Blog

Third Party Risk Management - Salaries, Budget and Team Size

In this week’s blog on the results of the Global 2018 ‘Taking the Pulse of Third Party Risk Management’ Survey, we will delve into the some of the resourcing benchmarks for third party risk management.

To mix things up a little, we will also share the results of polls conducted at the CeFPro Vendor & Third Party Risk conferences in New York and London last month, where we first launched the results of the survey. This gives us some additional interesting cross-Atlantic perspectives.

 We’ll start with salary.

Salary
Why salary? Well everyone’s at least a bit interested in what the benchmarks for their profession may be, and there’s a paucity of data on third party risk management compensation. 
Read More

Topics: OCC, third party risk management, tprm, survey, cyber risk, third party governance, benchmarking, supplier risk, vendor risk, salary, compensation, budget

Third Party Risk Management Benchmarking Survey Results

Earlier this week we published the results of a survey that we conducted with the Center for Financial Professionals. With over 200 respondents from around the globe, the survey was designed to take a snapshot of the state of third party risk management, and to help firms develop their road-map to maturity, and support with planning, resourcing and direction.

The survey provided a great deal of insight, and we’ll be taking a deep dive into some of the results together with the implications for TPRM programs over the coming weeks.

We will also share the results of some polls that we conducted at the CEFPRO Vendor & Third Party Risk Conferences in New York and London where we launched the results. These provide an interesting cross-Atlantic comparison between peers.

But first to the survey results – which revealed gaps between regulatory expectation and the reality associated with third party risk programs. What looks good in theory, is often a lot harder in practice.

Read More

Topics: OCC, Financial Services, third party risk management, governance, tprm, survey, cyber risk, third party governance, benchmarking, supplier risk, vendor risk, concentration risk, fourth party risk

Expert Interview: Keith Koo on A Horizon View of Third Party Risk, Cyber-Risk, and Emerging Technologies

 

Sometimes, in the world of third party risk, we spend a lot of time looking at what is directly in front of us (or re-actively, what’s behind us), or even with our heads in the sand. Industry expert, Keith Koo, spends a lot of time looking to the horizon.

When you meet Keith – you are immediately struck by the energy and enthusiasm he brings to the topics near and dear to his heart: disruptive technology, digital innovation and cyber-security, and the intersection of all these trends with third party risk.

Not only has Keith had significant experience in managing large third party risk programs for large banks and enterprise technology companies, he now advises companies with the most complex and pressing third party management challenges as a Managing Partner at Guardian Insight Group.

However, it’s been his experience working in the Silicon Valley, that also spurred Keith’s long-term interest in digital innovation, cyber-security and emerging, disruptive technologies such as cryptocurrencies and blockchain.

Read More

Topics: third party risk management, Data Security & Privacy, data privacy, cyber risk, technology, blockchain, cryptocurrency

Aravo Solutions Wins GRC 20/20 Innovation Award for its Third Party GDPR Compliance Application

The team here at Aravo are particularly honored and excited to receive the 2017 GRC Innovation Award for Third Party Management from independent GRC analyst firm GRC20/20 for our Third Party GDPR Compliance Application, Aravo for GDPR.

This is the second year running that Aravo Solutions has been recognized by GRC 20/20. In 2016 Aravo won the GRC 20/20 Award for Value in Third Party Management, where Aravo’s Enterprise Third Party Risk Management solution was found to drive measurable value, delivering better GRC efficiency, effectiveness and agility to complex third party programs.

Read More

Topics: Data Security & Privacy, GDPR, General Data Protection Regulation, GRC20/20, grc 2020, gdpr compliance, Aravo for GDPR, third party gdpr, gdpr compliance application, GDPR award, innovation award, gdpr application, aravo solutions gdpr, grc award, gdpr report, gdpr solution

Bribery & Corruption – A growing focus for governments and companies

Although the way firms and individuals are being prosecuted for bribery and corruption continues to evolve, the overall direction of travel is towards increased responsibility for the prevention of these activities. Most FCPA actions (83%) of 2017 involved bribery schemes that relied on third-party intermediaries such as agents, consultants, or contractors.  And yet according to a recent survey, organizations are not responding fast enough by implementing the right policies and risk assessments.  

Read More

Topics: risk and compliance, Anti-Bribery and Anti-Corruption, third party risk management, Corruption, Bribery, compliance risk, tprm, uk bribery, supplier risk, vendor risk, regulation

Five Third Party Risks The Regulators are Focusing On

It’s the billion-dollar question – what is on a regulator’s mind when they walk through the door of a firm? What kinds of things are they looking for – and is the firm prepared?

The focus on third party risk management by regulators has increased significantly over the past few years.  The regulators themselves are providing some clear and coherent guidance on their expectations, such as: OCC Bulletin 2013-29, “Third-Party Relationships: Risk Management Guidance; FFIEC Appendix J: Strengthening the Resilience of Outsourced Technology Services. And, if you’re looking for a ‘crib-sheet’ of what the examiners are likely to be looking at, there’s also OCC Bulletin 2017-7: The OCC's Supplemental Examinations Procedures for Third Party Relationships.

In February 2018, Aravo brought together a panel of experts, two of whom were former US regulators, to talk about how supervisors are thinking about third party risk management. You can listen to the broadcast here – but we’ve also distilled it down into five key take-aways.

Read More

Topics: risk and compliance, third party risk management, information security, compliance risk, tprm, third party risk, cyber risk, supplier risk, vendor risk, occ compliance, third party risk regulators, regulatory frameworks, third party compliance, third party vendor, FFIEC, concentration risk, fourth party risk, geopolitical risk

Expert Interview: Tom Garrubba on Six Ways Collaboration Can Enhance Your TPRM Program

Collaboration is a term that makes people either cheer or wince. However, today collaboration is essential to be a successful third party risk manager – the discipline has moved well beyond administrative box-ticking. Now, a strong culture of collaboration can help create the right environment to foster TPRM program excellence, and drive real value for organizations.

Read More

Topics: risk and compliance, third party risk management, GDPR, board of directors, governance, tprm, third party risk, risk appetite, board accountability, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, occ compliance, risk assessment, shared assessments, third party risk assessment, standardization programs, gdpr processor, third party risk regulators, regulatory frameworks, internal audit, third party compliance, third party vendor, FFIEC

Expert Interview: Victoria Munoz-Titos on Seven Changes we can Expect to See in TPRM by 2021

Third party risk management (TPRM) could be set to evolve at lightning speed over the next five years, according to Victoria Munoz-Titos, former EMEA, Risk and Control Services at AIG in London. The changes won’t just be accelerated by regulatory demands either. Rather, they will be propelled by a transformation to the way organizations work together, as financial services firms incorporate outsourcing and other types of third party relationships even deeper into their business strategies. Below are the top seven trends that Munoz-Titos sees changing the way firms engage with TPRM and their third-party relationships:

Read More

Topics: third party risk management, board of directors, governance, tprm, risk appetite, board accountability, risk reporting, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, risk assessment

Expert Interview: John Bree on the Top Five TPRM Program Mistakes Firms Often Make

Third party risk management (TPRM) is a relatively new discipline for many financial services firms and so it’s no surprise that organizations are still navigating their way. As firms establish their third party risk programs, there’s many common pitfalls that they can fall into. Knowing about these helps you avoid them, so Aravo recently spent some time with third party management expert, John Bree, to expose some of the more common missteps that he has seen organizations make when it comes to setting up, or enhancing, a TPRM program. 

Read More

Topics: Financial Services, third party risk management, board of directors, governance, tprm, board accountability, third party governance, benchmarking, supplier risk, third party supplier, vendor risk, risk assessment

Third Party Risk - A Unique Kind of Operational Risk

Third party risk management is on a journey. A journey that is being accelerated and guided by increased regulatory attention.

Read More

Topics: risk and compliance, third party relationships, Financial Services, reputational risk, regulatory risk, risk-scoring, third party risk, performance scoring, regulatory compliance, operational risk, supplier risk, third party supplier, Risk Management Framework, vendor risk, performance management program, enterprise risk, occ compliance