Inside a world-class due diligence programme with Becton, Dickinson & Co
One company with a third party compliance and due diligence programme that has really stood out is Becton, Dickinson and Company (BD), the global medical device company based in New Jersey, United States. BD built and implemented its third party programme over three years ago to manage the risks involved in selling their products in over 200 markets.
In our view, BD’s programme is exemplary. The team at BD have worked tirelessly to strengthen the programme over time and ensure that it is continuously meeting its main objectives: managing risk and adding value to customers, partners and the business. This article outlines a few of the key areas that have contributed to the overall outstanding success of BD’s programme. Readers should take particular note of the lengths BD have gone to to engage as many areas of the business as possible and ingrain commitment amongst employees. For any programme to become successful, especially in third party management, compliance goals should to be aligned with those of the overall business strategy.
The number-one reason BD’s programme is so strong is because they have the right amount of executive buy-in. Meetings that take place regarding the programme are often led by the business – specifically by Vice President of Global Sales and Distribution Effectiveness, Tim Daley. Tim and his team were involved in the development of the programme from day one. They had a voice in everything, from the selection of the due diligence partners to the rollout plans, budget, enforcement and communication. Tim has worked alongside BD’s legal and compliance team (led by Vice President, Commercial Assurance & Privacy, Susan Murr) at every turn, and together Tim and Susan and their teams have built an excellent working relationship. Having executive input in not only the screening and due diligence process but also in the solution has been a key aspect of BD’s success.
Implementing a global due diligence programme involves working with stakeholders across the company, who are often in different time zones, have different cultures and speak different languages. In many cases the implementation of a programme requires drawing on favours and having a relationship of trust between the legal and compliance teams and the business. The due members of the diligence project team must ensure this relationship of trust remains. They should also be senior enough within the company that they have the ability to command some level of respect. Tim Daley and Susan Murr each have that relationship with their peers. If they determine that something is high risk and that they need to dig deeper on that issue, the business teams appreciate that and allow them the freedom to do so. Of course, that level of trust and respect is built up over time, so the message for companies looking to emulate the success of BD is to ensure that their due diligence team contains senior people within the company who have built significant trust and goodwill across the company. Some of this trust and goodwill can be tested due to the inevitable tough decisions that come with the role; it is important to have team members who will withstand these challenges.
International exposure and relationships
The very nature of third party due diligence programmes is that they are global programmes that involve many, if not all, emerging markets. The due diligence team must have a global mindset and be just as comfortable in Belgium, China or South Africa as they are sitting at their desk in New Jersey. They need the global energy to travel and understand local issues when conducting due diligence. The members of the BD team have all travelled extensively, and Susan Murr and Tim Daley have more air miles than most junior pilots. It is essential that due diligence teams get out in the field and build the relationships that they require to be successful, which aren’t necessarily at the senior levels of the company – they might be with the admin in Nairobi, the channel manager in Amman or the finance analyst in Paraguay.
Clients often think that once a due diligence provider has been selected the project is finished. The project will never be finished; the aim is to build a screening and due diligence model that is integrated into the fabric of the company. BD has built up a global team of experienced distributor compliance experts that spans across five continents. The team is responsible for working locally with the distributor management teams, reviewing questionnaires, navigating the ComplianceDesktop® Technology Platform (the system used by BD to manage the programme, provided by The Red Flag Group), reviewing due diligence reports, resolving red flags and working with management and the distributor on remedial actions. The BD team members come together virtually every month and in person at least once a year to workshop the due diligence process and focus on how to improve the model.
When building a due diligence programme you need a team that are content experts in anti-corruption, supplier screening, red-flag analysis, channel risks, and other key compliance areas. While the team may not all be lawyers (in fact, not being a lawyer is a definite advantage in some areas), it is essential that they have great communication and change management skills, and have leadership without authority. In addition, the team must have solid knowledge of the company’s products and of the risk areas, key markets and compliance trends. At BD, Susan Murr and her team are all experts on the Foreign Corrupt Practices Act and the United Kingdom Bribery Act, and have all spoken at international conferences on compliance. To be a true leader in this space it is important that you have the content experience to talk confidently to the business and regulators (although hopefully it will never be necessary to speak to regulators).
BD engaged both The Red Flag Group and PricewaterhouseCoopers to advise and help with the heavy lifting on the compliance programme. Both companies have built a strong relationship with BD’s team members and the three companies work very well together. Having a team approach that engages your suppliers as true partners – rather than simply vendors – is a key ingredient in managing a strong programme. A programme cannot be built alone or totally in-house – you need to have support from external companies.
The team at BD immediately saw the need for a technology workflow solution and built one into the overall model of their programme. The technology solution for a third party due diligence programme should be simple to use, highly scalable and most importantly, secure. BD’s global information security group worked with The Red Flag Group to further strengthen the security controls in the ComplianceDesktop® Technology Platform.
You cannot manage a global programme from headquarters. You need to get out into the emerging markets and travel to some of the more challenging places where you do business to ensure that the programme is implemented and working. Tim Daley has travelled extensively in his almost 30 years at BD, and knows pretty much every country, every manager and every company in BD’s distribution model. It is vital to have a travel budget that reflects the global nature of what you are trying to do.
After all of the above, to have a great and successful programme, you need patience. Due diligence and compliance programmes take years to implement and even longer to master. The team at BD have implemented a programme for the long haul, with the right people, processes and budget in place to manage it.