Shifting Focus in Third Party Risk Management: From Compliance to Insights

Practitioners are still predominantly focused on the operation and compliance of the TPRM process as opposed to the ultimate risk insights it should drive for their organisations. There are a myriad of reasons for this, not least the way regulation tends to drive an emphasis on compliance to process rather than outcomes.

The Complexity Conundrum

Exacerbating this problem are the sheer number of different protagonists and handoffs involved in a typical process — even in more mature processes. With too many silos and handoffs comes complexity, inefficiency, increased cycle times, and even less bandwidth to focus on risk insights and outcomes.

Insights from the Front Line

So, what was the view in the room on this and how do we address it? Firstly, there was unanimous recognition and agreement on the problem statement. Additionally, the workload on central teams such as TPRM, TPM, and Procurement grows year on year, further straining their capacity.

Working Towards a Holistic Approach:?

There needs to be more connectivity between components of the third-party lifecycle for the good of the process and the end user's experience—creating more of a holistic Third-Party Management capability:

• Reducing Handoffs: TPRM teams need to assess their processes with the goal of reducing handoffs. This is easier done when undergoing a transformation and/or system change.
• Leveraging Market Capabilities: There is increasing interest in leveraging market capability for aspects of the process to more efficiently deliver back the necessary insights.
• Building Connectivity: Strengthening the connections between various components of third-party management is crucial. This interconnected approach fosters a more holistic TPRM capability, breaking down silos and enhancing the flow of information.
• Positive Language and Resilience: Make the language more positive. There is too much emphasis on individual risk topics within TPRM and not enough on creating and sustaining resilience.

Conclusion

For TPRM to evolve, a shift from a compliance-centric to an insights-driven approach is essential. By reducing process complexity, leveraging external capabilities, and fostering a holistic and resilient TPRM framework, organisations can better navigate the intricacies of third-party relationships and enhance their overall risk posture.?

The journey towards this transformation begins with recognising the need for change and committing to a strategy that prioritises meaningful risk insights and outcomes.

To discuss how you can transform your organisation’s approach to risk, reach out to one of the team at 3VRM - and if you’d like to be part of our next breakfast roundtable, email Daniel Crease .?