Third-Party Risk: What’s New and What’s Next

Third-Party Risk Management | 3 Min Read |02 March 22|by Mabel M Jesudian

Today, the interconnected economy is enabling businesses to thrive. Whether it is using SaaS vendors, third-party service providers, or contractors, organizations are increasingly relying on third parties as a key driver of business strategy and value creation. However, third-party relationships also come with risks that include operational, financial, reputational, strategic, and much more.

In a MetricStream hosted webinar, panelists Linda Tuck Chapman, CEO, Third Party Risk Institute, Vidya Phalke, Chief Technology Evangelist, MetricStream, and Pat McParland, Senior Director, Product Marketing, MetricStream, discussed the state of third-party risk management, with a special emphasis on what’s new and what’s next.

Here are some key highlights from the conversation.

Watch the Webinar: What’s Next in Third-Party Risk Management

Interconnectedness of Risks has Increased in Velocity and Volume

Both the panelists and the audience agreed that cyber, third-party, and ESG risks are increasing in frequency. A poll conducted during the webinar saw 65% of the audience naming new risks such as cyber and ESG as the most important when it comes to managing third-party risk. More significant is the realization that these risks are interconnected and can’t be managed in silos anymore. Panelists were unanimous in agreeing that in today’s world, for businesses seeking operational resilience, managing and mitigating risks across the extended enterprise plays a significant part.

Agility and Automation is Essential in Third-Party Onboarding

The panelists highlighted the importance of agility and automation in third-party onboarding. A primary challenge faced by organizations onboarding third parties today is the need for agility—to manage the business need for speed and yet make sure they are contracting with the right entity. The answer lies in leveraging the right technology and services. Technologies like AI/ML, NLP, and automation empower organizations with the agility they require in screening and evaluating third-party vendors and monitoring these relationships on an ongoing basis.

Third-Party ESG Risk Assessment is Now a Priority

Driven by customers, investors, governments, and regulatory bodies, ESG factors today are an important part of third-party risk management. With the purpose of an organization now becoming as important as its profit, it has become vital to ensure that an organization’s third parties help advance the organization’s ESG goals. Furthermore, third parties with a poor ESG posture, such as worker exploitation or environmental damage pose a serious reputational risk. Businesses need to view ESG as a natural extension of GRC. This makes ESG risk assessment a priority for third and fourth parties as well.

Fourth-Party Risks are an Essential Part of Third-Party Risk Management

Another important point discussed was the importance of managing fourth-party risk. The panelists explained the need for organizations to understand how their ‘third-parties’ handle third-party risk, as this be would a determining factor in managing risk in the extended enterprise. If a fourth party has access to an organization’s data, it becomes essential to conduct risk assessments and manage and monitor the risk. Organizations also need to factor in the level of ‘business disruption’ that can be caused by the material failure of a fourth party.

Watch the Webinar: What’s Next in Third-Party Risk Management

Power What’s Next With MetricStream ConnectedGRC

MetricStream’s ConnectedGRC solutions are designed to meet the evolving needs of the modern enterprise. The collaborative approach enables organizations of tomorrow to identify, assess, manage, and mitigate risk across the enterprise--including third-party risks, compliance risks, IT and cyber risks, and ESG risks.

MetricStream enables you to effectively manage and mitigate third and fourth-party risk with: