Meet the expert: André H. Paris to appear at PrivSec Focus: Third-Party Risk

Taking place on Tuesday April 26, PrivSec Focus: Third Party Risk is a one-day livestreaming event that takes business leaders and IT practitioners to the forefront of the third-party risk management (TPRM) debate.

Third-party networks are expanding to meet the needs of the global business community, but an effective TPRM programme can reduce the likelihood of a cybersecurity incident, lower exposure to legal liability and safeguard a brand’s reputation. 

As managing third-party risk becomes increasingly challenging, PrivSec Third-Party Risk unpacks all elements of creating and sustaining a robust and efficient TRPM programme.

In a focal panel debate at PrivSec Focus: Thiry-Party Risk, Managing Partner at Data Privacy and Compliance Company, Fakos, André H. Paris explores how supply chains can be maintained more ethically.

We spoke with André to find out about his professional journey and to learn how companies can do what’s right, while reducing risk, and enhancing their reputation.

Could you briefly outline your career pathway so far?

“Briefly, in my academic career, after achieving an Ll.m, a Master’s Degree and some international professional certifications (such as the “CCEP-I – Certified Compliance and Ethics Professional-International” and the “CIPM – Certified Information Privacy Manager”), I started lecturing in some graduation, post-graduation and executive educations courses. The main subjects of my classes are Governance, Risks, Compliance and Data Privacy.”

“I am also an author; one of the books I wrote was translated to the English language as Ethics & Transparency – A Path to Compliance.”

“On my professional path, I have been working for years as a GRC and data privacy consultant with Brazilian and international companies in a wide range of industries (such as the retail, financial, construction, education, tech, health, legal, trade, and passenger transportation industry), helping them to adapt to the applicable regulations. Currently I am also the managing partner of Fakos.”

What are the primary ethical issues when it comes to third-party risk management?

“I believe that one of the most important aspects of third-party risk management’s efforts is trying to verify if your vendor or business partner shares the same ethical values that your company does.”

“So, for instance, if your organisation is in the fashion and clothing industry you must always assess if your suppliers respect labour laws and the dignity of the people working for them. Unfortunately, it is not unusual to see headlines exposing brands that were not able to prevent the use of forced labour in their supply chain.”

“Each organisation should primarily focus its due diligence efforts on the ethical issues that relate more to the day-to-day operations of the company.”

Why is it so crucial that companies seek to do business only with ethically-motivated third parties? 

“We have a number of anticorruption laws worldwide with extraterritorial application (such as the FCPA, the UKBA and the Brazilian Anticorruption Law), and each of them provide millionaire sanctions to companies that do not comply with their provisions (even if the misconduct was performed by a third-party acting on behalf of the organisation).”

“Nowadays I even believe that a greater liability to companies that fail to manage third-party risks is the possibility of experiencing reputational damage from a misconduct performed by a supplier or business partners.”

“Consumers, public authorities, investors and other stakeholders are increasing their ethical demands, and do not buy anymore companies’ defences that state “they did not know” what their third parties were doing. When a company fails to meet these expectations, reputational damage is inevitable.”

What are the key challenges business communities face regarding the improving of third parties’ ethics and ethical transparency?

“I believe that the greatest challenges that organisations face when trying to manage their third-party risks are:

1. Having enough resources to manage appropriately all of its third parties.
2. Finding independent information sources to confirm the data and evidence shared by the third party.
3. Assessing the risks inherent to each of its third parties and prioritizing the ones in which most ethical risks were identified.”