Best practice for categorising vendors to determine level of due diligence and oversight required

Best practice for categorising vendors to determine level of due diligence and oversight required

By Ben Joyce, Head of Sourcing – Global Commercial Services, ICBC Standard Bank Plc

Can you please tell the Risk Insights readers a little bit about yourself, your experiences and what your current professional focus is?

My professional background is almost entirely within the procurement discipline, predominantly in Financial Services, latterly as Head of Sourcing at ICBC Standard Bank. This encompasses the management of all indirect third party spend for the Bank globally, and combines a hands-on role executing sourcing projects with the task of developing the strategic direction of the function itself. Like many other Banks, managing third party risk is an ever-growing priority, to ensure compliance in a complex global regulatory environment.

What, for you, are the benefits of attending a conference like Vendor & Third Party Risk Europe 2019 and what can attendees expect to learn from your session?

Conferences are primarily an educational opportunity. It’s extremely important to be regularly exposed to the developments that are happening in a dynamic corporate landscape, as there is much to be learned from the way that other organisations are dealing with much the same challenges that you yourself are confronting.

I would expect attendees to leave the session with some practical guidance to help them improve the way in which they operate third party due diligence in their own organisations.

In your opinion, how can we look to effectively deploy resources for oversight of suppliers?

In a capacity-constrained organisation, prioritisation according to a number of key metrics is critical in deploying resource effectively. Organisations must understand where they have exposure, and put in place channels to maintain effective monitoring of known risks. Collaboration between internal functions is crucial to acting on any changes to the organisation’s risk profile, as many risks cut across functional boundaries within organisations, and therefore must be managed accordingly.

What are the key considerations that need to be made when determining material vendors and services?

Any segmentation of vendors should be completed in alignment with the organisation’s overall risk profile and appetite. If minimising regulatory risk Is the priority, as it tends to be in Financial Services, the segmentation process needs to give the greatest weight to evaluating suppliers that may impact the organisation’s regulatory compliance. In addition, the process must consider the inherent differentiated jurisdictional risks that impact organisations procuring from globalised markets, together with the overall value of the relationship to all parties.

How do you see the impact of vendor & third party risk evolving over the next 6-12 months?

It is hard to see anything other than a continued increase in the profile of third party risk, within the overall risk management environment for corporates. The challenge for many organisations will be finding the resource to manage the flow of information needed to monitor and manage, and therefore I would expect the importance of technology that assists organisations to pinpoint third party risk effectively In their supply chain to become increasingly prevalent.

If you had not taken the career route to become a financial risk professional. What would you be doing right now?

I briefly worked in the Houses of Parliament prior to commencing my procurement career, so I imagine I would be working within the Civil Service in some capacity. That said, I’ve long held a secret desire to be a teacher, so I’d possibly be sitting in a suburban comprehensive trying to extol the virtues of classic fiction to a class of uninterested teenagers.

What three items would you take with you if you were stranded on a desert island?

Assuming that a large boat is not permitted, a guitar, the complete works of Shakespeare and a coffee machine (solar-powered, with a lifetime supply of capsules) should keep me going for some time.