Managing Third Party Risk

Challenge of Addressing Risks from Your Supply Chain and Third Parties

Working with third parties is a reality of doing business in the 21st century. Organizations are working with a larger number of vendors, and those vendors are performing more business-critical functions. No matter the size or scope of your vendor risk management program, your third party’s risk will always be your risk.

Agencies like the U.S. Department of Justice, Securities and Exchange Commission and Serious Fraud Office have made enforcement a top priority. This requires organizations to perform consistent onboarding, vetting, screening and monitoring across all third parties to keep pace with regulators. Today, however, vendor management is more than just screening and monitoring for bribery and corruption. Cyber security and data protection is the latest concern for vendor management systems working to protect organizations from security breaches while ensuring compliance with regulations like GDPR throughout the entire supply chain.

The basic rule is vendor management grows more complex as the number and diversity of third parties increase. Industry, geography, contract values and government relationship all add nuances to risk and require organizations to have direct control and visibility into their third party relationships. Effective third-party risk management programs are essential to protect organizations from legal and reputation risk, and defend the reputation you have worked so hard to build.

Monitor your outside vendors

What you need

Risk-Based Approach

Organizational vendor risk management efforts based on your company’s unique risk profile.

Ongoing Monitoring

A simple way to identify and manage risk before it becomes an issue by consistently assessing the relative health of each of your third party relationships.

Centralized Management

Shared access across the organization with uniform processes, reports and workflow for key stakeholders.

Automation

A process to automatically onboard, review, screen and monitor each third party in a consistent, trackable and time-efficient way.

Defensibility

A system that captures, stores and retrieves important information about your supply chain and vendors.

High Visibility

Access to information across locations and teams to consolidate and gain visibility into all third party activities.

Steps You Can Take to Build an Effective Third Party Risk Management Program

Step 1: Define your organization’s risk based on industry, regulatory environment, number of third parties and other factors to define your risk profile.

Step 2: Screen all of your third parties against your organization's risk profile, reports on adverse media, politically exposed people and sanctions lists.

Step 3: Surface third parties that represent higher risk due to geographical location, type of business, contract value, and government relationships. Screen outcomes and conduct additional due diligence when applicable to protect your organization.

Step 4: Centralize the management of your third parties in a singular, purpose-built third party risk management solution.