BLOG — Nov 29, 2022

Five key insights from the CeFPro Atlanta Conference

Five key insights from the CeFPro Atlanta Conference

The S&P Global KY3P team recently sponsored the Third Party Risk Management USA: Cross Industry Congress organized by the Center for Financial Professionals. The two-day event attracted an audience of over 100 professionals across industries. Presentations and panel discussions included sessions on Supply Chain, Cybersecurity, Critical Suppliers, Continuous Monitoring, Onboarding, Automation, 4th Parties, and Cross Sector Best Practices.

Here are key insights from the event:

  • Consistent Use of TPRM
    Regulators want to see a Third Party Risk Management (TPRM) program that is documented and consistently applied. TPRM platforms enable firms to manage their programs through automated workflows that can trigger dynamic due diligence assessments that are tailored to specific relationships.

    Alerts and actionable workflows are designed to ensure consistent execution of a defined program. Although onerous, onsite assessments provide a unique view that can't be obtained by reviewing responses to a questionnaire.

  • Defining ESG Risk
    Environmental, Social, and Governance (ESG) risk is not well defined in most organizations. Firms should define and codify a scope and determine which metrics are needed to evaluate third parties' ESG risk.

    However, jurisdictional and cultural differences may prevent adoption of specific standards for global suppliers.

  • Contract Reviews Synchronized to Due Diligence Processes
    Contract reviews and legal discussions can take longer than the due diligence assessment process. Such reviews should be conducted in parallel. If the contract includes termination rights, it may enable firms to move forward with contract execution while the due diligence is still in flight.

    The digital capture of contractual obligations is needed for ongoing oversight activities such as key performance indicators, operational performance evaluations, and contract reviews

  • Assessing Reputational Impact
    Reputational impact is often overlooked when companies are running risk drills and impact scenarios. Severe reputational damage could impair an organization's ability to retain customers. Recovery from such events hinge on the right public response.

    Firms should incorporate reputational impact into their risk scenarios to understand the potential exposure to third parties and develop plans on how to mitigate risks.

  • Leveraging specific datasets to inform risk
    Organizations should look to data providers that focus on datasets for specific risk domains, to complement the data on third parties collected during the due diligence process.

    The next step is to leverage these datasets to pinpoint a baseline for third party relationships compared to peers in the provider's industry. Rendering data in a meaningful format will be the future of TPRM offerings.

How KY3P® by S&P Global can help:

KY3P® helps you manage your end-to-end vendor portfolio lifecycle on a single platform with on-demand, multi-dimensional vendor risk assessments. Our tools let you continuously monitor risk through partnerships with industry-leading data providers that specialize in financial health, cybersecurity ratings, data-breach analysis, location risk, and more. Our managed services scale your third party risk management program, while minimizing constraints caused by the difficulties of attracting and retaining risk management teams.


S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.


This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.


60-Day Free Trial to KY3P