What are the key pillars of third-party risk management?


When it comes to understanding third-party risk management, it can sometimes be challenging to understand what is involved. In a recent post by Moody’s Analytics, the company outlined three key pillars of third-party risk management. 

Third-Party Risk Management (TPRM) is managed haphazardly by a multitude of teams across various businesses, causing companies to struggle to identify risks within their third-party networks. The difficulty in assessing supplier performance, containing inflation, and anticipating geopolitical disruption has left many businesses in vulnerable positions.

The ‘just-in-case’ model is gaining popularity as businesses adopt a more cautious approach to third-party risk, in anticipation and preparation for potential disruptions. Adding to this complexity, governments are implementing more stringent regulations concerning supplier due diligence and environmental and social governance, which increase the demands on compliance teams and those tasked with managing third-party risk.

Recently, qualitative research from Moody’s Analytics KYC delved into this intricate TPRM landscape. The investigation considered the wider context in which companies undertake supplier due diligence, how they currently handle TPRM, and how they measure risk. Insights were drawn from comprehensive interviews with risk, compliance, procurement, and supply chain experts from 41 leading multinational corporations.

From Moody’s research, three central pillars of third-party risk management emerged. The first one included streamlining TPRM. The study highlighted the fragmented nature of TPRM across various businesses, with the use of diverse terms to describe identical processes adding to the confusion. Moody’s discovered that companies with fewer suppliers tend to have disjointed processes, often managed locally and lacking professional oversight. On the other hand, companies with numerous suppliers across various geographies are more likely to centralise their TPRM, investing in dedicated systems and professionals.

The next pillar was risk visibility. The research found that many firms struggle with identifying risks within their third-party networks, primarily due to a lack of transparency into the operational structures of suppliers within their supply chains. Global supply chains add an additional layer of complexity, making new supplier onboarding a time-consuming process. Firms can make more informed, risk-based decisions when they have a unified approach to risk management and clear visibility into their supply chains.

The final pillar was safeguarding reputation. Unifying TPRM and improving risk visibility is crucial for several reasons, not least of which is preventing reputational damage. In our hyper-connected world, any scandal can instantly damage a brand’s reputation, severely impacting its financial standing. Organizations that manage to streamline their TPRM and enhance risk visibility are better equipped to mitigate risk and protect their reputation.

Read the full post here.

Copyright © 2023 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.