FAQ
Third-Party Risk Management:
Anti-bribery and corruption (ABAC) is a global movement to disrupt bribery and corruption, particularly within procurement practices and supply chains. Legislation such as the Foreign Corrupt Practices Act (FCPA), the UK Bribery Act and Spain II are designed to provide protection against these financial crimes and companies can be held accountable for the actions of their third parties.
Read more about Anti-Bribery and Corruption (ABAC)An audit trail is a source of records that provides evidence of the sequence of activities that have affected a specific operation, procedure, or event. Audit trails are necessary in every industry as they ensure that activities and transactions were performed in accordance with integrity and legislative requirements.
Read more about Audit TrailCloud services are services and infrastructure, provided by a third party, that are accessed remotely. Third-party cloud vendors can provide companies flexibility and increased productivity due to their nature, yet they can also create unique vendor risks to the company utilizing them.
Read more about Cloud ServicesCompliance risk is the risk to the financial condition and resilience of an organization, which can arise from violations of regulations or laws, as well as from the failure to conform with required practices, internal policies and processes, or ethical standards. Compliance risk can happen within third-party relationships when the third party’s operations are inconsistent with the applicable laws, regulations, ethical standards, or the organization’s policies and procedures.
Read more about Compliance RiskConcentration risk is a direct or indirect exposure, or group of exposures, that has the potential to lead to large losses that can threaten an organization’s ability to perform its core business. This type of risk can be the result of dependence on a geographic area, single vendors or fourth parties.
Read more about Concentration RiskWithin third-party risk management (TPRM), continuous monitoring is the proactive reviewing of third-party relationship information, metrics, and data for significant changes in relevant areas that would impact the ability of a third party to meet its contractual obligations to the organization. Examples include continuous monitoring of social and news media, cybersecurity health, key risk indicators, or financial information.
Read more about Continuous MonitoringContract negotiation is an essential part of any third-party relationship. Contract negotiation involves the development of a contract that clearly defines the expectations and responsibilities of both the third-party vendors and the organization. Some of the purposes of the contract’s language include helping to ensure the contract’s enforceability, limiting the organization’s liability and mitigating disputes regarding performance.
Read more about Contract NegotiationCredit risk is the risk to an organization’s financial condition and resilience arising from a third party’s (or other creditor necessary to that third-party relationship) failure to meet the terms of a contract with the organization or failure to perform as agreed. One aspect of credit risk typically involves the financial health of the third party itself.
Read more about Credit RiskCritical activities are significant organizational functions, shared services, or other activities that could cause an organization to face significant risk if a third party fails to meet expectations in support of these activities
Read more about Critical ActivitiesCritical third parties are those that perform or support essential activities for an organization. While many third parties are utilized to grow a business or expand its reach, a critical third party is one that specifically:
