BLOG — Jun 26, 2023

Top 5 Insights from the 2023 CeFPro Vendor & Third Party Risk USA Conference

S&P Global's Know Your Third Party (KY3P®) recently sponsored and hosted the 8th Annual Vendor & Third-Party Risk USA organized by the Center for Financial Professionals in New York. The two-day event attracted an audience of more than 100 professionals across financial institutions, with 13 vendor booths. KY3P MD and Global Head of Third-Party Risk Management, Peter Pernebo, hosted Day 2 of the conference, covering a range of topics such as Cyber Insurance, Global Regulations, and Fintech Partnerships and Collaboration. Other sessions during the event included : Contract Management, Critical Third Parties, Fourth Parties, Automation, Exit Planning, and the impact of Generative AI throughout the supply chain.

Across the event, some key insights and trends were clear:

1. Automation is the most important development for the industry. Standalone and manual due diligence assessments of third parties are no longer sufficient for the continuous assessment of critical relationships. Mature Third Party Risk Management (TPRM) programs require continuous monitoring with intelligent automation to manage the data and workflow. Real-time insights are needed to assess and manage risks posed by critical relationships effectively.

2. Sustainability is at the forefront of supply chain discussions and is most effective when implemented and considered alongside other risk domains such as financial or cyber (vs a standalone risk score). It's necessary to take into account ongoing clarity and new requirements from regulators as well as the reputational risk linked to ESG. Knowledge of the ESG practices and policies of third parties is crucial for firms wanting to comply with specific ESG criteria and to manage human rights regulations across the supply chain.

3. The rise of AI is the trend to look out for as FY 2023 progresses. Generative AI came up repeatedly on both days of the conference and remained a theme within all other subject matter. As AI becomes increasingly proficient at detecting grammatical structures in regulatory documents and respective responses, it offers an expedited pathway to automation within supply chain management and compliance. The combination of interpersonal intervention through managed service and advisory functions and the use of AI for population of questionnaire responses will be integral to the advancement of TPRM offerings.

4. There is a growing interest in comprehensive reporting regarding fourth parties. It is predicted that regulators in the future may even be interested in supply chain parties to the 6th party level. Defining risk tolerance within fourth parties, as well as ensuring third parties have maintained control of their subcontractors is top of mind.

A multi-pronged approach to identifying fourth parties includes capturing information in your inherent risk questionnaire profile, obtaining details from your due diligence questionnaire outreach, a review of SOC reports, and data from external providers.

5. Managing and preparing for cyber threats remain an integral part of safeguarding a comprehensive supply chain. Cyber insurance was top of mind, as companies highlighted the struggle to find the balance between succumbing to increasing insurance costs and maintaining a dominant stance on cyber threats. The growth of AI and automation, makes cyber risk readiness particularly important, with the need for additional precautions for companies to protect themselves against human-like software and diction patterns.

How S&P Global KY3P® can help:

KY3P® helps you manage your end-to-end vendor portfolio lifecycle on a single platform with on-demand, multi-dimensional vendor risk assessments. Our tools let you continuously monitor risk through partnerships with industry-leading data providers specializing in financial health, cybersecurity ratings, data-breach analysis, location risk, and more. Our partnership with Sustainable1's ESG data allows us to integrate ESG risk into our already expansive domain of risk assessments, giving you a more complete picture of your supply chain. Our managed services scale your third-party risk management program while minimizing constraints caused by the difficulties of attracting and retaining risk management teams.


S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.


This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.