Blog

Third Party Risk Management Benchmarking Survey Results

Earlier this week we published the results of a survey that we conducted with the Center for Financial Professionals. With over 200 respondents from around the globe, the survey was designed to take a snapshot of the state of third party risk management, and to help firms develop their road-map to maturity, and support with planning, resourcing and direction.

The survey provided a great deal of insight, and we’ll be taking a deep dive into some of the results together with the implications for TPRM programs over the coming weeks.

We will also share the results of some polls that we conducted at the CEFPRO Vendor & Third Party Risk Conferences in New York and London where we launched the results. These provide an interesting cross-Atlantic comparison between peers.

But first to the survey results – which revealed gaps between regulatory expectation and the reality associated with third party risk programs. What looks good in theory, is often a lot harder in practice.

Read More

Topics: third party risk management, benchmarking, governance, third party governance, tprm, Financial Services, supplier risk, vendor risk, concentration risk, fourth party risk, survey, OCC, cyber risk

Expert Interview: John Bree on the Top Five TPRM Program Mistakes Firms Often Make

Third party risk management (TPRM) is a relatively new discipline for many financial services firms and so it’s no surprise that organizations are still navigating their way. As firms establish their third party risk programs, there’s many common pitfalls that they can fall into. Knowing about these helps you avoid them, so Aravo recently spent some time with third party management expert, John Bree, to expose some of the more common missteps that he has seen organizations make when it comes to setting up, or enhancing, a TPRM program. 

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, Financial Services, risk assessment, third party supplier, supplier risk, vendor risk

Third Party Risk - A Unique Kind of Operational Risk

Third party risk management is on a journey. A journey that is being accelerated and guided by increased regulatory attention.

Read More

Topics: operational risk, third party risk, risk-scoring, enterprise risk, performance scoring, third party relationships, reputational risk, regulatory risk, regulatory compliance, risk and compliance, supplier risk, Financial Services, vendor risk, occ compliance, Risk Management Framework, performance management program, third party supplier

Shared Compliance Communities – Aravo’s Perspective and Experience

Shared Compliance Communities gather supplier/third-party responses to standardized assessments with the promise of increased efficiencies and improved data quality.  This concept isn’t necessarily new – at least not outside the U.S. - but there has been some recent development in terms of interest in the model.

Read More

Topics: third party risk management, compliance programs, Hellios, communities, Financial Services, defense

Whetting the Appetite in Third Party Risk

A snapshot of the results of two new audience surveys suggests that the concept of “risk appetite” within the third-party risk management framework is still finding its feet. Attendees at a pair of June New York and London conferences, aimed at the financial services industry’s third party risk professionals, responded very similarly to three key questions.

Read More

Topics: third party risk management, risk and compliance, Financial Services, compliance risk, reputational risk, risk management, tprm, event, EMEA, governance, compliance programs, third party risk, risk appetite, survey

Board Reporting, Risk Scorecards, Cybersecurity and more – takeaways from CEFPROs Vendor and Third Party Risk USA Conference

Earlier this month, I attended and chaired at the Center for Financial Professional’s conference on Vendor and Third Party Risk USA in New York. The two-day event highlighted the complexity that third party risk managers face, with topics as far ranging as cyber-risk at fourth parties, to applying third party risk frameworks to intra-company organizations. The event also demonstrated that the discipline is having to evolve and mature fast in order to keep pace with the changing digital landscape as well as ongoing regulatory change. Here are my top takeaways from the event, which I hope you will find of interest.

Read More

Topics: third party risk management, risk and compliance, Anti-bribery & Anti-corruption, Financial Services, High Technology, business case, Responsible Sourcing, compliance risk, reputational risk, risk management, tprm, event, EMEA, governance, compliance programs, third party risk

CEFPRO's Vendor & Third Party Risk EMEA conference - Top 10 Key Takeaways for Third Party Risk

This week, I had the pleasure of chairing Day one of the Center for Financial Professional’s conference on Vendor and Third Party Risk EMEA. The conference brought together insights about the evolution of the discipline as well as some key best practices. Here are my top ten takeaways from the event that I would like to share.

Read More

Topics: third party risk management, risk and compliance, Anti-bribery & Anti-corruption, Financial Services, High Technology, business case, Responsible Sourcing, compliance risk, reputational risk, risk management, tprm, event, EMEA, governance, compliance programs, third party risk

How To Build a Business Case for Better Third Party Risk Management

Boards of directors together with their C-suite teams have begun to realize just how little risk information they actually have about their third party relationships, and how fragmented that information can be across an organization of even a modest size. 

DOWNLOAD THE WHITE PAPER

Read More

Topics: third party risk management, risk and compliance, Anti-bribery & Anti-corruption, Financial Services, automotive, Aerospace & Defense, Business Services, Chemicals, Construction, High Technology, Industrial Manufacturing, Metals & Mining, Pharmaceutical & Life Sciences, Retail, business case, how to

State and Federal Financial Services Regulators Apply Focus on Cybersecurity and Third Party Relationships

In a sign of what may well be coming for all highly-regulated industries around the world, US financial services regulators are in the process of significantly enhancing their cybersecurity rules, including substantial new rules impacting third party relationships.

Read More

Topics: cybersecurity, privacy, OCC, fdic, fsscc, bits, federal reserve, fsr, Financial Services, bank, information security, Data Security & Privacy