Assessing credit worthiness of third parties to ensure service availability throughout life cycle and developing exit plans in the event of failure

Assessing credit worthiness of third parties to ensure service availability throughout life cycle and developing exit plans in the event of failure

By Shamial Afzal, Head of Supplier Relationships & Risk Management, M&G Prudential.

Shamial, can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

I have worked in financial service organisations for the past 20 years and I’m currently the head of SRM and Risk Management at M&G Prudential. My focus is implementing a business methodology on how we segment and govern our third-party supplier relationships. I lead a team who are responsible for monitoring compliance related activities as well as providing SRM expertise to a wide selection of stakeholders across various business units. I also work closely with business partners identifying and reporting first line 3rd party risks and issues. I ‘m passionate about mentoring, inclusivity, promoting diversity of thought and building great relationships.

What are some of the key challenges when managing a third-party through a life cycle?

I guess for me it’s all about understanding where each of your 3rd party suppliers is at in the life-cycle and having plans in place that look to develop the relationship and performance at every stage. The challenge is there are often multiple touch points for 3rd parties which can make it difficult to get a true sense of where the 3rd party in question actually is in the life-cycle i.e. Procurement may have one view, SRM another and the business/executive another. The important thing is to get a unified view and approach which will benefit all interested parties.

At the Vendor & Third Party Risk EMEA 2018 Summit, you will be speaking on your insight regarding ‘Assessing third parties service availability throughout life cycle and developing exit plans in event of failure’. Why is this a key concern right now? And what are the essential things to remember?

We only have to look at the recent challenges around the Carillion (which I’m certain is not an isolated case by any means) for raising eyebrows right now. The spotlight is firmly on how robust organisations business continuity and exit plans are. When was the last time these plans were tested and against what type of scenario? I have come across multiple test scenarios/frameworks, but experience tells me there is nothing like a ‘real time live event’ to test how robust your plans are.

I see now is the time and opportunity as a profession for us to come together and share plans/approaches in the spirit of true collaboration minimizing the impact/ failure of not having a fit for purpose plans in place and how we can learn from each other.

For me the one of the key essential things to remember is to ensure your plans focuses on continuation of service and delivery especially when you are in a customer facing environment. We only have to look at lessons in the banking industry where there has been well documented failures of technology, telephony and people which has caused major issues across many organisations.

Without giving too much away, can you explain the importance of contingency arrangements if a third-party collapse?

The importance lies in the service/product being delivered and/or produced. You should ask yourself: what would happen of a particular 3rd party could not deliver its services/products for a particular reason? What is the likelihood and impact on customers/employees/environment and how robust are the business continuity plans on both 3rd party and business receiving the services/product.

What are the options if this particular third-party collapses? What would the business do? What’s the back-up? When was the last time this was tested? Then fundamentally understanding how to ensure the continuation of the service however critical, is protected, so that it begins to mitigate further risk to the business and 3rd party.


How do you see the third-party risk landscape evolving over the next 6-12 months?

I see this as a hot topic right now and ever growing top of the house concern across many organisations. For me there needs to be accountability right through the organisation with clear sight and articulation of potential risks and issues. My view would be we need to get away from being ‘risk paranoid’ and move into a space where we are all in line with the organisation’s appetite which is clearly set and communicated effectively.

You may also be interested in…