(270) 506-5140 CONTACT US
Best Practices

5 Steps to Scale Your Third Party Risk Management Program

Jan 15, 2020 by Branan Cooper

Your plate is full. Your third party risk management team is falling behind and struggling to keep up with the volume of work, more so than ever now, as there’s such a regulatory emphasis on the ongoing monitoring nature or lifecycle approach to vendor risk management.

Vendor Due Diligence and Ongoing Monitoring Tend to Tip Over First

Typically, it's the due diligence or the ongoing monitoring function that reaches maximum capacity first, since those are the ones that are inherently time sensitive, date and volume driven as well as require precision and discipline. Get ahead of this by keeping tabs on your team's workloads to give you a pretty good indication well before it becomes demoralizing or discouraging. A well-timed and professional approach to your senior management can make all the difference.

Scaling Your Vendor Risk Management Program: When Is the Time Right?

There are usually some good early warning signs when it's time to scale your program. Here are three that are red flags:

  • Everyone on the team is juggling responsibilities constantly
  • People begin to skip meetings – maybe even lunches
  • Deadlines are very close or even missed

Something has got to give. There are several initial steps you can take to scale.

5 Next Steps to Scale Your Vendor Risk Management Program

 You’re ready to scale. Here are your five next steps for your vendor risk management program:

  1.  Look for ways of creating efficiencies in your program. Can people cross-train to pick up a colleague's work? Can arbitrary deadlines be reset?

  2. Consider incentives (e.g., offering overtime to the hourly staff).

  3. Determine if you need to outsource some activities. You may need to consider outsourcing those activities that require true expertise, such as SOC analysis, business continuity plan reviews or cybersecurity analysis.

  4. Understand where the focus is. If you're engaging in a new line of business, verify the correct people are involved and understand it.

  5. Grow your team as needed. If you've reached your limit on all of these ideas, it's time to work with senior management and the board to grow the team.

As a tip, when considering adding to your team, whether you do that internally or by outsourcing to third party experts outside the organization, make sure you hire the best qualified candidate. This’ll be hopefully someone with experience in the specified area you need. And, I always recommend starting with LinkedIn and the various risk management forums on that social media platform to recruit qualified candidates.

Third party risk management is a team effort. While most organizations are devoting less than five full-time employees to the function, according to Venminder's Annual State of Third Party Risk Management survey, the number of employees needed to perform vendor management well will continue to grow as regulatory expectations increase.

Dive deeper into the ways to improve the efficiency in third party risk. Download the infographic.

8 actionable ways increase efficiency third party risk management

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog