Each business unit owns the risks associated with the contracts they decide to enter into. This is a fundamental principle built into third-party risk management (TRPM) programs. In large organizations, the program's success is highly dependent upon each Business Unit fulfilling their responsibilities.
The Business Unit Structure for Risk Management Success
The business unit needs to ensure they have a suitable organizational structure and resources to fulfill their third-party risk management program responsibilities. This includes having team members trained in specific competencies and adequate capacity based on the level of risk associated with the business unit's third parties and sufficient capacity based on the level of risk associated with the business unit's third parties.
Once the contract is set, the business unit is responsible for the activities and tasks related to owning the relationship ( “relationship management”), including communication, contract, performance, and risk management. Team Members who reside within a business unit who perform relationship management activities comprise the largest internal population of team members who should manage risk due diligence activities with third parties.