In financial services firms, third-party risk is increasingly being seen as an extension of operational risk, and consequently falling under the ownership of this function. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
However, with this trend to locate third-party risk within the context of operational risk, it is also important to recognize that third-party risk has its own distinctions and requirements as to how it is managed. Our white paper, Third Party Risk – A Unique Kind of Operational Risk, outlines five key differences between third-party risk and traditional operational risk that should be taken into consideration:
- As a specific type of operational risk, third-party risk has received unprecedented regulatory and legislative focus.
- Significant engagement with entities outside the core organization is required.
- Third party risk programs must be engaged with other internal stakeholders, and information types, at an intensive level.
- Reporting for third-party risk can be much more complex.
- Third-party risk management needs to be integrated directly into the business workflow.
This white paper provides insight into these differences and where people, processes and technology can align, but also where unique requirements should be taken into account.
The paper also provides best practice approaches to essential, intermediate and advanced reporting requirements.
This paper is a useful resource for:
- Third-party risk managers
- Operational risk managers
- Compliance teams
- Sourcing Managers
- Supply risk managers
- IT Vendor Risk Managers
- Procurement managers
- Centre of Excellence (COE) teams