Top 3 Insights from the 2022 CeFPro Vendor & Third Party Risk Europe Conference
The S&P Global Know Your Third Party (KY3P®) team recently sponsored the 7th Annual Vendor & Third Party Risk Europe Summit organized by the Center for Financial Professionals. The two-day event brought together over 160 Third Party Risk Management (TPRM) professionals to discuss all things third-party risk related. Here are the top takeaways from the event:
1. The race for talent
As the demands and expectations on TPRM programs continue to grow,
TPRM teams need to develop subject matter expertise to span key
areas of vulnerability e.g., data breaches, the possibility of
operational failures, financial instability, reputational impact,
and cybercrime. This can mean firms need to employ a dozen
specialists, then a management team to own and oversee the process,
plus a team to drive execution. Firms need to work smarter, and
there is a growing realization that if TPRM is not a core
capability of your organization, then there is often little value
in building the expertise in-house. The struggle for talent is
real. Suppose a company operates in a low-cost location. In that
case, few or no candidates are available with deep expertise in
areas of due diligence such as cyber security or financial risk.
The few skilled candidates are expensive in high-cost locations
such as London or New York. According to Glassdoor, the total pay
for TPRM has increased by over 16% in just the last six months!
Focus your resource on your pockets of highest risk and outsource
the rest.
2. Refocus on operational resilience
Traditionally, the focus of TPRM has been on the information
security threat and protecting data, not on the resilience of the
supply chain. The COVID-19 pandemic exposed weaknesses in the
supply chain and within organizations' TPRM processes and
frameworks, resulting in a growing realization that operational
resilience needs to be embedded into an organization's DNA.
Organizations are moving away from traditional risk management
practices where everything ends up amber. They accept that
third-party services will fail but need adequate resilience in the
supply chain to maintain services to customers. Treating
operational resilience, and by extension TPRM, like a tick box
exercise and purely responding to new regulations is not enough.
Organizations must take a holistic and cross-functional approach to
monitoring and managing third parties. This includes developing
exit strategies for your most critical and material third parties.
Bringing the right people, including your supplier, to the table is
key in planning for and managing both stressed and planned exits
and building a robust and resilient supply chain.
3. The evolution of due diligence methods
The supply chain is increasingly considered a strategic extension
of an organization. That means focusing more on the partnership and
developing better relationship management. As an industry,
financial services needs to get smarter about risk assessing third
parties. Gone are the days when all the power lies with the
financial firms and they can expect suppliers to complete hundreds
of repetitive and duplicate due diligence questions yearly. Shared
assessments and consortia-led frameworks are increasingly being
adopted to drive convergence across the many different due
diligence approaches and deliver efficiency to suppliers and
financial firms. Consortia also facilitate best practice sharing
moving towards more resilient and robust supply chains. In
addition, firms are looking more and more to data to provide pre
and post-contract diligence and ongoing monitoring. Readily
available public data insights across a myriad of risk domains
(e.g., cyber ratings, financial stability, ESG, and geographic
location) provide meaningful assurance into a third party's risk
posture before firms invest significant resources into more
invasive due diligence.
How S&P Global
KY3P® can help:
KY3P® helps you manage your end-to-end vendor portfolio lifecycle
on a single platform with on-demand, multi-dimensional vendor risk
assessments. Our tools let you continuously monitor risk through
partnerships with industry-leading data providers specializing in
financial health, cybersecurity ratings, data-breach analysis,
location risk, and more. Our managed services scale your
third-party risk management program while minimizing constraints
caused by the difficulties of attracting and retaining risk
management teams.
Find out more by visiting KY3P®
S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.
This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.