Your responsibility, but not in your control: Third Party Risk Management
- Jacob McBride
- February 4, 2022
Organisations are increasingly adopting outsourced functions to allow them to focus on what their business do best.
Whilst outsourced functions, services and goods are an increasing necessity to remain competitive it can open an organisation up to a lot of risk as external suppliers can access customer data, IP and other important information.
In recent years, according to Deloitte’s 2020 TPRM report, the average financial impact of a data related, or similar failure has more than doubled. Several high-profile cases have seen companies charged millions of dollars in fines.
$400m fine handed out by US OCC to Citibank for risk management deficiencies, and the £20m fine by the UK ICO for British Airways for GDPR non-compliance.
The issues with in-house management of TPRM is that it is often not a big enough to have its own business function and often ‘falls into the cracks’ between different departments leading to poor management of the risks. This is compounded by talent challenges. In Accenture’s 2013 Global Risk Management Study 54% of executives surveyed reported that finding risk management talent with the right skills was a major obstacle.
Outsourcing TPRM can often provide an organisation with benefits similar to those reaped when other functions are outsourced although something to note is that a managed service provider cannot take the risk ownership of the organisation, particularly from a regulatory point of view.
Typical solutions offer the client business a solution tailored to their individual needs which gives the client full visibility of their risks allowing them to make their own decisions about the risks presented whilst avoiding the difficulty of running the day-by-day operation of TPRM.
71% of organisations said their third party network contains more vendors than three years ago.
Given the size and complexity of third party networks and obstacles such as scale, talent, budget etc, it is often much more beneficial; for small to medium size companies especially, to outsource their TPRM activities, leading solutions are also able to adapt and change based on the growth of the company or any direction changes.
(0) comments