The rise of third-party outsourcing has helped the financial services industry innovate and boost efficiency and earnings. Yet fallout from risk-related incidents has shot up as well, while research shows that risk strategies remain inadequate. For example, a cross-industry Deloitte survey of executives responsible for third-party risk management (TPRM) in their companies found that:
- 87% suffered a disruptive third-party incident in the past 2–3 years
- 28% faced a major operational disruption due to these incidents
- 94% expressed low confidence in current tools and recognized the need to implement new and leading technologies
And as regulatory scrutiny, criminal prosecutions, and financial penalties targeting the financial services sector continue to grow, effective risk mitigation becomes an increasingly urgent priority.
Challenges to the three lines of defense
The three lines of defense (3LD) framework introduced in the 1990s has helped financial institutions reduce risk through a system of checks and balances that distributes responsibility across multiple internal and external groups. But challenges often prevent companies from achieving 3LD goals, as shown below:
- First line: procurement and line of business (LoB) units. These teams must work together to segment vendors across their entire supply chain by risk type and domain, then analyze large volumes of internal and external data to identify and assess supplier-related threats – cybersecurity breaches, bribery and corrupt practices, money laundering, insolvency, data mishandling, regulatory noncompliance – and take actions to manage or remove them. Yet because this data resides in disparate systems controlled by different departments, teams lack the visibility they need to catch potential problems. Duplicate accountability structures can also create confusion about who’s managing what, so risk indicators remain unseen.
- Second line: governance, risk, and compliance (GRC) teams. This line sets global/regional TPRM policies that help the organization meet legal requirements and gain a comprehensive view of risk issues. It also alerts lines of business (LoBs) to emerging risk trends and offers guidance on how to meet regulations. However, questions frequently arise as LoBs try to implement requirements for their specific business environment, resulting in inefficient one-off interactions that don’t scale. Operational silos and the lack of a central repository to capture and coordinate this information can cause communication problems that increase the chance of compliance violations.
- Third line: auditing and board of directors. Here senior management represents organizational stakeholders relative to risk issues and maintains oversight, while independent auditors review first- and second-line activities/results to assure the board that exposures have been dealt with. But tracing audit trails through disconnected solutions, spreadsheets, and manual processes often delays progress and impedes accuracy, driving up costs and making institutions more vulnerable to mistakes and sanctions.
Shifting the equation: Best practices to drive success
Recognizing that the best defense is a good offense, financial services leaders are implementing best practices and innovative supplier management solutions to resolve their 3LD challenges. These tactics can work for any business, including yours:
- Strengthen teamwork by aligning people, processes, and technology. Develop an intentional plan for scaling the risk management process that includes the supplier end of the workflow. Seek solutions that automate your risk assessment capabilities through a unified data set and advanced risk modeling, with alerts and controls that let you quickly halt the use of unsafe suppliers and suggest better alternatives. You also benefit from a 360-degree view of risk across all supplier relationships, integrated risk insights to help stakeholders engage suppliers more effectively, and maximized protection for your audit group, executive management, and board.
- Enhance collaboration and simplify self-service. Focused collaboration can help you nurture long-term relationships with strategic suppliers and build detailed knowledge about how they operate. The best technology solutions make this easier by providing a centralized system for supplier data that all stakeholders can easily tap into, with a single repository to encode GRC best practices into specific LoB workflows. Self-service tools give suppliers one place to update their information with visibility to all, reducing fatigue from repeated assessment requests.
- Get real-time intelligence intelligently. Constant changes in global regulations and supplier risk factors make it imperative to manage data efficiently across myriad sources. Solutions with artificial intelligence and machine learning can dramatically compress the time needed for data mining and aggregation, while advanced analytics ensure fast, accurate supplier assessments. Automated monitoring of large third-party data ecosystems informs you about new legislation and tells procurement, LoB, and GRC teams when action is required.
By adopting best practices like these – and the technology solutions that make them possible – you can minimize your risk, protect your brand, and boost your business value to customers and the world.
For additional information about effective technology solutions, please attend our webinar in the EMEA region.