Decelerate To Accelerate – A Best Fit Perspective For Third Party Risk Management?

Image of third party risk management

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate John M. Lehr discusses how third-party risk management teams must enter into a safe third-party relationship and how to build and maintain trust, as well as how to adapt as the consumer wants and needs evolve rapidly.

The world of Third-Party Risk Management is one of frequent change. As consumer needs evolve rapidly and our lives speed up the market for the "next new," we are faced with changing our business and operating models. With each wind of change, our sails just as well – at least in theory. In the face of changing winds, organizations must work harder and faster to keep up.

But we must ask ourselves, is slowing down the new speed up? In her blog titled, "RegTech and the Role of Third-Party Risk Management," a well-respected leader in the Third-Party Risk Management industry, Linda Tuck Chapman, states, "Since the 2008 financial crisis, the U.S. has arguably become the most complex and costly jurisdiction for regulatory compliance." She goes on to state that "The financial services sector leads the pack in terms of the amount of regulation it is subject to, including the compliance challenges, regulations, and laws in near and far-flung jurisdictions, as well as the cost and complexity of compliance, risk management, and governance practices." 

So, what do speed, regulation, and a rapidly changing risk management landscape have in common? A cost is tied to it requiring us to right-size what we do. Furthermore, we need to encourage leaders to deaccelerate to build better relationships with our third parties. 
Right-sizing perspectives-
From my experience going through the entire C3PRMP course, working with high-performing teams over the span of my 13-year career (I am only 37 years young), and earning two graduate degrees (working on many collaborative research projects), I have concluded that speeding up isn't always the best response to rapid and complex organization needs because it takes away from the "big picture perspective."
By not valuing a "big picture perspective," projects become more complex, we consume more energy and resources, and, in most circumstances, we only accomplish a small percentage of the task at hand. 
Encourage Leaders and teams to decelerate-
Let's face it; leaders work on the premise of guaranteeing outcomes. The need to manage and structure organizational needs and challenges often leads to getting from point A to point B with speed, and control to achieve guaranteed outcomes is at the forefront of any leader's mind. During this point, there is often little time to slow down because regulatory demands, market changes, etc., have already presented themselves.
By encouraging leaders to slow down, we accept that challenges are complex. We also recognize that dialogue is more profound and richer amongst all stakeholders when we slow down. Furthermore, we realize that solutions are always available. And lastly, inclusive engagement ensures energy is directed at what matters most. 
Build up relationships with your Third Parties
In the C3PRMP course, we learned the value behind "Knowing your customer (KYC)." While the KYC guidelines fit closer to AML/Compliance and the validation of your third party, we can also apply this even broader. KYC is also about maintaining the relationship with your third party. And as most of us know, relationships are built on trust, equitability, and value. So how does this tie into slowing down/deacceleration? Simple.
If we find ourselves constantly tapping the shoulders of our third parties to overreach their resources to help fulfill a regulatory commitment - how do you think that relationship is going? Probably not as well as it could be. Take it a step further. The same scenario, except if they didn't need to overextend their resources because we didn't slow down and right-size the scope of what we needed when we sent a mile-long due diligence artifact request list and said we needed it immediately?
The point here is that third parties represent the lifeblood of organizations. And if you burn the relationship, the outcomes are often costly. 

SIG University's Certified Third-Party Risk Management Professional (C3PRMP) program is a globally recognized certification that is the “gold standard” in terms of relevance, scope and content. The C3PRMP program was created by Linda Tuck Chapman, an advisor, educator, author and expert.


John M. Lehr, Lead Business Risk and Controls, USAA

John M. Lehr is a Lead Business Risk and Controls at USAA with over 13 years of professional experience in third-party risk management, management consulting, risk, compliance operations, finance, and public policy analysis. He holds a bachelor’s and two master’s degrees. In his spare time, he spends time with his family. Fun fact about John: He is an avid aviator (private pilot) and outdoorsman (hunter/fisher).