SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Kyle Brown discusses the value proposition and responsibilities for the key players in an effective third-party risk management program.

Each business unit owns the risks associated with the contracts they decide to enter into.  This is a fundamental principle built into third-party risk management (TRPM) programs. In large organizations, the program's success is highly dependent upon each Business Unit fulfilling their responsibilities.

The Business Unit Structure for Risk Management Success

The business unit needs to ensure they have a suitable organizational structure and resources to fulfill their third-party risk management program responsibilities. This includes having team members trained in specific competencies and adequate capacity based on the level of risk associated with the business unit's third parties and sufficient capacity based on the level of risk associated with the business unit's third parties.

Once the contract is set, the business unit is responsible for the activities and tasks related to owning the relationship ( “relationship management”), including communication, contract, performance, and risk management. Team Members who reside within a business unit who perform relationship management activities comprise the largest internal population of team members who should manage risk due diligence activities with third parties.

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Andrea Solano discusses how taking the C3PRMP program helped her to implement the framework for her team to operate as an optimal risk management and risk mitigation function across her department and enterprise-wide. 

 There are different types of workstreams and specializations that have been around a long time. However, the discipline of Third-Party Risk Management is something that is in the very beginning stages of inception. Currently, it is evolving into a discipline that many organizations shall be implementing as a standard operating function in the Silicon Valley business sector I work at. Working at Silicon Valley, the term Third-Party Risk management is still somewhat foreign and not understood as a critical and vital risk management function.

Third-Party Risk Management Function

The key role that I fulfill within the Third-Party Risk Management life cycle is in the due diligence process, which is the internal audit function that serves as a 2.5 – 3rd line of defense within my organization’s Risk Management Function. The SIG University Third-Party Risk Management training that I have taken throughout these past ten weeks has been highly instrumental for me. It will help create, build-out, and develop an internal audit framework that will be customized to meet the needs of this brand-new Third-Party Risk Management function within my organization.  

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Jaclyn Seals discusses how taking the C3PRMP program has given her the resources to grow in her role and the expertise to be an asset to her team.

 When I first registered for this course, I wasn’t exactly sure what to expect. I initially thought I would learn a lot of things that I was completely unaware of. I was pleasantly surprised to see that I was learning the “why” behind the changes my organization has been implementing over the past two years.

This course took me deeper into what I need to know to be a successful third-party risk management professional (TPRMP). I will discuss how my organization has evolved, how it has impacted me, and how this course helped me see how I can grow more effectively through these changes.

Evolving into Third-Party Risk Management

My journey as a TPRMP started four years ago. At that time, we were known as Vendor Relationship Managers. My job was to perform the ongoing monitoring task. At that time, I did not know that I was performing a TPRM function under the Enterprise Third-Party Risk Management Framework (ETPRM).  

It wouldn’t be until two years into my role that ETPRM was introduced to us. I remember being told that things were changing, and my role was going to evolve quickly. My leadership team was not kidding! Not only have I have learned more than I ever imagined, but my role has also significantly changed during this time. 

SIG University Certified Third-Party Risk Management Professional (C3PRMP) program graduate Michele Wesseling discusses balance between satisfying your firm's need to generate revenue and mitigate third-party risk.

Third-party risk management in the financial industry requires careful consideration when developing an operating model. It is essential to consider the regions and regulations that govern. In most of the banking industry, your internal risk culture allows you to easily implement a third-party risk program that methodically measures inherent risk, provides time to assess third party controls and negotiates contracts that enforce controls and mitigates residual risk.

Internal vs. Third-Party

The internal risk culture changes once you enter the world of capital markets where decisions are made quickly, risk is a way of life and patience is a rare quality. Now add the risk of a trade execution platform failing during a stock market dive and counterparties not having the ability to trade for several hours. The outage would be noticed and gain publicity, potentially causing Regulators to investigate. Should this occur and the necessary due diligence steps that would have highlighted this vulnerability were skipped, the repercussions could be costly. Your firm's reputation would be at stake and you most likely will face regulatory scrutiny that could result in fines. Striking a balance between satisfying your firm's need to generate revenue and mitigate third-party risk is an interesting challenge. If your operating model is too slow and cumbersome, your business will most likely attempt to circumvent the process. Careful consideration needs to be taken when aligning your control assessments to the true inherent risk.

Business today isn’t business as usual, as the COVID-19 pandemic impacts organizations and supply chains across the globe. And in uncertain times such as these, leaders in every industry and business function must step up. New leadership skills and traits will be necessary to ensure business continuity, and to inspire teams to work together to support each other and remain productive.

We recently interviewed Dawn Tiura, President and CEO of Sourcing Industry Group (SIG). Dawn will be presenting a thought-leader keynote titled “Leadership in Uncertain Times” at Ivalua NOW, the premier virtual event for procurement leaders, on May 5. During our interview, she shared with us her thoughts about how leaders must draw on different skills and traits when unexpected circumstances arise, and how the COVID-19 pandemic is inspiring them to employ different leadership styles to unite and motivate employees.

Today, procurement leaders have a seat at the table in e-staff meetings. How has the role changed over the past few years?

It’s changed dramatically. In the past, we were seen as overhead, not as a strategic partner. Procurement teams were just buyers who delivered what other departments told them to buy. Organizations viewed procurement as the bottleneck between what they wanted and when they received it. In reality, procurement sees all the waste and redundancy that exists in the supply chain, and has a significant impact on a business’s bottom line.