×
Blogs

New in Danube Release: Dun & Bradstreet Integration for Third-Party Financial Health Assessment

New in Danube Release
3 min read

Introduction

In today's world, many organizations are dependent on their third parties for a wide range of business services. Outsourcing business processes to vendors has helped organizations optimize the cost of their operations. Businesses also gain additional advantages from these relationships, including the ability to provide better services to their customers, improving efficiencies, and overall performance, and in many cases, gaining a competitive edge. However, dependencies on and the complexity of third-party relationships also brings a certain level of risk, which if not handled properly, may result in operational, reputational or financial loss, or even damage to the organization's brand value.

With the onset of the COVID-19 pandemic, several new risks have emerged. Because of their production or services specialization, many third parties have faced distinct challenges during the pandemic. Lockdowns, increased safety requirements, and a rapidly changing workforce have created an environment where some third parties are unable to deliver required products or services to the organization as reliably as they had in the past. In some cases, third parties have faced financial struggles, that have further resulted in a disrupted supply chain and value chain.

From the organization's perspective, it has become increasingly important to assess the financial stability of its third parties and extended enterprise. Firstly, during the onboarding of a new third party or relationship – to ensure that it onboards only those third parties that are financially strong, and secondly, to continuously monitor for any changes in the financial health posture of the third parties. The initial onboarding review and continuous monitoring can provide the organization with confidence in the third party’s financial position. Or, alternatively, enable it to define substitute options should the third-party struggle or fail.

With MetricStream’s Danube Software Release, it’s now possible to determine third party financial risks during onboarding due diligence and to continuously monitor the financial health of vendors and third-party suppliers, creating an additional level of review and insight, and more informed decision making.

Learn more about the Danube software release. Read What’s New in Danube Software Release.

Leverage MetricStream’s Dun & Bradstreet (D&B) Integration for Third-Party Financial Health Assessment

Using Dun & Bradstreet data cloud, an organization can leverage trusted source financial records to better vet and validate third parties throughout the engagement.

MetricStream's Third-Party Risk Management product seamlessly integrates with the D&B data cloud to help risk managers make informed decisions while onboarding a third party. And, because the data may be updated at any time, it also allows for continuous monitoring of any changes in the financial health of an existing third party.

The D&B integration also automates the updating of third-party profile content using data maintained in the D&B data cloud, thus eliminating the need for any manual data entry in the D&B DUNS system.

With MetricStream’s Dun & Bradstreet Integration, your organization gains the ability to:
 

trp 2

 

 

Power What’s Next in Third-Party Risk Management with MetricStream

As organizations continue to embrace the extended ecosystem, driven by the many benefits it brings, risks within supply chains, third party engagements, and cyber vendors will continue to accelerate. To manage and mitigate emerging and evolving third-party risk, your organization requires a connected, integrated, and proactive approach.

MetricStream’s ConnectedGRC, built to meet the emerging needs modern businesses, enables your organization to power what’s next with an integrated approach to risk management. Streamline the identification, assessment, management, and mitigation risk across the enterprise, including IT and cyber risks, third-party risks, compliance risks, and ESG risks.

Effectively manage third-party risk and IT vendor risk with:
 

trp 1


Want to learn more about how our third-party risk management software can help you? Request a demo now.

You may also want to read:

Third-Party Risk: A Turbulent Outlook Survey Report 2022

The Ripple of Effects of Log4J: How You Can Stay Prepared and Resilient

Building An Enterprise ESG Program? Here's How Technology Can Help You Succeed

 

Kaul Siddharth- MetricStream

Kaul Siddharth Product Manager

Siddharth Kaul is a Product Manager at MetricStream. He is responsible for managing the Third-Party Risk Management product suite and the product lifecycle including product strategy, roadmap, design, requirement definition, field enablement, customer adoption, competitor analysis, and technology partnerships.

 
Blogs

2022 Trends – What’s Next in Third-Party Risk Management?

Third party risk
5 min read

Introduction

It’s 2022 and third-party risk is no longer viewed as merely a ‘procurement department issue’. Today, events such as a security breach or a risk incident that affect your supply chain and the actions (including the lack of proactive steps) taken by your vendors can have direct and lasting consequences—financially, legally, reputationally, strategically, and more. Additionally, with vendor-related incidents increasing year on year, regulators are now making it mandatory for organizations to manage third-party risk.

So, what can we expect when it comes to third-party risk management in 2022. Here are 4 trends to help you prepare for what’s next.

Third-Party Risk Management Software Solution
 

1. Increased Focus on Cybersecurity Risk Continues

Since the onset of the pandemic in 2020 and the success of remote work, many organizations are looking to continue with their business operations remotely. But with the operations remaining online the cybersecurity risk has also increased. The number of data breaches in 2021 has already surpassed the total number of breaches in the previous year. As per reports from the Identity Theft Research Center, data breaches in 2021 have increased by 17% from 2020.

According to a study by Forrester, 60% of security incidents will result directly from issues with third parties. With cyberattacks targeting vendors and suppliers, third-party cyber incidents will increase and Log4j, SolarWinds-style headlines will impact firms that don’t invest in the proper risk management tools.

As cyber risk has emerged as one of the top risks that concern Chief Risk Officers, the cyber risk insurance premium has gone up significantly. An estimate by Moody's Investor Services points to an increase in the total premium paid for protection against cyber frauds and ransomware attacks —from $1.2 billion in 2019 to $1.6 billion in 2020. The loss ratio has also seen a significant escalation due to the increasing ransomware attacks from 44% in 2019 to 65% in 2020.

To understand the overall cyber risk exposure of a third party, various platforms such as BitSight, Security Scorecard, etc., provide cybersecurity ratings. Along with these external platforms, an organization can also use SOC 2 or SOC 3 reports to understand the controls that are in place within a third-party organization.
 

2. Assessing ESG Risks in TPRM Gains Greater Priority

Across the globe, we are now seeing more and more focus along with a decisive shift to handle Environmental, Social, and Governance (ESG) risks, not only within the organization but also ESG risk associated with third parties or the extended enterprise.

The European Union (EU) announced mandatory legislation on due diligence in its EU Directive on Mandatory Human Rights, Environmental and Good Governance Due Diligence in March 2021 to encourage companies to take action to ensure human rights and reduce environmental impacts in their supply chains.

Assessing the ESG risks of a third-party is no longer a simple tick box activity required by the Ethics and Compliance leadership. Incorporating ESG into your third-party risk management assessments doesn’t just avoid regulatory actions. It also helps protect your organization from various regulatory fines or damaging brand reputation.

Several factors have to be considered when incorporating ESG into your organization’s current workflows and processes. Risk assessments, due diligence, policy updates, questionnaires, contracts, etc., need to be included. Additionally, enterprises will need to examine the following:

  • Are there documented policies and procedures that address the prevention of modern slavery and human trafficking?
  • Is there an annual statement setting out the steps taken to address modern slavery and human trafficking within the company?
  • Are there relevant metrics to track the compliance with and performance on ESG areas, like reducing carbon footprint, modern slavery, human trafficking, etc.?
3. TPRM Expands to Fourth or Nth Parties

The benefits that third-party suppliers and vendors bring have resulted in organizations becoming increasingly dependent on their extended network. According to a Gartner study, 60% of organizations work with over 1,000 third parties and this number is growing as business systems become more complex.

However, the extended enterprise of today does not depend on the network of consultants, vendors, and partners alone, but also on their suppliers as well—fourth and Nth parties. Every one of your partner’s or supplier’s vendors, subcontractors, or service providers poses a risk to your business. But the view gets hazier as the network expands, making it difficult to manage the inherent risks that your supplier ecosystem or supply chain poses.

This makes it important to:

  • Identify and manage the products/services provided by fourth-parties
  • Conduct due diligence on critical fourth parties as the same vendor may be part of different third-party ecosystems
  • Assess the different risk areas that fourth parties bring including cyber risk, reputational risk, legal risk, etc.
  • Review SOC 2/SOC 3 reports to understand the control effectiveness of your supply ecosystems

Read More: Colorado Release: What’s Next in Third-Party Risk? Expanding the View to Fourth Parties

 
4. Regulations Continue to Keep Changing

The regulatory environment is rapidly changing and evolving, creating compliance risks and pressures leading to challenges in controlling operational efficiencies. MetricStream’s 2021 State of Compliance Report found that almost half -- 48% -- of organizations find it a huge challenge to track and manage third-party compliance.

Third-Party relationships are under constant scrutiny by regulators like OCC, FINRA, CFPB, etc., and regulators are taking interest in third-party risks. The regulators are holding organizations responsible not only for their actions but also for their third parties. A good TPRM program should include assessments to assess the compliance of the regulations for the activities performed by the third party.

Thrive on Risk in 2022 with MetricStream

Risks from supply chains, third parties, and cyber vendor risks will accelerate as enterprises continue to be driven by the many advantages of an extended ecosystem. Managing and mitigating emerging and evolving third-party risk requires a connected, integrated, and proactive approach.

MetricStream’s ConnectedGRC, designed to meet the evolving needs of the modern enterprise, enables you to power what’s next with an integrated approach to risk management. The collaborative approach enables organizations to better identify, assess, manage, and mitigate risk across the enterprise, including IT and cyber risks, third-party risks, compliance risks, and ESG risks. Empower your teams to effectively manage third-party risk and IT vendor risk with:

  • Automated screening and onboarding processes for simplified vendor onboarding and due diligence
  • Authoritative intelligence with the integration of trusted sources such a Dow Jones, D&B, BitSight, Security Scorecard, and more
  • Enhanced fourth-party functionalities such as capturing of fourth-party information in a central repository, due diligence of fourth parties, viewing overall risk exposure of fourth parties, and more

Excited to learn more about how our software can help you? Request a demo now.
 

You may also want to read:

Third-Party Risk: A Turbulent Outlook Survey Report 2022

The Ripple of Effects of Log4J: How You Can Stay Prepared and Resilient

Building An Enterprise ESG Program? Here's How Technology Can Help You Succeed

Kaul Siddharth- MetricStream

Kaul Siddharth Product Manager

Siddharth Kaul is a Product Manager at MetricStream. He is responsible for managing the Third-Party Risk Management product suite and the product lifecycle including product strategy, roadmap, design, requirement definition, field enablement, customer adoption, competitor analysis, and technology partnerships.

 
lets-talk-img

Ready to get started?

Speak to our experts Let’s talk