Expanding Your Own Third-Party Risk Team

Image of Third-Party Risk Management

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Kyle Smith discusses the benefits of a strong third-party risk management team and what it can do for your organization.


I currently work for Florida Blue on the Procurement team. For the last year, I have worked on the contract compliance & oversight team (CCO), where I have had the opportunity to work with and learn from all three lines of risk management defense. Florida Blue's third-party risk management program (3PRMP) is new but has made significant progress since an incident occurred with one of our third parties in 2018. This incident drastically changed the tone at the top regarding risk culture but also raised the need to develop a successful 3PRMP critical for the organization's future.
 
This course provided examples of where our organization is on the right track. However, it also provided examples of areas we can improve to create a more mature risk culture. CCO is one of the minor teams within Procurement, but we are responsible for some of the essential functions as it pertains to 3PRM. We work more closely with our risk partners than any other team within Procurement. Since joining the team over a year ago, our focus has been Vendor Manager Training and Oversight. I can take so much from what I learned in this course back to our team to help guide us through these two focus points. 
 
Module 13 stresses the importance of building a solid relationship management framework. This was one of the modules I took the most from; I think this is where our company can improve. Each supplier, our enterprise third-party risk management team, deems high risk and must have at least one vendor manager. CCO has been responsible for developing training for these relationship managers. After completing this course, I can say our vendor manager training does an excellent job of ensuring the skills and knowledge our relationship managers need to manage the relationship effectively.
 
I believe we can better explain the importance of the three lines of defense and the collaboration required to have a thriving risk culture. Module 3 describes how the first and second lines of defense have different responsibilities but must work together to manage 3PR effectively. The communication between our first and second lines of security needs to improve. As emphasized so often within this course, 3PRM is a team sport. Far too often, we have gotten word that our vendor managers feel alone and that no one in Procurement can help them outside the CCO team. In module 14, it is wise to have all procurement members undergo risk training. We don't do that currently. This is a notable example of something we can work on to create a more collaborative environment between Procurement and our relationship managers.
 
I look forward to building off the areas we are doing well with our vendor manager training and have found some areas where we can improve. I found module 14 the most beneficial to the issues we face in corporate Procurement. The difference between monitoring and managing third parties is often combined, leading to confusion amongst the team. Module 14 described the importance of maintaining an accurate record of relationship managers. We keep a manual list that is updated yearly, but that isn't enough with our turnover rate. A great takeaway from this course is using the HRIS system's technology to maintain an accurate list of vendor managers.
 
Ongoing monitoring of our 3P is also critical for us to stay within compliance with our regulated suppliers. It is common for our 3p's to be acquired or involved in a merger. This is especially critical information for my team. We need this info for our internal compliance records but sometimes don't find out about the acquisition/merger for months. This puts us in a difficult position with our Compliance partner we deal with directly. Module 14 does an excellent job of describing the benefits of a shared services model. This could be a solution to our communication issues surrounding acquisitions and mergers. 
 
Before joining the Florida Blue Procurement team, I was in the maritime industry, where risk is measured in life and death. After taking this course and my daily involvement with our risk partners, I have realized how vital a strong risk culture is to an organization. Third-party risk management may not be measured in life and death. Still, as discussed in module 2, if an organization doesn't make it a priority, it can be detrimental to the future success of an organization. 

SIG University's Certified Third-Party Risk Management Professional (C3PRMP) program is a globally recognized certification that is the “gold standard” in terms of relevance, scope and content. The C3PRMP program was created by Linda Tuck Chapman, an advisor, educator, author and expert.

 

Kyle Smith, Sourcing Specialist, Florida Blue

Kyle Smith is a Sourcing Specialist at Florida Blue in Jacksonville, Florida. He was born and raised in a small beach town in Central Florida called Ormond Beach, just north of Daytona Beach. He graduated from the University of North Florida in 2018 with a Bachelor’s Degree in Business Management.

After graduation, he began his career in the maritime industry, working as a training coordinator for two years at Crowley Maritime Corporation. Outside of work, he loves spending time with his family and being active in any way he can. Anyone that knows Kyle will tell you he enjoys making others laugh and tries to live every day like it’s his last.