Blog

Getting the Risk Data Right – TPRM’s Biggest Challenge

In third party risk, issues around data – data security and data privacy - often hold center court. In the wake of the recent onslaught of cyber attacks and data breaches, as well as the enhanced and new regulatory efforts to contain them, third party risk managers can often find themselves spending a lot of time talking about data.

But are they focusing on one aspect of the businesses’ data, at the expense of improving their own? Today, third party risk management (TPRM) executives are being asked to help shape their corporate data strategies, while their approach to their own risk data can be painfully out-of-date.

Two recent surveys show that while vendor risk issues may be a high priority for organizations’ finance teams, the way data is used within the risk management discipline falls considerably behind how other parts of the business may be using data to help deliver on the firm’s strategic goals.

Read More

Topics: third party risk management, third party governance, tprm, supplier risk, vendor risk, cyber risk, cybersecurity regulation, cyber resiliance, cybersecurity, data quality checks, vendor database, compliance data, risk-scoring, internal audit, regulation, Data Security & Privacy, data risk

Cyber-Criminals Target New Companies, New Supply Chains

Cyber-criminals are seeking out new prey. Industries that previously had a lower threat profile – such as oil-and-gas, manufacturing, and shipping – are now falling victim to cyber-attacks at an increasing rate. In some cases, the cyber criminals are using the supply chains of companies in these industries as entry points for the attacks. In other cases, the criminals target these companies directly. In either case, the organizations these companies are third parties to – their clients – are often impacted.   

As a result of this new trend, governments are stepping up with new efforts – laws, regulations, and guidance – to help create national supplier ecosystems that are more resilient to cyberattack. Industries are also creating their own working groups and other types of infrastructure to help increase communication about cyber risk – to share experiences as well as information on prevention and resilience. The evolution of cybercrime is rapid – governments, industries and individual companies are working hard to stay ahead of the threat.

Read More

Topics: third party risk management, third party governance, tprm, supplier risk, vendor risk, cyber risk, salary, cybersecurity regulation, cyber resiliance, cybersecurity

Third Party Risk Management - Salaries, Budget and Team Size

In this week’s blog on the results of the Global 2018 ‘Taking the Pulse of Third Party Risk Management’ Survey, we will delve into the some of the resourcing benchmarks for third party risk management.

To mix things up a little, we will also share the results of polls conducted at the CeFPro Vendor & Third Party Risk conferences in New York and London last month, where we first launched the results of the survey. This gives us some additional interesting cross-Atlantic perspectives.

 We’ll start with salary.

Salary
Why salary? Well everyone’s at least a bit interested in what the benchmarks for their profession may be, and there’s a paucity of data on third party risk management compensation. 
Read More

Topics: third party risk management, benchmarking, third party governance, tprm, supplier risk, vendor risk, survey, OCC, cyber risk, salary, compensation, budget

Third Party Risk Management Benchmarking Survey Results

Earlier this week we published the results of a survey that we conducted with the Center for Financial Professionals. With over 200 respondents from around the globe, the survey was designed to take a snapshot of the state of third party risk management, and to help firms develop their road-map to maturity, and support with planning, resourcing and direction.

The survey provided a great deal of insight, and we’ll be taking a deep dive into some of the results together with the implications for TPRM programs over the coming weeks.

We will also share the results of some polls that we conducted at the CEFPRO Vendor & Third Party Risk Conferences in New York and London where we launched the results. These provide an interesting cross-Atlantic comparison between peers.

But first to the survey results – which revealed gaps between regulatory expectation and the reality associated with third party risk programs. What looks good in theory, is often a lot harder in practice.

Read More

Topics: third party risk management, benchmarking, governance, third party governance, tprm, Financial Services, supplier risk, vendor risk, concentration risk, fourth party risk, survey, OCC, cyber risk

Expert Interview: Tom Garrubba on Six Ways Collaboration Can Enhance Your TPRM Program

Collaboration is a term that makes people either cheer or wince. However, today collaboration is essential to be a successful third party risk manager – the discipline has moved well beyond administrative box-ticking. Now, a strong culture of collaboration can help create the right environment to foster TPRM program excellence, and drive real value for organizations.

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, risk assessment, third party supplier, supplier risk, vendor risk, risk appetite, shared assessments, occ compliance, GDPR, third party risk assessment, standardization programs, gdpr processor, FFIEC, third party risk regulators, regulatory frameworks, internal audit, risk and compliance, third party risk, third party compliance, third party vendor

Expert Interview: Victoria Munoz-Titos on Seven Changes we can Expect to See in TPRM by 2021

Third party risk management (TPRM) could be set to evolve at lightning speed over the next five years, according to Victoria Munoz-Titos, former EMEA, Risk and Control Services at AIG in London. The changes won’t just be accelerated by regulatory demands either. Rather, they will be propelled by a transformation to the way organizations work together, as financial services firms incorporate outsourcing and other types of third party relationships even deeper into their business strategies. Below are the top seven trends that Munoz-Titos sees changing the way firms engage with TPRM and their third-party relationships:

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, risk assessment, third party supplier, supplier risk, vendor risk, risk reporting, risk appetite

Expert Interview: John Bree on the Top Five TPRM Program Mistakes Firms Often Make

Third party risk management (TPRM) is a relatively new discipline for many financial services firms and so it’s no surprise that organizations are still navigating their way. As firms establish their third party risk programs, there’s many common pitfalls that they can fall into. Knowing about these helps you avoid them, so Aravo recently spent some time with third party management expert, John Bree, to expose some of the more common missteps that he has seen organizations make when it comes to setting up, or enhancing, a TPRM program. 

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance, tprm, Financial Services, risk assessment, third party supplier, supplier risk, vendor risk

Cyber resilience and supplier risk: moving beyond compliance

In a speech last week at the Cyber Security Summit and Expo 2017, Nausicaa Delfas, Chief Operating Officer at the FCA, called out cyber risk as one of the FCA’s top priorities and noted its close intersection with supplier risk, and third, fourth and fifth party risk.

Read More

Topics: third party risk management, board of directors, board accountability, governance, third party governance, FCA, supplier risk, cyber risk, cyber resiliance

Third Party Risk Management - Meeting the Expectations of the Board

With the strategic importance of engaging third parties in today's business landscape, coupled with the level of risk that they can bring to the enterprise, it should not be surprising that third party risk management is attracting greater focus from the C-suite and the Board of Directors.

According to the Institute of Collaborative Working, up to 80% of direct and indirect operating costs of a business can come from third parties, while up to 100% of revenue can come from alliance partners, franchisees and sales agents.

Download e-Book

Read More

Topics: third party risk management, board of directors, board accountability, benchmarking, governance, third party governance