Critical Activities

What are critical activities?

Critical activities are significant organizational functions, shared services, or other activities that could cause an organization to face significant risk if a third party fails to meet expectations in support of these activities

How do critical activities fit into my TPRM program?

It’s important to understand your organization’s critical activities, and what third parties are involved in supporting these activities. In the OCC Bulletin 2013-29, critical activities refers to significant bank functions (e.g., payments, clearing, settlements, and custody) or significant shared services (e.g., information technology), or other activities that could cause a bank to face significant risk if the third party:

• Fails to meet expectations
• Could have significant customer impacts
• Requires significant investment in resources to implement the third-party relationship and manage the risk
• Or could have a major impact on bank operations if the bank has to find an alternate third party or if the outsourced activity has to be brought in-house

While this guidance is for banks, any organization should understand which third parties are critical or material to their business see critical third parties – and manage them according to their risk. Afterall, if these third parties fail to deliver, your business is severely compromised.

How can Aravo assist companies identify any manage third parties that support critical activities?

While Aravo helps companies manage all of their third parties; the system provides capabilities that allow you to easily segment critical third parties, and apply a risk-based approach to how they are managed. For instance, these are the suppliers that you will most likely want to conduct enhanced due diligence on pre-contract, and closely monitor through the full supplier relationship lifecycle. Critical components include:

• Risk Management Lifecycle: Application of an effective risk management process throughout the entire lifecycle of a third-party relationship, ensuring that those undertaking or supporting critical activities are analyzed and managed accordingly
• Vendor Due Diligence: Regular inherent risk and enhanced due diligence assessments, helping to mitigate risks to your critical activities before they occur
• Continuous Monitoring: Ongoing monitoring of vendor risk and performance, triggering review, escalation, issue management and remediation.

Share with Your Friends: