Case Study: Third-Party Risk Management For A Leading Global Medical Device Company
From manual to automated, ethiXbase’s platform accelerates and simplifies the entire third-party compliance and due diligence process for a leading global medical device company.
“ethiXbase is taking responsibility of the administration for us… we are just coming to the table to make the decision.”
— Head of Group Compliance, Leading Global Medical Device Company
At a Glance
With an increased regulatory requirement and geopolitical risks around the world, the medical device company is encumbered with insufficient resources to manage and monitor risk and regulations impacting third-party relationships.
To complete a simple due diligence process for their third parties, the company still relied on manual emails traveling between requesters, compliance, and third parties—and it was becoming too challenging to manage. Crucial documents were filed in different locations and took too long to create.
It was apparent that the company needed a solution to manage their third-party risk, and one that was cost-effective, flexible, and secure.
ethiXbase worked with the management team to devise a solution that transformed the company’s efficiency in due diligence processes and third-party risk management.
The result was a customised solution that streamlines the company’s third-party risk management from start to finish—all while keeping the information updated and organised and third-party risk being monitored on an ongoing basis.
The medical device company is one of the world’s largest manufacturers and suppliers of medical devices, specialising in hearing-aid solutions.
They employ over 14,000 people and are present in over 90 countries across different continents.
Third-party management can be fraught with complications, especially when working with thousands of third parties and employees that communicate across many countries with diverse languages.
For this company, the most obvious compliance challenge began with how due diligence documents were being managed and documented and third-party risks were being monitored on an ongoing basis.
Traveling back and forth between the various requestors, to the compliance team, to third parties—many Microsoft Word documents were grossly delayed, falling between the cracks in a tired, print-scan-sign procedure that was rarely a priority for non-compliance personnel.
It is easy for things to get overlooked and bury silos of third-party management in mountains of data that is hard to maintain, aggregate, and report on.
The fragmented governance of third-party relationships through disconnected silos may lead the company to inevitable failure.
Reactive, document-centric and manual processes fail to actively manage risk and compliance in the context of the third-party relationship and broader organisation strategy and performance.
Ultimately, it was a very inefficient process — sometimes taking as long as three months to complete — and the compliance leadership knew that they had to do something about it.
“We realised that the process needed to be reshaped,” The Head of Group Compliance explains.
Right around the time the compliance leadership was looking to innovate—ethiXbase worked with the medical company management team to discuss potential strategy; and within a few months, a fruitful partnership began to take root. It was clear that an automated and secured solution was necessary, and ethiXbase, who can provide the most configurable, market-leading end-to-end third-party risk management platform on the market, was the partner they needed to automate and simplify their process.
“The setup was the very solution that we needed,” The Head of Group Compliance explains.
Utilising ethiXbase’s platform to screen and conduct due diligence on all of their distributors and third parties before they do business—as well as to conduct due diligence on stakeholders and false-positive remediation—roll out was successful.
It was a game changer, a fundamental shift that saved both time and manpower. With 100 users on the platform across 40 countries, ethiXbase’s platform makes due diligence simple and accessible.
To remain ahead of the game, they’ve deployed a specialised due diligence questionnaire (DDQ) to send to suppliers—which is a key initiative in protecting their company and documenting evidence, should anything go wrong. With these changes, the company is pleased with the partnership, which includes weekly calls with the single point of contact that talks through their ongoing requests.
“It’s a good gathering point for all the functionalities, the service level, the interaction, and helpfulness,” The Head of Group Compliance explains.
Some of the short-term benefits the Medical Device company achieved were:
- End-to-end third-party risk management from onboarding to ongoing monitoring creating efficiencies and transparency in the way in which they manage their third parties.
- Fewer things slipping through the cracks and being lost or forgotten.
- Overall reduction in risk in their thirdparty relationships.
- Quick identification of noncompliance.
- Most importantly. It’s peace of mind —blended with empowerment “We get the feeling that we are making decisions on a broader scope of knowledge,” The Head of Group Compliance explains.
Before this partnership, the company had a clear policy and strong processes in place. However, by using ethiXbase’s third-party compliance platform, the process transformed to be cutting-edge—faster, more efficient, more secure, and far more influential.
The management team has also been able to make better decisions, all while creating papertrail that’s only a click or two away, should legalities ever require proof of documentation.
If you would like to see a demonstration of the ethiXbase Third-Party Compliance Platform, please fill up the form below to summit your request.
One of our specialists will immediately follow up.