Third-Party Risk Management: Getting the Most of Limited Risk Management Budgets

Diamond in the Rough I
Diamonds In The Rough: A Perspective on Making High Impact College Hires
November 14, 2021
Simulation-Based Credit Analytics: Managing Tail Risk and Uncertainty
April 23, 2022

Third-Party Risk Management: Getting the Most of Limited Risk Management Budgets

2022 and Beyond

Third-Party Risk Management (TPRM) is critical for financial services success. The pandemic has created greater uncertainty, resulting in the need for better solutions to get TPRM right.

Call Center

The gold standard for financial services supplier management guidance is provided by the U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC): Third-Party Relationships: Risk Management Guidance.

The approach is straight forward. The regulators expect a repeatable, consistent, and auditable process that risk manages the financial services company’s supplier portfolio. However, the impleisk Management Life Cyclementation of this apparently straightforward process is incredibly complex. The “new normal” of our pandemic-impacted world has only added to that complexity. Visibility has decreased as our ability to perform “eyes on” risk management reviews has changed.In fact KPMG, LLP, the global Financial Services Advisory firm, provided a 2022 TPRM Outlook. This is based on a survey 1,263 TPRM professionals globally. Their key findings are summarized here:

  • Third-party incidents are disrupting the business and damaging reputation
  • Businesses underestimate the need for a sound TPRM program, resulting in insufficient budgets
  • Technology is not yet fulfilling its promise
  • The challenge of limited resource is here to stay
  • Most businesses struggle to maintain a fit-for-purpose TPRM operating model

The good news is that most financial services firms have significant data to anchor objective assessments when managing individual suppliers. Also, those objective assessments may be overlaid with the seasoned judgment of line and risk professionals.

The Supplier Risk Management Challenge

The challenge is managing a portfolio of suppliers and effectively integrating the objective assessment information with the professional judgment, all the while, creating a prioritized and adaptable supplier portfolio. The supplier portfolio should be prioritized in a way that helps the financial services firm get the “biggest bank for their buck.” Risk management budgets are often limited, and supplier changes come quickly. Ultimately, having a supplier decision audit trail that tells the accurate story of “how and why the firm managed its suppliers” is incredibly important for regulators.

To that end, it is important to maintain a straight-forward supplier risk framework, that integrates core risk management principles, including inherent risk, control effectiveness, and how they impact residual risk. The framework should include:

  • Identification of key risks
  • Identification of firm assessment entities (“AEs”) that may utilize the suppliers
  • Use of both quantitative inherent risk ratings and qualitative adjustments for those AEs.
  • Use of both quantitative control effectiveness ratings and qualitative adjustments for the suppliers.
  • A technology to facilitate the integration of quantitative information with qualitative adjustments
  • Use of the latest data transportation capabilities, such as APIs
  • Ability to prioritize resulting residual risk in a way that provides an assessment game plan to invest limited risk management budgets in both proactive risk management and risk remediation.

This framework is also described in the following:

Supplier Risk Management Approach

Definitive Business Solutions, Inc. provides innovative and proven business solutions to federal and state agencies and the financial services, higher education, and corporate headquarter industries.

We specialize in managing and delivering complex projects and programs, facilitating technology and business investment decisions, and managing enterprise risks.

Our flagship, cloud-based decision management platform and portal manages a portfolio of business and risk management needs throughout the program lifecycle. Our technology is grounded in the following pillars:

  1. Our Definitive 6™ methodology, which is grounded in decision science
  2. The Analytic Hierarchy Process, which is the leading technique for multi-criteria decision making
  3. Easy access for stakeholder engagement. Decision participants can use laptops, smartphones, or tablets to share their judgments – eliminating the need for them to be in the same room, at the same time
  4. Standardizes the financial business case, which provides a 5-year time-phased cost vs. benefit analysis
  5. Employs a prescriptive analytics capability to mathematically optimize the allocation of time and resources

Please see our whitepaper Effectively Using Decision Support Solutions to learn how our decision process could help your organization.

For more information, please contact Definitive Business Solutions, Inc.:

  • John Sammarco, President |
  • Jeff Hulett, Executive Vice President |

© 2022 Definitive Business Solutions. All Rights Reserved.