Risk Hotseat: How TPRM Software is Evolving to Meet ABAC Expectations

June 17th, 2024 Bryn Sedlacek Reading Time: 5 minutes
Riskhotseat Blogfeaturedimg1200x628

For our latest edition of the Risk Hotseat, we sat down with Bryn Sedlacek, Vice President of Product Management at Aravo. She explores how anti-bribery, anti-corruption (ABAC) legislation is affecting TPRM activities, how software is evolving to meet these needs, as well as how to champion women in the TPRM space.

Hi everyone, my name is Bryn Sedlacek, I am the VP of Product Management here at Aravo. I’ve been here for a little over seven years working professional services, business development, and have been on the R&D side as well. I’m excited to explore these topics with you.

Is there any new legislation or guidance in the anti-bribery, anti-corruption (ABAC) space that you think could be really impactful?

Yes, I am particularly interested in tracking the progression of the Foreign Extortion Prevention Act, or FEPA. It was enacted in late 2023 and is meant to tackle the demand side of bribery, the flip side of the FCPA, which focuses more on the supply side of bribery and corruption.

For years the focus has just been on the companies and the individuals paying the bribe as that was the focus of the FCPA. Now, we can really start to see what impact this legislation can have on that other side of the relationship in bribery and corruption cases.

There was a recent survey by the OECD that studied this demand side bribery cases. In the ones that they studied, 82% of the cases were settled through non-trial resolutions. So, I’ll definitely be keeping an eye on how this legislation is enforced, what guidance we see coming out of the DOJ, what cases come first, and what the focus is. This is definitely something to watch in the coming years in relation to TPRM.

Is there anything you’re looking forward to seeing in 2024 in the ABAC space?

Yes, I’m interested in seeing the data analytics and how they’re used. There are two main applications.

One is within the DOJ and the SEC for using data analytics to pursue different leads or avenues for leads for FCPA investigations. And the expectation that companies use their data analytics teams and toolsets to assess potential risks where they look at their compliance program, and how effective it is.

On the first piece, the DOJ has dedicated data analytics teams and they’re really looking at creating new avenues for potential prosecution. This has been used in other areas like fraud, and now they’re trying to see how that can be applied to finding FCPA leads for prosecution. I’m interested to see where that goes.

The other side of things is in the DOJ’s guidelines on the evaluation of corporate compliance programs, which talks about the importance of data analytics tools in risk assessments of your third parties in managing those risks and understanding how effective your compliance program is.

This is something we talk about every day at Aravo. We have our own internal analytics tools and we have very regular conversations with our customers who are trying to figure out how they can best leverage Aravo’s native reporting tools. As well as our APIs to get the data out, put it into these ETL systems and their reporting systems, their data analytics toolsets and pipelines to really be able to take a holistic view of their compliance programs.

How does TPRM software need to evolve in the future to meet these ABAC needs?

A lot of the data analytics piece we just discussed is just how can these systems structure data; how do we make it easier for folks to get that data out and into these ETL tools, into these data analytics pipelines and other toolsets?

That’s the first part that’s fairly straightforward. The other thing I think could apply to any risk domain that Aravo looks at, not just ABAC, is third-party responsiveness. That’s a big challenge. Getting third parties to participate, actively getting that information collected, being able to integrate them into your compliance program as active participants.

Collecting information is always tough, but with ABAC particularly, trying to get that ultimate beneficial ownership can be really challenging depending on where your third party is based.

What we’re trying to focus on is how do we get around some of that? How do we focus on the experience of the third party? How do we really make it a value add for them to participate in these ABAC compliance activities? How do we address the survey fatigue and the assessment fatigue that they experience, having to do dozens and dozens of these assessments all throughout the year for everybody that they work with?

How is Aravo working to address these questions?

There are two areas that we’re looking at. One, everybody’s talking about AI, but at Aravo we’re trying to be really intentional and figure out the use cases and applications that make sense and add value to the third party and their experience. We want to make it easier for them to get the information to the companies that they work with in regard to their compliance program.

The other thing we’re really focusing on is the experience of the third party and making sure that that experience matches or is similar to the other digital experiences that they have in their everyday lives.

Shifting gears, how have you seen the TPRM community work towards encouraging more women to enter and succeed in this field?

This is an interesting question and I actually want to pose the question back to all of you. This question should be asked of everybody, not just women or people from underrepresented demographics. What I would challenge everybody to do is think about this question for yourself in our field. How can we encourage more women or other underrepresented demographics into this field? How can we make them successful?

A couple things I encourage folks to experiment with, one of which is just noticing. Notice the makeup of the conversations or meetings or Zoom calls you’re in. Who gets to be there, who gets to participate, who gets to talk, take up space, and have their ideas heard? I think noticing is a great first step.

Also, how can you expand opportunities for other folks? Whether it’s a formal or informal mentorship program, or if you don’t have that, how can you be a champion for other people on your team to put their name forward for different projects where they would get some really great exposure or experience. Thinking outside of the box can be really helpful in understanding what you have access to and how you can open some doors there.

I would also really focus on everything that happens after hiring. How do you help them be successful? One of the things that can be helpful is thinking about all the different steps on the leadership ladder and identifying where you’re seeing that drop off and really targeting any activities around those areas.

The Third Party Risk Association (TPRA) group does a great job of this, championing women in the TPRM field. I think those types of groups and organizations are fantastic in product management particularly. But overall, I put that question back out to everybody out there. What can you do to kind of make sure that we can all benefit from the diverse experiences that people bring to the table?

Watch the full Risk Hotseat here, and stay tuned for more insights from Aravo experts!

This interview has been edited for length and clarity.

Bryn Sedlacek

Bryn is responsible for driving the constant improvement and innovation of Aravo’s platform.

Bryn serves as the VP of Product Management at Aravo Solutions. Bryn started her career in risk management by managing Compliance solutions and later consulting for Anti-bribery and Anti-corruption at TRACE International.

Bryn holds a Master of Arts in International Security from University of Denver; as well as a Bachelor of Arts in Political Science from Vanderbilt University, where she was a member of the women’s Lacrosse team.

Bryn serves as the VP of Product Management at Aravo Solutions. Bryn started her career in risk management by managing Compliance solutions and later consulting for Anti-bribery and Anti-corruption at TRACE International.

Share with Your Friends:

Subscribe to Blog Updates

Our Expertise
Who We Help

Ready to get started?

Get in touch for a better approach to third-party risk management