Daniel Hartnett
Third-party risk management has become increasingly complex in recent years, potentially exposing companies to a growing number of emerging risks. However, using a third-party onboarding tool can help address these new challenges.
- Discover how third-party risk impacts the investment decision-making process.
- Understand the increasing pressures on third-party risk management programmes.
- Learn how to improve your third-party risk management programme and make informed investment decisions.
In addition to emerging risks, new laws around the globe can complicate a company’s effort to remain regulatory compliant. These and other challenges place additional burdens on the individuals and teams who help companies mitigate third-party risks.
To help address these challenges, companies should leverage a third-party onboarding solution as part of their overall third-party risk management program. Such a tool is often a cloud-based workflow solution designed to help companies efficiently and effectively vet a third party for risk. An onboarding solution can help companies implement a consistent, defensible, and efficient third-party risk management programme across their global organisation.
The changing environment of third-party risk
The past few years have seen significant changes in the concept of third-party risk. One important change is that third-party risk no longer implies just traditional risks such as corruption and bribery concerns. Instead, it increasingly covers emergent risks such as cyber security, data privacy, ESG, and geopolitical risks.
A second notable change is the growing global regulatory focus on third parties. For example, Russia’s invasion of Ukraine last year resulted in a significant increase in the number of entities and individuals placed on sanctions lists. Recent regulations, such as the US Uyghur Forced Labor Protection Act (UFLPA) and Germany’s Supply Chain Due Diligence Act, have also focused on ESG risks across global supply chains. Several of these regulations also require periodic reporting on the state of a company’s third-party risk management programmes.
A third change is the evolving definition of a third party. Traditionally a third party is referred to as an immediate partner, such as an outsourced supplier or distributor. However, more recently it has expanded to also include entities deeper in the supply chain (also referred to as 4th or nth tier suppliers). This change is fueled by a combination of new regulatory requirements and experiences born from several years of supply chain disruptions. As a result, companies are increasingly looking to understand and address how entities across their end-to-end supply chain could expose them to risks.
A fourth change is the role that third-party risk management plays. Historically, such programmes focused mainly on minimising a company’s exposure to regulatory risks. However, several years of supply chain disruptions have expanded this function’s focus to also include preventing such problems in the future. And more recently, third-party risk management teams have also been asked to support corporate austerity measures in light of the ongoing economic slowdown around the globe.
Increasing pressures on third-party risk management programmes
These changes present several new challenges to those who manage third-party risk programmes. Traditional approaches are insufficient to address these new challenges. Therefore, third-party risk management teams now also need to:
- Understand risks across a company’s entire portfolio of third parties.
- Centralise oversight of a previously fragmented third-party risk management programme.
- Strengthen the reporting capabilities of the company’s third-party risk management programme.
- Reduce the administrative overhead needed to run a third-party risk management programme.
- Identify and understand in as close to real-time as possible any new risk events related to onboarded third parties.
- Provide a clear audit trail for any onboarded third party.
Benefits of third-party onboarding tools
A third-party onboarding tool can increasingly serve as a key component of a holistic third-party risk management programme and can help companies address the challenges, ranging from ensuring a consistent programme to providing a clear audit trail on decisions made. As such, it can provide companies with the following benefits:
- Implement a consistent third-party onboarding programme for the entire company.
- Ensure a risk-based programme across the entire third-party life cycle.
- Obtain a company-wide view of third-party risks.
- Reduce the administrative burden required to manage a third-party risk management programme.
- Reduce the risk of human errors due to automation.
- Ensure a clear record of any actions taken or decisions made regarding a third party.
- Obtain in-depth data and reports about a third-party risk management programme.
Legal Disclaimer
Republication or redistribution of LSE Group content is prohibited without our prior written consent.
The content of this publication is for informational purposes only and has no legal effect, does not form part of any contract, does not, and does not seek to constitute advice of any nature and no reliance should be placed upon statements contained herein. Whilst reasonable efforts have been taken to ensure that the contents of this publication are accurate and reliable, LSE Group does not guarantee that this document is free from errors or omissions; therefore, you may not rely upon the content of this document under any circumstances and you should seek your own independent legal, investment, tax and other advice. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon.
Copyright © 2023 London Stock Exchange Group. All rights reserved.
The content of this publication is provided by London Stock Exchange Group plc, its applicable group undertakings and/or its affiliates or licensors (the “LSE Group” or “We”) exclusively.
Neither We nor our affiliates guarantee the accuracy of or endorse the views or opinions given by any third party content provider, advertiser, sponsor or other user. We may link to, reference, or promote websites, applications and/or services from third parties. You agree that We are not responsible for, and do not control such non-LSE Group websites, applications or services.
The content of this publication is for informational purposes only. All information and data contained in this publication is obtained by LSE Group from sources believed by it to be accurate and reliable. Because of the possibility of human and mechanical error as well as other factors, however, such information and data are provided "as is" without warranty of any kind. You understand and agree that this publication does not, and does not seek to, constitute advice of any nature. You may not rely upon the content of this document under any circumstances and should seek your own independent legal, tax or investment advice or opinion regarding the suitability, value or profitability of any particular security, portfolio or investment strategy. Neither We nor our affiliates shall be liable for any errors, inaccuracies or delays in the publication or any other content, or for any actions taken by you in reliance thereon. You expressly agree that your use of the publication and its content is at your sole risk.
To the fullest extent permitted by applicable law, LSE Group, expressly disclaims any representation or warranties, express or implied, including, without limitation, any representations or warranties of performance, merchantability, fitness for a particular purpose, accuracy, completeness, reliability and non-infringement. LSE Group, its subsidiaries, its affiliates and their respective shareholders, directors, officers employees, agents, advertisers, content providers and licensors (collectively referred to as the “LSE Group Parties”) disclaim all responsibility for any loss, liability or damage of any kind resulting from or related to access, use or the unavailability of the publication (or any part of it); and none of the LSE Group Parties will be liable (jointly or severally) to you for any direct, indirect, consequential, special, incidental, punitive or exemplary damages, howsoever arising, even if any member of the LSE Group Parties are advised in advance of the possibility of such damages or could have foreseen any such damages arising or resulting from the use of, or inability to use, the information contained in the publication. For the avoidance of doubt, the LSE Group Parties shall have no liability for any losses, claims, demands, actions, proceedings, damages, costs or expenses arising out of, or in any way connected with, the information contained in this document.
LSE Group is the owner of various intellectual property rights ("IPR”), including but not limited to, numerous trademarks that are used to identify, advertise, and promote LSE Group products, services and activities. Nothing contained herein should be construed as granting any licence or right to use any of the trademarks or any other LSE Group IPR for any purpose whatsoever without the written permission or applicable licence terms.