This is the final entry in our series of three blogs which cover the topic of third party risk. In this article, we explore the design and implementation of frameworks which organisations are implementing in order to help them manage the third party risk. We highlight some of the stages and challenges of creating such a framework and the requirement to make it specific to your organisation in order for it to be successful.
Increasing regulation in the Financial Services industry has highlighted the importance to FS organisations of being able to demonstrate effective management and monitoring of third parties to which key business functions are outsourced. It has resulted in FS organisations considering how this can be achieved in line with business requirements and resource constraints.
Accordingly, we have seen an increasing number of businesses are looking to enhance visibility and management of third party risks, particularly in relation to regulatory and security compliance. However, FS businesses tend to have exceptionally large populations of third parties and therefore, achieving the necessary levels of governance can be a significant challenge, particularly where there has been limited historical activity in this area.
For example, one business looking to introduce a contract management framework had previously stored its third party contracts in a number of locations including the IT network, cupboards and employee desk drawers. This meant that the business did not have visibility of key terms and obligations across its contractual population such as renewal dates or key performance indicators.
However, through using innovative technology solutions as well as seeking external advice, the challenging first few steps to identify third parties, contracts and key personnel can be simplified to reduce the impact upon the business and resource requirements.
The next step following identification is to identify what risks, exposures, opportunities and liabilities are within the third party population and begin to develop policies, procedures, roles and responsibilities to manage such elements. This may involve developing a business-wide reporting process to deliver visibility of third party performance in selected areas, or, segmenting the population and categorising third parties into risk based 'tiers' to enable the selection of appropriate assurance activities.
The term 'framework' is generic, but the benefits of building a structure to effectively manage suppliers throughout the contractual relationship can be highly tangible, leading to more efficient commercial relationships and a manageable risk profile across the supplier library.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
