Learning Why Third-Party Risk Management Matters

Implementing the Enterprise Third-Party Risk Management Framework

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Jaclyn Seals discusses how taking the C3PRMP program has given her the resources to grow in her role and the expertise to be an asset to her team.

 When I first registered for this course, I wasn’t exactly sure what to expect. I initially thought I would learn a lot of things that I was completely unaware of. I was pleasantly surprised to see that I was learning the “why” behind the changes my organization has been implementing over the past two years.

This course took me deeper into what I need to know to be a successful third-party risk management professional (TPRMP). I will discuss how my organization has evolved, how it has impacted me, and how this course helped me see how I can grow more effectively through these changes.

Evolving into Third-Party Risk Management

My journey as a TPRMP started four years ago. At that time, we were known as Vendor Relationship Managers. My job was to perform the ongoing monitoring task. At that time, I did not know that I was performing a TPRM function under the Enterprise Third-Party Risk Management Framework (ETPRM).  

It wouldn’t be until two years into my role that ETPRM was introduced to us. I remember being told that things were changing, and my role was going to evolve quickly. My leadership team was not kidding! Not only have I have learned more than I ever imagined, but my role has also significantly changed during this time. 

Implementing the Enterprise Third-Party Risk Management Framework

The change to my role is largely due to heightened regulatory requirements that my organization has put in place. We were never really that “big” to have all eyes on us. Due to our significant growth over the past several years, we are now seen as a large financial institution.

Two years ago, our infrastructure did not have an organized third-party risk management team. You could say we ran it the way we thought best and each third-party area did things differently. As a result, we began to implement the lifecycle portion of the Enterprise Third-Party Risk Management Framework.  This task was a huge undertaking and required external expertise, which was not something we were used to at the time.

My team began to expand with people hired from other prominent organizations and that surely raised eyebrows. We questioned why our current team members were not qualified for this job. I now know that because of the drastic changes needed for us to meet industry standards for compliance, oversight, business continuation and third-party governance required expertise that my organization didn’t have.

>>How to Become a Certified Third-Party Risk Management Professional<<

We never needed this level of knowledge up until now. My current boss is one of those experts, and I wouldn’t know what I know today if it weren’t for her. In addition to hiring outside expertise, we also began building the foundation to educate our own team on our new priorities and the importance of being held accountable.

Lifecycle Management Framework

The section that I most identify with is Module 5 – Lifecycle Management because this aligns with how my job was impacted throughout all the changes. I moved from a role that supported the relationship with the supplier and the ongoing monitoring activities to all stages of the lifecycle management framework. My relationship with the supplier is a little different in that my conversations focus on the risk aspect versus the service level objectives and key performance indicators.

The most significant undertaking I recently took part in was the Inherent Risk Questionnaire (IRQ), as we have made some changes to our contracts by consolidating them down from 19 contracts to five. My main takeaway from this course was how important it is to make sure the questions are answered correctly when conducting the IRQ.  The answers impact the overall rating of your contract and how it is managed.

In this highly regulatory environment, it is even more critical to make sure we do our due diligence in accurately answering the questions and to engage your functional specialist for clarification.

In conclusion, taking this course has been instrumental in understanding the changes my organization has undergone. Most importantly, I now have more resources on hand to help guide and assist me. With this knowledge, I can be more of an asset to my team. Thank you to SIG University for a great course and for giving me that boost to enhance my career further.

SIG University's Certified Third-Party Risk Management Professional (C3PRMP) program is a globally recognized certification that is the “gold standard” in terms of relevance, scope and content. The C3PRMP program was created by Linda Tuck Chapman, an advisor, educator, author and expert.


Jaclyn Seals, Third-Party Relationship Manager, USAA

My name is Jaclyn Seals and my current role is a Third-Party Relationship Manager (3PRM) providing support to our 3rd Party extended partners for Lending Solutions and Mortgage.  In this role I am responsible for ensuring the delivery of indistinguishable member experiences by 3rd party call center agents and I am committed to driving suppliers to meet and exceed operational risk goals. Prior to my role in third-party relationship management I was a manager of frontline member service specialists supporting several call types to include consumer lending, deposits and credit cards. In my spare time I enjoy spending time with friends, reading, hiking, traveling and going to the movies. I have a Bachelor of Arts Degree in Management and an MBA, both from Our Lady of the Lake University.  I have been employed at my organization for 20 years.