Kyle Brown's blog

Business Unit’s Role in Elevating Third-Party Risk Management Capabilities

Third-Party Risk Management business unit

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Kyle Brown discusses the value proposition and responsibilities for the key players in an effective third-party risk management program.


Each business unit owns the risks associated with the contracts they decide to enter into.  This is a fundamental principle built into third-party risk management (TRPM) programs. In large organizations, the program's success is highly dependent upon each Business Unit fulfilling their responsibilities.

The Business Unit Structure for Risk Management Success

The business unit needs to ensure they have a suitable organizational structure and resources to fulfill their third-party risk management program responsibilities. This includes having team members trained in specific competencies and adequate capacity based on the level of risk associated with the business unit's third parties and sufficient capacity based on the level of risk associated with the business unit's third parties.

Once the contract is set, the business unit is responsible for the activities and tasks related to owning the relationship ( “relationship management”), including communication, contract, performance, and risk management. Team Members who reside within a business unit who perform relationship management activities comprise the largest internal population of team members who should manage risk due diligence activities with third parties.

Kyle Brown, Managing Director, ATB Financial