Third Party Risk Monitoring

Go Beyond Cyber and Financial Assessments: Here’s How to Enhance Your TPRM Program for 2020 and Beyond

Written by Jessica Elliott

how to build a comprehensive risk management process
Financial and cyber threats are rightfully a top concern for businesses today, but third-party and global business disruption risks go far beyond cyber and financial concerns. When you compound financial and cyber risks with the ever-changing business environment, geopolitical events and increasingly frequent severe weather events, a TPRM program that only periodically assesses financial and cyber risks leaves your business critically exposed to potentially devastating disruptions to your global business and third parties.

To illustrate this point, Allianz Global Corporate & Specialty (AGCS), a global corporate insurance carrier, surveyed 2,415 risk management experts from 86 countries between October and November 2018. According to the Allianz Risk Barometer 2019, top concerns include:

  • Supply-chain interruptions — disruptions and vulnerability
  • Cyber incidents — cybercrime, IT failure and data breaches
  • Natural catastrophes — storms, floods and earthquakes
  • Changes in government and regulation — government sanctions

Additionally, according to Deloitte’s Global Risk Management Survey from January 2019, 58% of financial leaders worry about risk from sophisticated actors, like nation-states, and only 35% voice confidence in their firms’ handling of risk from geopolitical events. Further, according to PwC’s 22nd Annual Global CEO Survey, only 22% of CEOs believe the risk-exposure data they receive to be comprehensive enough to inform their decisions.

So how can risk leaders address all of these concerns? In this article, we’ll discuss how you can enhance your current TPRM program to ensure that your leaders have the risk intelligence they need to make quick and effective decisions to mitigate the risks of disruption facing your third parties and global business operations from financial and cyber incidents to geopolitical and catastrophic weather events and beyond.

Negative News & Risk Triggered Assessments

The first thing risk leaders need to enhance their TPRM program is negative news monitoring. Point-in-time risk assessments are a critical component of your TPRM program, but in order to effectively minimize the risk of disruption facing your third parties and global business, you need real-time and continuous risk monitoring of negative news. A lot can change between assessments, and without negative news alerts you are uninformed of risk events that leave your business unnecessarily exposed and ill prepared.

But simply monitoring negative news is not the complete answer. Many enterprises subscribe to a news service, but due to automation are overwhelmed by false positives and irrelevant information. For effective risk mitigation decisions, accuracy and conciseness is key and so is relevancy. Wading through endless news alerts to find risk intelligence relevant and useful for your organization is neither effective nor cost efficient. News alerts need to be curated for relevancy and for criticality. It’s important to know not only the likelihood that the risk event with result in a disruption to your business or third-party operations, but also when this disruption is expected to occur.

Because continuous negative news monitoring enables you to stay on top of developments between assessments, it has the added benefit of streamlining and simplifying your periodic risk assessments. Further a TPRM program can be made more effective and efficient by moving to a risk trigger-based risk reassessment rather than picking a random period of time to repeat assessments. As an example, if a third party has a cyber breach a month after an annual assessment, it’s not prudent to wait 11 months to do the next assessment. An efficient TPRM program would use that risk event trigger to conduct a risk reassessment of the third-party’s cybersecurity susceptibility thus making the risk program more effective both operationally and in terms of cost.

Comprehensive Third-Party Risk Framework

The next step to enhance your TPRM program is monitoring a more comprehensive set of risks. We’ve established that risk leaders’ need for risk intelligence goes beyond financial and cyber, but what else should your risk framework include to effectively reduce the risk of business disruption?

At the third-party level, for instance, key management changes and senior leadership departures could have significant impact on your operations. Lawsuits, regulatory actions and compliance issues involving your third parties could also negatively impact your business. Third parties experiencing a significant loss of clients or employee attrition could be a warning that your operations are at risk. None of these risks would be revealed in a periodic financial assessment.

Additionally, in order to effectively mitigate business disruption risks you must think beyond your third parties to the locations in which they operate. Adverse climate events and geopolitical events are among the highest-ranking business disruption risks posed by your third parties. Proposed changes in legislation or government regimes, expected protests due to an upcoming election or severe storm warnings could significantly impact your third party’s ability to do business thus negatively impacting your operations. The advance warning you receive by monitoring your location risks can enable you to effectively minimize or even eliminate costly business disruptions.

How Supply Wisdom Can Help

As we’ve described, enhancement of your TPRM program requires real-time and continuous, comprehensive, high-quality and curated risk intelligence covering a broad spectrum of risk categories, but how can an enterprise fill this need efficiently and cost effectively?

Supply Wisdom does exactly that, monitoring over 300 risk parameters including all of the critical risk areas discussed in this article, to offer you the real-time intelligence risk leaders need both efficiently and cost effectively. Our risk monitoring is the perfect blend of automation and curation to ensure absolutely no false positives. As a result, your team can concentrate on proactive actions to mitigate disruptions instead of sifting through news alerts. Our cloud-based solution with open APIs allows for seamless integration into your current TPRM program. With Supply Wisdom, you can monitor all of your locations and third parties efficiently and cost effectively for risk to enhance your TPRM program for 2020 and beyond.

Interested in learning more about how Supply Wisdom can elevate your TPRM program? Request a demo today. 

About the Author

Jessica Elliott develops insights from data collection, observation and analysis that enable clients to envision their future while taking immediate action. With 24 years in public-facing roles, she understands how to connect the dots so that professionals can develop their billion-dollar idea into total market visibility.

Announcing Supply Wisdom® Exuma

The next evolution in Automated Risk Management is here. Now you can automate risk mitigation across the entire risk management lifecycle, from Risk Identification to Risk Decision to Risk Action.