Certified Third Party Risk Management Professional (C3PRMP) Program from SIG University covered all areas of third-party risk management. It provided practical tips and guidance to tackle today’s challenges from Third-party risks. I have more than 15+ years of experience in the Banking & Financial Services industry. During this time, I have been involved in various regulatory projects and worked closely with Third Party Governance, Procurement, and Legal teams. In this essay, I would like to examine the technology risk area in general, and Artificial Intelligence (AI) risks in specific. Also, review the sources of AI risks, challenges faced by firms, specifically in Financial Services, in managing AI risks, and a practical approach to managing those risks.
Understanding the Problem
AI technologies and solutions are used in most industries, especially in financial services. Banks and financial firms use AI-based solutions or models to optimize their operations and remain competitive. However, many third-party vendors supply these services, which directly impact the AI-governed systems of banks or other businesses. Therefore, firms must understand how their business can be affected by AI-driven systems and how to manage the new and varied risks posed by third parties.
Senthil Jagadeesan, Head of Procurement Ops & Tech, Valley Bank
Accounts Payable function is fundamental to the operational and financial success of many organizations across the globe. Yet it continues to be viewed as a cost center.
It was never uncommon to hear of documents buried in paper trails, missed discounts and strained supplier relationships, etc. But recently, the pandemic added to these woes and proved that the ways in which many Accounts Payable teams still operate are not just dated and costly, but may also put the health and safety of employees at risk.
Stuck in the dusty alcoves of the back-office and bogged down by a myriad of time-consuming, manual tasks, an un-optimized AP Function is host to a slew of redundancies, avoidable costs, and frustrating friction areas.
Not recognizing and dealing with these redundancies will become increasingly costlier to businesses – competition is already at an all-time high and teams are being asked to deliver more every year. And in addition, issues like climate change mean that uncertainties and global disruptions will only become more frequent with time. In this backdrop, organizations that still haven’t got on the AP Automation bandwagon need to ‘level up’ to survive.
Fortunately, as per the latest bodies of research, these problems aren’t just easily rectifiable but they’re also ones that are likely to pay the most dividends once solved. Case in point: Gartner’s research found that AP (APIA in specific) is one of the best applications of artificial intelligence in a business, both in terms of business value and in terms of feasibility.
Procurement is entering a new era of increasing complexities in which traditional measures of success such as cost savings are no longer the sole focus.
Instead, and as reported in the Deloitte 2021 CPO Survey, "changing business dynamics and increasing layers of complexity" and corresponding "expectations" are transforming the way the industry thinks and acts.
For example, new and more challenging areas such as "climate change, geopolitical stability," and "increasing societal expectations" are now part of the new equation.
The introduction of these emerging variables is causing organizations to re-examine their digital transformation strategies, including how Artificial Intelligence (AI) can help them address the industry's challenges.
The SIG Survey
In 2021 SIG surveyed 100 procurement professionals from Fortune 500 and Global 1000 organizations on digital transformation and AI in procurement.
Based on the results, it is clear that those responding to the survey believe that "procurement's priorities lie with how AI technology can streamline the roles and processes to deliver meaningful and sustainable results."
Unfortunately, and despite the opportunity for more significant gains, the survey reports that "several obstacles" make it difficult for organizations to "bridge the divide" between the promise of digital AI and the realization of its optimal benefits.
Crossing the Divide
Understanding the importance of AI and identifying the challenges with realizing its potential to redefine and empower procurement to achieve critical objectives is the first step to crossing the aforementioned divide.
Mary Zampino, Vice President – Content, Research & Analytics
What is a simple definition of intelligent automation?
Canda Rozier: I think intelligent automation is a fully holistic approach for business transformation that lets companies start to analyze data, provide analytics on the data and deliver digital solutions to optimize business processes and tasks. I think one of the things that has really struck me as I've learned more about and become engaged with intelligent automation is that it's as important to understand what it's not as to understand what it is.
A lot of intelligent automation projects fail or don’t provide results – why?
Lawrence Kane: It's not a panacea, and it really needs to be implemented systemically because it's a program. It shouldn't be a one-off, because you have to look at your tools and processes and how the enterprise creates value and understand where are the places that you want to go and automate. Where are the places you want to stop doing things, where are the areas that you need to change doing something, right?
SIG University Certified Intelligent Automation Professional (CIAP) program graduate David Romo-Garza discusses how discipline and organizational changes will create efficiencies throughout the lifecycle designed to implement Intelligent Process Automation.
Automating processes is still a challenging endeavor for multiple organizations. Lines of Business (LoB) continue to struggle to understand the steps that it takes to implement and manage Intelligent Automation efforts effectively. Bringing discipline to an undisciplined culture creates a multitude of barriers that have a trickle effect that prevents organizations from effectively automating their processes.
Navigating the Lines of Business and Processes
During my last position at my current organization, I experienced the pains and aches from both perspectives, the LoB and the Process Owner. On one end, I represented the LoB, who was trying to automate the due diligence procedures related to vetting our third parties. While the process was considered automated, it was ineffective and broken. It required countless manual tasks, including requiring end-users to save their assessments in an excel spreadsheet.
Additionally, the system design contained a detrimental limitation that prevented users from partially completing an assessment and returning later. The system did not have the ability to save progress prior to completing and closing their official assessments. Further, the system did not effectively introduce business controls designed for preventive nor detective error/compliant applications.
David E. Romo-Garza, Director of Business Risk and Controls
SIG University Certified Sourcing Professional (CSP) program graduate Katherine Smith shares how lessons in the CSP program informed her during her company’s digital transformation.
One of the many areas of the CSP program that I found to be of great relevance for my role as a Procurement Specialist at Fannie Mae was the Lesson on Artificial Intelligence. Being of an older generation, I can remember working as a manager when there were no computers. Inventories were taken manually and then extended using calculators or adding machines. It was a significant step forward when we could automate that process.
Gone are the days of spending long hours on the phone reading off SKU numbers and quantities needed when placing orders for products, such as the food and paper supply needs of a hospital foodservice department.
Katherine Smith, Sr. Contracts and Procurement Specialist, Fannie Mae
Amanda Slevar is a Manager of Presales for SAP Fieldglass. She brings over 15 years of contingent labor management and services procurement expertise to prospective customers to designs solutions to fit their current needs, and build toward an innovative future program. Amanda is a featured presenter at SIG’s Global Executive Summit which takes place this month. The Global Executive Summit is free to all qualified buy-side practitioners and sell-side members.
What does it mean to “future proof” your external workforce management?
To me, this comes down to three core areas: People, Process, and Platform and they are all incredibly dependent on each other for success. Starting with people, if organizations are really serious about strategically managing their external workforce, they understand that people are core to making sure the experience and adoption of the program is successful. Whether that is through an internal center of excellence or via a 3rd party MSP to manage, having the eyes, ears, and hands, to be able to react to changes and growth opportunities that are going to arise with any program from the most newly deployed to a fully mature global installation.
Secondly, having a clear and simple process for procuring external talent is key to adoption, which fuels growth organically. I have had the benefit of seeing many programs start out small in scope, and through the simplicity and ease of a process that was executed begin to expand and grow just because they delivered a delightful experience, and other parts of the business want it too! No forceful, mandated rollout, just a great solution that delivers value to its end users.
Amanda Slevar Manager, Customer Success, SAP Fieldglass
Before any organization can do business with an external vendor, it needs to examine its data privacy protocol against new legal requirements. Recent legislations like General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the U.S. has cast a spotlight on the handling of consumer data, especially the way it is shared among third parties. Organizations of all sizes in every industry are upgrading the vetting processes to make sure that new vendors don’t bring additional risks.
These risk assessment processes contain several moving parts, and a mistake at any point along the way can jeopardize the result. The easiest way to pinpoint the holes in your organization's vendor vetting workflow is to review the entire process from beginning to end and examine the opportunities for data privacy lapses. Here are four common pitfalls to look for:
1. Overlooking Contract-level Details
Amid all the changes happening to the regulatory landscape, it’s easy to overlook errors in the language of your contracts. In a short window of time, contract language—on old and new agreements—needs to be updated to provide consumers with new legal protections and redefine business-to-business relationships with any party that touches consumer data. If contracts are being negotiated in that window, some terms might slip through the cracks and expose you to new risks.
I recently went back to read an article that I bookmarked a while back on the predictions for 2020. Forget self-driving cars and flying cars; Popular Mechanics magazine predicted in 1951 that every family in the 21st century would have at least one helicopter in their garage. They also predicted in 1957 that every road and street would be “replaced by a network of pneumatic tubes,” and your car would only need enough power to get from your home to the newest tube.
Dave Evans, the chief futurist for Cisco Visual Networking, actually predicted in 2012 that he'd be out of a job by this time because, as he forecasted, everyone would be able to predict the future themselves.
Automating Everyday Tasks
I wasn’t alive when Popular Mechanics made its predictions, but I was alive for the statement by Dave Evans. What I know for sure is that while his prediction for companies to make data-informed decisions is slowly coming to fruition, we are far off from a world without futurists. What amazes me is that most automation predictions were in the form of self-driving cars rather than taking place in everyday life.