Key Insights from the Compliance Week Third Party Risk Management & Oversight Summit

The S&P Global Know Your Third Party (KY3P®) team recently attended the Third Party Risk Management & Oversight Summit in Atlanta, GA organized by Compliance Week. The two-day event attracted an audience of more than 150 professionals from various industries including both financial services and non-financial corporates. Presentations and panel discussions covered Topics such as due diligence, cybersecurity, ESG, privacy, program governance and screening.

Here are key insights in respect of third party risk management programs (TPRM):

1. Start somewhere: The initial TPRM program setup does not need to be overly complex and should be centered around basic requirements, focused on incorporating key risk areas.
   
   
2. Define roles & responsibilities: Clearly defined roles and responsibilities are needed to establish who is responsible for each aspect of a TPRM program, allowing stakeholders to focus on their specific duties, knowing who is responsible for other parts of the program. The increased transparency will lead to gains in productivity.
   
   
3. Seek continuous improvements: Reporting should evaluate the strength and performance of the program and allow the root cause of any problems to be identified. Benchmarking TPRM programs as part of this allows insights into how others manage their TPRM programs.
   
   
4. Be aware of new risk domains: Stay informed on industry and regulatory topics to understand new and emerging risk domains. Currently, stakeholders across industries are trying to integrate ESG into their TPRM programs to avoid regulatory fines and inquiries.
   
   
5. Leverage best practices: Attending conferences and webinars helps to better understand best practices across TPRM, and allows for a deeper dive into specific risk domains. Adopting industry best practices as they evolve, protects the organization and reduces costs.
   
   
6. Explore technology: There are many cost-effective tools that identify, assess, mitigate, and monitor risks. TPRM technology can help to automate business processes and provide insights on third party risks.
   
   

How S&P Global KY3P® can help:

KY3P® helps you manage your end-to-end vendor portfolio lifecycle on a single platform with on-demand, multi-dimensional vendor risk assessments. Our tools let you continuously monitor risk through partnerships with industry-leading data providers specializing in financial health, cybersecurity ratings, data-breach analysis, location risk, and more. Our managed services scale your third-party risk management program while minimizing constraints caused by the difficulties of attracting and retaining risk management teams.

S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.

This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.