The management of third parties and the inherent risk that they can bring into the organization has become an increasingly important and complex activity. Just how do you manage thousands of third parties and potentially millions of transactions? And you need to do this whilst keeping the organization compliant and ahead of the regulators, protecting your reputation and your bottom line. This report found that there are at least 69 different regulators operating around the world, and every one of them is scrutinizing your organization and your third party and vendor management programs!
One key theme is the lack of maturity in third party risk management across many organizations, save for the largest firms and those in banking. This is evidenced by the self-reported standard of their existing program and supported by the general lack of focus with regard to the factors driving their programs, the diversity of disciplines responsible for managing the area and the overall lack of investment in third party risk management programs. Just over half of the respondents report an expected increase in budget in the next 12 months, despite their recognised program immaturity!
Banking emerged as the more mature industry in comparison to the other sectors within financial services, which were primarily made up of Insurance and Asset Management. This study found that banks are more likely to be running more mature programs that display sophisticated characteristics, but there is still a lot of room for improvement. At the upper end of the spectrum, these programs are defined by processes that emphasize system feedback and improvement, utilizing processes that are reported as formal, measured and controlled. Furthermore, the most mature programs are characterized by factors such as the bespoke application of risk matrices to determine vendor risk profiles.