Aligning third party management with wider operational resilience frameworks and risk appetite statements

Aligning third party management with wider operational resilience frameworks and risk appetite statements

By Nick Brazier, Head of Third Party Management, Close Brothers & Anna Gurney, Head of Supplier Relationship Management, Close Brothers

Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

Anna: I have been Head of Supplier Relationship Management at Close Brothers since 2017. I am responsible for ensuring we drive value and manage risk within our supply chain. Prior to this I started my career at Deloitte where, after a short spell in Internal Audit and qualifying as a Chartered Accountant, I specialised in third party risk. Whilst predominately working in the finance services industry on the design and implementation of third party governance and risk management frameworks, one of the benefits of being a consultant was that I got the opportunity to work on a wide range of projects in multiple industries on this topic, something which I found very interesting and insightful.

Nick: I am a Fellow of the Chartered Institute of Purchasing and Supply with almost 20 years Procurement with a proven track record of Procurement transformation, value creation and third party risk management within market leading organisations across an eclectic mix of industries and organisations (including Fulham Football Club, Harrods, BNP Paribas and Allianz).

I am a passionate Procurement professional with a desire to develop the awareness and standing of Procurement in the corporate environment through peer group collaboration, continuous improvement of best practices and knowledge sharing through contribution to industry events and publications.

What, for you, are the benefits of attending a conference like Vendor & Third Party Risk Europe 2019 and what can attendees expect to learn from your session?

Benefits of attending a conference like Vendor & Third Party Risk Europe:

  • Networking, knowledge sharing and learning from the experiences of our Peers.
  • Gaining insight into the evolving landscape and impacts on Third Party Management.

What to expect from our session:

  • Sharing our experiences and learnings from designing, implementing and embedding an agile and pragmatic TPM framework within a decentralised organisation, as well as aligning with the broader Operational Resilience Framework.
What are the main challenges of a decentralised organisational structure?

Whilst there are benefits to a decentralised organisation, challenges include embedding processes to ensure there is holistic oversight, consistency and aggregated reporting across the organisation whilst balancing with local Business autonomy.

Why is Operational Resilience important and at an enterprise level what is the role of Third Party Management functions?

Operational resilience is an important topic not only for organisations but for Regulators and ultimately end customers, as a result we are seeing increasing focus on this area from regulators and senior management. Where third parties support critical activities or functions, Third Party Management naturally has an important role to play and must integrate effectively into the wider Operational Resilience framework.

How do you see the impact of vendor and third party risk evolving over the next 6-12 months?
  • The bar is undoubtably going to keep rising with regards to third party risk management, particularly with the incoming EBA guidelines on Outsourcing coming into effect in September.
  • Trend continues to see organisations rely more heavily on a broader range of third parties as they build extended enterprise ecosystems – this will bring new and evolving risks that require management, particularly with regards next generation technologies e.g. use of AI and robotics.