risks
Recently, I spoke with Greg Dicksinon, CEO of Hiperos, and he let me know about an element of the Hiperos system that makes powerful use of social data in order to help business owners. From his outline, I’d like to cover two elements of it: the first is a feed that watches the news for insights that suggest that something strange is going on; and the second is a social space where people can add their own insights without having them published to the world.
Since part of risk management directly affects reputation, it makes sense that an element of the risk score for a particular 3rd party would use the media: the primary focal point for much reputation interest. As a result, the Hiperos system tracks numerous media outlets all the time watching for mentions of 3rd party operators. If one of them crops up as having a relationship with a country on an embargoed list or another company who are well known as not being in compliance a warning flare gets lit up.
In this way, a company using Hiperos has can proactively know that if someone they’re working with may be wandering into extralegal territory they know to look into it before it becomes big news, or worse, a regulator gets wind of it and looks into it.
However, news sources and media aren’t the only way to learn things about the world. Certainly it’s a more passive way to obtain evidence and get ahead of potential problems, but right underneath media is word-of-mouth. This leads to the second part of the big social approach.
Multinational businesses also have a great deal of employees, peers, consultants, and others that they work with who potentially interact with these 3rd parties more often than they do. As a result, Hiperos also gives them an unpublished space to post their own observations. An employee who works in another country in the same city as a particular supplier might be in the right place to witness odd behavior (such as suddenly one day a major factory shutters its doors) and can put that into the forum.
By automating a system that watches for these sort of bits of information delivered by media outlets about the behavior or business practices and then combining that with man-on-the-street reports in a forum, the Hiperos solution adds a totally new layer of risk assessment that could mean the difference between cutting the cable with a bad operation and a government audit (and all the embarrassment that comes with that.)
Latest posts by Kyt Dotson (see all)
- VictorOps releases feature-rich Incident Automation Engine for DevOps teams - June 24, 2016
- Bitcoin Weekly 2016 June 22: Updates on theft from the DAO, Bitfinex temporary shutdown, Gemini goes to the U.K. - June 22, 2016
- Bitfinex Bitcoin exchange already back online after datacenter networking issues downtime - June 21, 2016