Blog

Third Party Risk - A Unique Kind of Operational Risk

Third party risk management is on a journey. A journey that is being accelerated and guided by increased regulatory attention.

Read More

Topics: risk and compliance, third party relationships, Financial Services, reputational risk, regulatory risk, risk-scoring, third party risk, performance scoring, regulatory compliance, operational risk, supplier risk, third party supplier, Risk Management Framework, vendor risk, performance management program, enterprise risk, occ compliance

Third party scorecards: Making an improved culture of collaboration a reality

Scorecards that measure the performance of suppliers and vendors that a company contracts with have been a business tool embraced by procurement for some time now.

However, there’s an evolution underway. Increasingly businesses are recognizing that a holistic third party scorecard that also embeds risk and compliance metrics, can not only help drive continuous improvements in vendor performance, but can also help reduce the risk that third party engagements may bring to the enterprise. What’s more, scorecards can also be leveraged as a collaborative tool to help raise the collective bar of the third party ecosystem – especially in areas such as IT security.  Operational risk, Information Security and Compliance are all now stepping up to the scorecard plate.

Read More

Topics: risk and compliance, third party relationships, Data Security & Privacy, information security, reputational risk, regulatory risk, risk-scoring, third party risk, data privacy, performance scoring, organization risk, regulatory compliance

Whetting the Appetite in Third Party Risk

A snapshot of the results of two new audience surveys suggests that the concept of “risk appetite” within the third-party risk management framework is still finding its feet. Attendees at a pair of June New York and London conferences, aimed at the financial services industry’s third party risk professionals, responded very similarly to three key questions.

Read More

Topics: risk and compliance, Financial Services, third party risk management, compliance programs, risk management, governance, reputational risk, compliance risk, tprm, event, third party risk, EMEA, survey, risk appetite

Evaluating Third Party Risk and Performance

Best practice approaches to risk and performance scoring and automated workflow

As businesses have evolved and matured, so too has their approach to third parties. In the past, companies focused more on transactional ‘supplier’ relationships, typically for raw materials or ‘parts’. However, today third party relationships form a much deeper and far-reaching part of the strategic and operational ecosystem of any Global 2000 organization.

DOWNLOAD THE WHITE PAPER

Read More

Topics: risk and compliance, third party risk management, Global 2000, compliance risk, tprm, business complexity, scale, business change, business scale, white paper, third parties, risk-scoring, performance scoring, automated workflows, risk dashboard

Board Reporting, Risk Scorecards, Cybersecurity and more – takeaways from CEFPROs Vendor and Third Party Risk USA Conference

Earlier this month, I attended and chaired at the Center for Financial Professional’s conference on Vendor and Third Party Risk USA in New York. The two-day event highlighted the complexity that third party risk managers face, with topics as far ranging as cyber-risk at fourth parties, to applying third party risk frameworks to intra-company organizations. The event also demonstrated that the discipline is having to evolve and mature fast in order to keep pace with the changing digital landscape as well as ongoing regulatory change. Here are my top takeaways from the event, which I hope you will find of interest.

Read More

Topics: Anti-bribery & Anti-corruption, risk and compliance, Financial Services, third party risk management, Responsible Sourcing, compliance programs, business case, High Technology, risk management, governance, reputational risk, compliance risk, tprm, event, third party risk, EMEA

CEFPRO's Vendor & Third Party Risk EMEA conference - Top 10 Key Takeaways for Third Party Risk

This week, I had the pleasure of chairing Day one of the Center for Financial Professional’s conference on Vendor and Third Party Risk EMEA. The conference brought together insights about the evolution of the discipline as well as some key best practices. Here are my top ten takeaways from the event that I would like to share.

Read More

Topics: Anti-bribery & Anti-corruption, risk and compliance, Financial Services, third party risk management, Responsible Sourcing, compliance programs, business case, High Technology, risk management, governance, reputational risk, compliance risk, tprm, event, third party risk, EMEA

Empowered Third Party Due Diligence: Aravo and Dow Jones Risk & Compliance

With continued bribery and corruption enforcement actions high on the agenda of the regulators, companies should be looking to raise the bar on the due diligence of their third parties, both at onboarding and as part of a continuous monitoring process.

Read More

Topics: risk and compliance, Anti-Bribery and Anti-Corruption, third party risk management, ABAC, governance, regulatory risk, Dow Jones, due diligence, audit, workflows, reporting, risk-scoring

Third Party Risk Management in the Dynamic of Business Scale, Complexity, and Change

Why TPRM objectives fail – and what Global 2000 companies need to succeed

Even though large organizations have invested time, attention, and resources into third party risk management (TPRM) over the past decade, it’s clear that many programs are failing to deliver on their primary objective - keeping the organization safe.

DOWNLOAD THE WHITE PAPER

Read More

Topics: Anti-bribery & Anti-corruption, risk and compliance, third party risk management, Data Security & Privacy, Responsible Sourcing, Global 2000, compliance risk, tprm, business complexity, scale, business change, business scale, white paper, third parties

What do I need to ask when buying a Third Party Risk Management (TPRM) solution?

Third party risk management is a complex discipline, that combined with the scale, complexity, and change dynamics of any Global 2000 organization, can often lead to false starts with technology implementations.

It’s important to get enterprise software purchase decisions right – they are the fulcrum of successful third party risk programs for the business, they impact on the adoption and performance of many internal users across the enterprise, and they can have an impact on the careers of those selecting them.

DOWNLOAD THE BUYER'S GUIDE

Read More

Topics: FCPA, risk and compliance, Anti-Bribery and Anti-Corruption, OCC, third party risk management, Data Security & Privacy, Registration & Qualification, Conflict Minerals, GDPR, General Data Protection Regulation, aravo, ABAC, risk mitigation, sustainable procurement, regulatory risk, tprm

How To Build a Business Case for Better Third Party Risk Management

Boards of directors together with their C-suite teams have begun to realize just how little risk information they actually have about their third party relationships, and how fragmented that information can be across an organization of even a modest size. 

DOWNLOAD THE WHITE PAPER

Read More

Topics: Anti-bribery & Anti-corruption, risk and compliance, Financial Services, third party risk management, automotive, Aerospace & Defense, Chemicals, Industrial Manufacturing, Metals & Mining, business case, Business Services, Construction, High Technology, Pharmaceutical & Life Sciences, Retail, how to