Focus: The Cost of Vendor Management

We're co-hosting an event with our partner Audit Link this Wednesday, March 29th from 11to 11:30 ET.   The web conference will focus on the cost of Vendor Management   There will also be q & a with Jim Vilker, VP of Professional Services and Edward Sullivan, CEO of TrustExchange.

The webinar will cover the following topics:


•FFIEC and new OCC guidelines and requirements

•Responding to Alerts or expired/updating due diligence

•Periodic reviews and reports


•Business decisions



• Report to management significant findings

•Report to Board on significant findings

•Keeping up with the changing regulatory environment


More details can be found HERE.

Trust Exchange 2017 Release is LIVE!

Release Features

This major release launches our new user interface, which features beautifully redesigned views, intuitive navigation and forms, greater user control over permissions and significantly enhanced reporting flexibility.  In addition to these platform upgrades, system updates have been implemented that increase speed and stability, several bug fixes have been applied, and support resources have been expanded.

Platform-wide User Experience Redesign

The new Trust Exchange user interface features attractive, easy to understand views and intuitive top level navigation in the left sidebar, as well links to user-friendly support resources and company information in the footer of every page.  In addition, helpful text descriptions and mouse over information is served up contextually throughout, and forms for searches, reports and information entry have been extensively redesigned for simple and efficient input of parameters and data.

Enhanced Dashboard Information

Dashboard pie charts have been replaced with dynamic graphs which provide detailed information on multiple aspects of portfolio list status at a glance.  The new dashboard also features a scrolling feed in the right sidebar highlighting summaries of new events created in portfolio companies.  The dashboard continues to offer direct navigation between portfolios, and list management, monitoring and reporting tools remain accessible via the list drop down menu.  New, expanded reporting capabilities can be utilized by clicking on the “Reports” icon in the navigation sidebar.

Intuitive, Versatile Reporting Tools

In the updated interface, reports are built using easy-to-understand report wizards and permit significantly increased reporting versatility.  Event Reports and Checklist Reports can be created for any number or combination of companies and/or portfolios. Each report type allows the user to select a custom set of events or checklists to report on, and the user may choose from several convenient, pre-set date ranges.

Flexible Company Profiles

Both company profile views and reports increase user control over the types of events displayed and the date range covered.  Enterprise tier users may now delete events which they themselves have created from a company’s timeline.

Expanded Company Information

Company information input forms are now tiered in multiple tabs, allowing a user to add basic information and then more details as desired.  A company owner has access to additional tabs to further complete their company’s profile.  This information works hand-in-hand with enhanced search capabilities and will allow prospective customers searching Trust Exchange to more easily find vendors who meet their needs.  Trust Exchange and its partners will also use this information to feature companies who meet the criteria of our enterprise customers who are seeking vendors with specific attributes.

Improved Document Management

Documents can now be uploaded in a user’s “Files” section via an easy-to-use form.  When attaching a document to an event, a user’s list of documents is served up at the bottom of the new event entry form, allowing a user to click to select any number of documents to attach them to the event.


Several useful enhancements have been implemented with this release:

  • Editing permissions can now be selectively granted for both private and public events

  • A “Comments” field, which displays in the Event Report as well as in event summaries, has been added to all event types

  • Users can now navigate to portfolios from a company profile

  • Functional organization is improved for portfolio and user settings

  • Many entry fields for event creation, checklist monitoring, permissions and reports throughout the platform now use incremental search rather than scrolling lists for input selection

#regtech: The Future of Compliance

I read an interesting article recently in FinRegAlert:  Fintech, Regtech and the Role of Compliance. In it the author points out the tension between the drive to adopt new financial technologies and complexity added by new regulatory requirements.   The article is a good summary of the information published by Thomson Reuteurs which can be dowloaded here. However, I do think it misses a key point in that the new regulatory requirements are an EXPONENTIAL increase in complexity which will never be fully addressed by incremental regtech. 

Exponential problems are difficult if not impossible to get under control and trying to solve these problems wtih linear solutions (more storage, processors or deploying more people etc.) is a fool's errand that can add unbounded cost.  The solution is exponential regtech!

Here at Trust Exchange we are working to solve these problems by bringing exponential technologies to the sharp edge of these challenges.  For instance, we are using crowdsourcing to solve the data collection problem inherent in most regulatory requirements.  Like Facebook collect information from the edge, compile it and present it in clear and actionable ways.  

If you wold like to learn more, CONTACT US for more information.  


Disrupting B2B Information: Free the Data

As discussed in our earlier post about B2B Credit Middlemen, a powerful aspect of doing business on the Internet is the elimination of sales and distribution layers between the producer and consumer. In a typical non-Internet value chain there are many “value-added” steps in the process between the producer and consumer. Each step increases costs and reduces profit. 

Internet distribution models eliminate many of these steps by scaling distribution and eliminating sales complexity (e.g. Amazon, iTunes and Zappos). In this post, we will attempt to illustrate the value chain for the B2B credit industry and point out the false value provided by the credit industry middlemen: the credit bureaus.

Credit Bureaus

Credit bureaus estimate a company’s viability by aggregating data from other businesses for them to use in making new credit application decisions. Unlike banks and financial institutions, they DON’T ISSUE CREDIT. Businesses issue credit to each other and should be the real arbiters of worthiness.

Furthermore, this data is created by businesses, provided to the credit bureaus (for a fee of course), and then resold to other businesses. The never-ending fees keep people from using the service and in turn make the data less accurate, less timely and pretty useless. Who is a better judge of a company’s viability: a random call center operator or the people at companies who interact with each other?

Free the Data

The prevalent business model among these bureaus is to charge companies to ”establish” their profile, charge to view other companies’ profiles and charge to submit data regarding the quality of interactions they have with other companies. Charging to submit data is a disincentive to accuracy and keeps the largest population of companies (small businesses) from participating. If companies could freely exchange THEIR data, then there would be a more timely and probably more accurate way to determine creditworthiness.

The value of the data increases as the number of active users in the network increases. A sort of Metcalfe’s Law for social networks in practice. The data should be free!

At Trust Exchange we've creating a community of businesses who disclose information with each other to build trust.  We believe that with increase trust, business happens faster and more effectively. We've helped many companies in several industries.  If you're interested in learning more you can either request a DEMO.  

OR...just get started with a Free account HERE.  

My Next Sentence is a Lie. Compliance is Difficult, Expensive, and Your Company can't do it on its Own.

Ask a hundred people what compliance is to them and you’ll likely receive ninety-nine different answers. Here’s a particularly wordy and painful definition from, “Certification or confirmation that the doer of an action (such as the writer of an audit report), or the manufacturer or supplier of a product, meets the requirements of accepted practices, legislation, prescribed rules and regulations, specified standards, or the terms of a contract. See also conformance.” If you add enough words it must be correct, right?

While working with organizations in many different industries, we have come to realize the following truth, compliance is the core of B2B information. I would even say that compliance and business information are terms that are mostly interchangeable. In the B2B world, business information is best described by its qualities, TRAC-U (timeliness, relevancy, accuracy, consistency, and utility).

Timeliness is often the biggest hole in a compliance program. Compliance indicators have traditionally been lagging, a look in the rear-view mirror. Information, after-the-fact, only serves to point the finger after a failure has been discovered, it has little value to a company’s strategy and current operations. The most valuable business information is collected in real-time. A failure caught in progress may be rectified, or even turned into an opportunity – actionable intelligence. A compliance failure discovered a month, quarter or year later is just another failure.

"You are not in the business of compliance."

Relevancy is tricky. Obviously, there are certain items on a compliance checklist that must be pass/fail, that’s the easy part. What else is there? How about a vendor’s relationship with the rest of the business world – their reputation? How do you even measure that? We’ve had compliance officers completely skip this discussion and tell us, straight-faced, that they monitor only what they’re told to monitor and then they file it. There are others that see themselves as the next Director of the CIA, thinking more information is better. The truth is somewhere in between. A solid compliance program tracks a pattern of behavior, in the larger business world, over a period of time. Only over a period of time will you be able to tell what information is relevant and what is not; and there are always indicators that rise to the top.

Accuracy is a loaded word. When shooting an arrow at a target, it’s an objective term. You either hit the target, or you did not. In the business information universe, it's more subjective than you think. It’s a mistake to think otherwise. People are hard-wired to generalize, and generalizations are quickly perceived as fact. This can be a fatal error. There have been a few products released in the compliance software industry that attempt to apply a predictive score to the organization being analyzed. How likely is it that a business will go under? How likely is it that a company’s data will be penetrated? How likely is it that a loan portfolio will fail? There are proprietary scoring services being released on the market daily. Never forget that scores are generalizations, and generalizations do not describe individual companies well enough. Additionally, a system of scoring is an inherently lagging indicator. A good score does not preclude utter disaster, just as a bad score does not guarantee failure. Any system of scoring is always one data point away from failure. True accuracy is only achieved through the regular collection of relevant data in a consistent manner.

Consistency is the force that bonds a good business information system together. Methods need to be consistently applied and measured to be accurate. Reporting requirements and business indicators need to be consistently analyzed and weighted to be relevant. Communications with vendors and business partners need to be transparent, contain predictable content and occur on a consistent schedule to ensure timely business information. Actions resulting from non-compliance also need to be consistently applied. Finally, your team needs to consistently appraise its methods, tools, and expenses to maintain utility. If you take a hard look at a failed compliance program, consistency is usually where it all fell apart.

"Any system of scoring is always one data point away from failure."

Utility is the gift of an adequate compliance or business information system. Notice that I used the word “adequate.” It’s not a very powerful word, is it? Even though it may feel like it sometimes, You are not in the business of compliance. However you organize it, however you monitor compliance, however you collect business information, your compliance program should only be as big as it has to be to be adequate, don’t waste resources on it. A compliance program can save you money, just remember that it will not make you any more money. Select your team, give them the tools to do what is required and protect your profits.

Trust Exchange wasn’t created to tell you how to maintain compliance, it was created to take the pain out of the task through automation, collaboration and customization. Ask for a demo. This problem can be solved.

A Logical, Logistical Approach to Oil and Gas Supply Chain Compliance

Congratulations to Catherine Muldoon and Shelly Barard, who work for our customer BDP International, on the publication of this article:  A Logical, Logistical Approach to Oil and Gas Supply Chain Compliance.       The article was published in The Association for Corporate Counsel's "Docket." 

The article describes the complexity of the oil and gas supply chain and the specific international anti-corruption regulations.  They detail their approach to ensuring compliance and the various consequences of non-compliance including criminal charges, fines and reputational damage to companies.  They also touch on the negative impact corrupt practices can have on developing countries across the globe.  

Catherine and Shelly explain how they use TrustExchange's (aka G2Link) platform to ensure compliance and increase the trust and transparency between their suppliers.  They even  include a nice quote from me:

“Leveraging the advantages of cloud computing organizations has an unprecedented opportunity to more rapidly share their valuable data within their extended organiza- tion including customers, employees, partners, and vendors,” says Edward Sullivan, CEO of G2Link. “When the collaborative economy technologies are fully embraced by enterprises, the value is exponential. Automation and true real-time decision making have come of age.” 

You can download and read the entire article HERE.

If you want to learn more about how TrustExchange can help REQUEST MORE INFORMATION.


Business Information Middlemen

One of the most compelling aspects of Internet companies is their ability to eliminate the number of parties involved between a producer and a consumer. Dell famously did this by creating a very lean supply chain and delivered custom computer systems more quickly and inexpensively. Through podcasting, Apple enabled the producers of raw content to distribute it directly around the globe collapsing the layers between teachers and students, artists and fans etc.

The B2B Credit industry is laden with middlemen creating several costly bottlenecks which should have been rendered obsolete years ago. These bottlenecks increase costs, decrease accuracy and increase the risk of sustaining financial damage.

Currently, the credit worthiness of a business is largely determined by the church of big fat credit bureaus. Quoting the Wikipedia definition:

“…(they) collect information and provide information for a variety of uses…”

That doesn’t seem like a whole lot of value. The bureaus are the data middlemen behind the credit curtain. These fading credit wizards have outlived their value yet continue to peddle stale, inaccurate and snake oily data. They keep you anchored with an ID, charge you to establish your profile, view your profile and update your profile. Then, they resell this data they charged you to input to other companies as “leads.”

This broken industry can be optimized by doing three things:  

1. Freeing the Data

2. Socializing the Data and

3. Fixing the Process.  

Over the next few weeks we will discuss this topic in a series of posts and present a new way to view business viability and manage risk.

Peer to Peer Risk Assessment

The value and scale of Peer to Peer (P2P) networks is well known. There are several examples of very successful uses of this framework including Skype, Kazaa, Napster etc. The emergence of “social” software and web 2.0 infrastructures is largely based upon the core analogy of P2P. At TrustExchange, we are building the first P2P Risk Assessment Platform which will leverage this model to enable businesses to obtain a more accurate view of risk inside their operating ecosystem (customers, vendors and partners).  Our goal is to be the "waze" of business information.  

To gain a better view of what we’re up to, it may be helpful to first discuss the core idea behind P2P networks and then expand on how it applies to risk analysis.  First, the definition, from Wikipedia, of Peer to Peer networks:

Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the application. They are said to form a peer-to-peer network of nodes.”

Note the part about peers being “equally privileged, equipotent participants,” and you’ll understand the core idea behind TrustExchange's approach. We’ve noted previously how the existing b2b credit granting and credit management process is broken. And we believe these processes can be greatly improved by creating a P2P, open and transparent risk analysis platform where the data is created and maintained by the peers participating in the network.

Currently, the data used to assess the credit worthiness or viability of a given company is maintained and controlled by the large credit bureaus such as Experian and Dun and Bradstreet. These bureaus are fundamentally middle men with limited value since they don’t grant or issue credit. Businesses make the credit decisions themselves and need a better tool that is more accurate, timely and correlated to viability.

Wouldn’t it be better when analyzing the risk of a given company, if you could not only look at their payment history, but examine how they perform in all aspects of their business? A global risk assessment which takes into account how they perform as a customer, vendor and partner?

Wouldn’t it be valuable to not only look at a single company but view an entire portfolio of customer risk, vendor risk and partner risk?

This is what we are creating at TrustExchange. If you think this is valuable and have strong opinions on the issue sign up now and participate in the discussion and give your input into the development process.

Give Us Your Compliance Headaches


Contractors, Kids, Home Care and Compliance

Your organization needs to take control of this potential nightmare now.

Does your organization send contractors into someone’s house to provide a service? There are countless businesses that derive most, or even all of their revenue through the use contracted work. There are many good business reasons why a company uses an independent contractor to fulfill their services – too many to list here. Keep in mind, though, that in today’s rapidly expanding gig economy it’s the absolute core of the business plan.

As a consumer (even one that hasn’t sampled a prime gig economy service such as Uber), you’ve probably done business through an independent contractor recently. The cable guy, the in-home care specialist, the professional babysitter, the nurse that came to verify your status for Medicare benefits or life insurance are all examples of workers that probably are NOT in-house employees of the company that you paid. What due diligence has been done on these people? Here are some examples to think about.

Example 1: Childcare workers and volunteers at the most basic level need a valid background check (not discussing actual licensing requirements that may be relevant). For example, in my state the following documents must be provided periodically:

·       State Criminal Record Check

·       State Child Abuse History Clearance

·       FBI Federal Criminal History Record (includes fingerprinting)

Example 2: Most cable installers are contractors for the actual service provider – think Verizon, Comcast, etc. They have the uniform, training, and truck, but they are contract workers[G2] . These guys are required to have periodic background checks, driving record check, and current insurance, in addition to the technical certifications required.

Example 3:  Home care workers have a substantial set of periodic requirements that need to be monitored in most states (some states have very few rules – yikes).

·       Required licensing, periodic training for all services provided (aka competency training) and current certifications.

·       State Criminal Record Check

·       State Child Abuse History Clearance (if required by duties)

·       FBI Federal Criminal History Record (includes fingerprinting)

·       Proof of residency

·       Periodic Health Screening

All three of the above examples have some requirements in common. Documentation of the requirements must be kept on-hand by the contracting agency. The documentation, which includes personally identifiable information (PII), must be kept secure. The documentation needs to be periodically updated. Finally, most of this documentation is reviewable, without warning, by the associated regulatory agency.

How does your company stay on top of this potential compliance nightmare? Are you using the old spreadsheet/file cabinet combination? Perhaps you’re a larger company and you’ve coopted the HR software for these tasks. How are you sure that all the required documentation is both up-to-date and available right now? You know what the risks and penalties are – liability, licensing, fines. It’s time to take control of your compliance requirements. You need a cloud-based platform that’s made specifically for this task.

·       Automatic alerts to both the contractor and organization when a requirement comes due

·       Secure document uploading and storage in the cloud

·       Customizable requirement and event writing

·       Ability to create unique user groups

·       Ability to see your organization’s contractors and vendors status on one dashboard

·       Real-time monitoring

·       Scalable, easily grows with your business

Trust Exchange wants to know what your compliance headache is. We know the most important rule in the compliance game. Your company is unique, with a unique set of needs. The key to the effective implementation of a compliance program is beginning with a tailored solution that’s balanced for function and cost. Tell us what you need.

Contact us HERE!


Our Epiphany. Why We Started TrustExchange.

The idea for starting TrustExchange came when one of my customers (from another company) went out of business. We rarely lost customers but when when it happened it was usually due to death (bankruptcy, shut the doors) or marriage (merger or acquisition). When companies die, it’s my experience that it’s a very painful process and a little check on the company stability goes a long way. This particular incident stood out in my mind because we had taken all of the typical precautions: checked their DnB, researched their business information, built personal relationships with the executives and interacted with them frequently.

Their failing wasn’t an event but a process where their loss of business stability extended over several months, and like the famous frog in the hot water, we ended up getting burnt in the end. A $25K burning! So here is the story:

We first met CompanyX (name changed to protect the guilty) just as they had begun getting traction. They were located in Silicon Valley, had signed several marquis customers, attracted some impressive investors, moved into a nice new office and from all accounts were pretty good citizens.

During the initial phases of the sales process, they were very diligent and asked all of the right questions about our product. The management team at CompanyX was pretty impressive. Degrees from the best schools, experience at tech stalwarts and a strong handle on their market and prospects. It was a tough sales process but in the end we were victorious and awarded the deal and promptly started contract negotiations and closing process. In the end, we negotiated a $10K startup fee and $5K per month recurring fee to use our product.

Prior to granting access of our product to customers we did a few things to check a company’s stability: Dun and Bradstreet check and we asked to see their financial statements. CompanyX, like most small privately held companies, refused to disclose their financials. It was a tough call since we had limited insight into the company stability but we had a quota to meet and they had a check for $10k, so we signed the deal!

Everything seemed fine for the first six months, they paid their bills on time and were happy with the product. Then we noticed they were 10 days late. When we called to check they apologized and said they would send it out promptly…except they didn’t. Then they went 30, 60 and 90 days late yet stayed in communication with us, told us they were fund raising and would be able to pay us soon so we didn’t turn them off. Our CFO checked their credit again and all seemed fine. After the fourth month, they stopped responding to emails or taking our calls.

Finally after the fifth month, we sent someone to their office and to our horror discovered an empty office. No people, no furniture nothing but a shell. We shut them off that day.

When I called some of my CEO peers, they had the same experience and were left holding the bag too.

Key Learnings:

1. Company stability is a process and not an event.

2. Credit report data is less than adequate.

3. Bad stuff happens to good people.

4. I could have stopped the bleeding if I had discussed with my vendor peers earlier!

5. I need to monitor company stability vs. just spot checking

Company Stability is a process and not an event. So…we started TrustExchange to help businesses monitor their risk and exchange key information to increase trust in each other. If you're interested and want to learn more about how we're doing this, CONTACT US.