2022 Year in Review

This time of year is always a period to reflect on the past year and plan for the year ahead. Trends we see in one year are likely to impact the following and certainly, 2022's themes are not likely to disappear any time soon. Here are the top three things I've been thinking about in 2022.

• Data, data, data - Everyone knows how important this is and clients are looking for more and better data to help them monitor and evaluate their third parties. Historically, clients tended to focus on cybersecurity and financial data, but in 2022 we saw an increased focus on ESG and location risk data. This was driven by social and geopolitical concerns that I expect to continue into 2023 and beyond. Of course, obtaining the data is only the first step. Incorporating action items driven by the data is the meaningful part for clients. The defined action items should be codified in Third Party Risk Management policies and procedures.
  
  
• Retaining TPRM talent is challenging - Clients are struggling to provide a meaningful career path for TPRM professionals. The TPRM function can sit within various groups at different organizations and the path to grow and develop talent does not always allow for staff to remain within TPRM or even within the same organization. An additional challenge is that often the most rewarding and interesting work is linked to alignment and management of risk, but this is frequently a smaller percentage of the time spent by TPRM professionals. Instead, even with automated processes, administration tasks, that are less rewarding, take up a lot of time.
  
  
• Doing more with less - TPRM professionals are being asked to do more but with a smaller budget and with fewer staff, meaning clients must find creative ways to fulfill their mandate and execute their programs. Their senior leadership understand the risks and are supportive of TPRM programs, but slow to invest under current and forecasted economic conditions. In this environment, the most successful programs will pair the appropriate technology and outsourcing solutions to most efficiently and effectively meet their mandates and manage third party risk.

Looking ahead to 2023, I expect these themes to persist. TPRM programs will continue to source and rely on data-driven insights and incorporate specific oversight activities to meaningfully manage third party risk between point-in-time due diligence assessments. To do this effectively, they will continue to evaluate and pursue outsourcing opportunities for parts of their TPRM programs, providing more opportunities for their TPRM professionals to focus on managing risk instead of administering processes.

How KY3P® by S&P Global can help:

KY3P® helps you manage your end-to-end vendor portfolio lifecycle on a single platform with on-demand, multi-dimensional vendor risk assessments. Our tools let you continuously monitor risk through partnerships with industry-leading data providers that specialize in financial health, cybersecurity ratings, data-breach analysis, location risk, and more. Our managed services scale your third party risk management program, while minimizing constraints caused by the difficulties of attracting and retaining risk management teams.

S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.

This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.