Top 5 Insights from the 2022 CeFPro Vendor & Third Party Risk USA Conference
The S&P Global Know Your Third Party (KY3P®) team recently
sponsored the 7th Annual Vendor & Third Party Risk USA
organized by the Center for Financial Professionals. The two-day
event attracted an audience of more than 150 professionals across
financial institutions. There were presentations and panel
discussions on crucial risk domains, including: Regulation,
Business Continuity & Resilience, ESG, Strategic Sourcing,
Cyber, Fourth Party, FinTech, and Mergers & Acquisitions.
Here are key insights from the event:
1. Annual due diligence assessments of third parties are no longer
sufficient for critical relationships. Mature Third Party Risk
Management (TPRM) programs require continuous monitoring with
intelligent automation to manage the data and workflow. Real-time
insights are needed to assess and manage risks posed by critical
relationships effectively.
2. Outsourcing your TPRM function allows you to focus on managing
risk without managing a process. A managed service will enable you
to focus on high-value activities and outsource low-value ones.
Managing the risk is a rewarding and attractive job function. It
includes a career trajectory with growth opportunities, that enable
you to attract and retain talent in TPRM.
3. Environmental, Social, and Governance (ESG) risk is currently
associated with reputational risk and measured against goals. ESG
is going to be "big" as regulators provide clarity on measurable
targets and specific requirements. Diverse suppliers may not have
the resources or capabilities to meet requirements on day one, but
organizations are encouraged to help various suppliers implement
controls where gaps exist today.
4. Concentration risk analysis should be completed for third and
fourth parties. A multi-pronged approach to identifying fourth
parties includes capturing information in your inherent risk
questionnaire profile, obtaining details from your due diligence
questionnaire outreach, a review of SOC reports, and data from
external providers. An inventory of fourth-party information is
needed to query and determine the potential impact of industry-wide
events quickly.
5. Successful TPRM professionals must build relationships across
their business to influence without authority. It is essential to
bring all stakeholders together at the beginning of a relationship
to ensure the connection is categorized correctly and that it can
be supported appropriately. TPRM professionals must communicate
effectively, educate stakeholders, and socialize the risks.
How S&P Global KY3P® can help:
KY3P® helps
you manage your end-to-end vendor portfolio lifecycle on a single
platform with on-demand, multi-dimensional vendor risk assessments.
Our tools let you continuously monitor risk through partnerships
with industry-leading data providers specializing in financial
health, cybersecurity ratings, data-breach analysis, location risk,
and more. Our managed services scale your third-party risk
management program while minimizing constraints caused by the
difficulties of attracting and retaining risk management
teams.
Find out more by visiting KY3P®
S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.
This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.