The S&P Global Know Your Third Party (KY3P®) team recently sponsored the 7th Annual Vendor & Third Party Risk Europe Summit hosted by the Center for Financial Professionals. The two-day event brought together over 160 Third Party Risk Management (TPRM) professionals to discuss all things Third Party Risk. Here are the best takeaways from the event:

1. The race for talent
As demands and expectations for TPRM programs continue to grow, TPRM teams need to develop subject matter expertise to cover key areas of vulnerability, e.g. data breaches, possibility of operational failures, financial instability , reputational impact and cybercrime. This can mean companies need to employ a dozen specialists, then a management team to own and oversee the process, and a team to drive the execution. Businesses need to work smarter, and there’s a growing realization that if TPRM isn’t a core capability in your organization, there’s often little point in building the expertise in-house. The fight for talent is real. Suppose a business operates in a low cost location. In this case, few or no candidates are available with deep expertise in due diligence areas such as cybersecurity or financial risk. The few qualified candidates are expensive in high-cost places like London or New York. According to Glassdoor, TPRM’s total salary has increased by more than 16% in the last six months alone! Focus your resources on your most risky pockets and outsource the rest.

2. Refocus on operational resilience
Traditionally, TPRM has focused on threat to information security and data protection, not supply chain resilience. The COVID-19 pandemic has revealed weaknesses in the supply chain and in organizations’ TPRM processes and frameworks, leading to a growing awareness that operational resilience must be built into an organization’s DNA. . Organizations are moving away from traditional risk management practices where everything ends up turning orange. They accept that third-party services fail but need adequate resiliency in the supply chain to maintain services to customers. Treating operational resilience, and by extension TPRM, as a checkbox exercise and only responding to new regulations is not enough. Organizations need to take a holistic, cross-functional approach to monitoring and managing third parties. This includes developing exit strategies for your most critical and important third parties. Bringing the right people, including your supplier, to the table is key to planning and managing stressed, planned releases and building a robust and resilient supply chain.

3. The evolution of due diligence methods
The supply chain is increasingly seen as a strategic extension of an organization. This means focusing more on partnership and developing better relationship management. As an industry, financial services must become smarter in assessing third-party risk. Gone are the days when all the power belonged to financial companies and they could expect vendors to answer hundreds of repetitive and duplicate due diligence questions every year. Shared assessments and consortia-led frameworks are increasingly being adopted to foster convergence between the many different approaches to due diligence and ensure efficiency among providers and financial firms. Consortia also facilitate the sharing of best practices towards more resilient and robust supply chains. Additionally, companies are increasingly turning to data to provide pre- and post-contract due diligence and ongoing monitoring. Readily available public data insights across a myriad of risk areas (e.g., cyber assessments, financial stability, ESG, and geographic location) provide meaningful assurance about a third party’s risk position before companies invest significant resources in more invasive due diligence.

How S&P Global KY3P® can help you:
KY3P® helps you manage your end-to-end supplier portfolio lifecycle on a single platform with on-demand multidimensional supplier risk assessments. Our tools allow you to continuously monitor risk through partnerships with leading data providers specializing in financial health, cybersecurity assessments, data breach analysis, location risk, and more. Our managed services scale your third-party risk management program while minimizing the strain caused by difficulties in attracting and retaining risk management teams.

Learn more by visiting KY3P®

Posted on Jun 29, 2022 by Kate AzizGlobal Head of Managed Services, KY3P, S&P Global Market Intelligence

IHS Markit provides industry-leading data, software and technology platforms and managed services to meet some of the toughest challenges in financial markets. We help our clients better understand complex markets, reduce risk, operate more efficiently and comply with financial regulations.

This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.