I’ve seen on Facebook and Twitter those amusing things where you list what you wish you could tell yourself 20 years ago, i.e., sharing the benefit of experience with a less experienced YOU.
Looking at the evolution of third party risk management, I really wish I could scream “LOOK OUT” to myself circa 1996. What would I share with myself?
Here are 10 pieces of advice...
- Good third party risk management starts with well-formed plans.
- Hire and surround yourself with people far smarter than myself.
- Document, document, document. If it isn’t written, it didn’t happen.
- Study the news and look for early warning signs.
- Follow, connect, cajole and learn best demonstrated practices.
- Pull the thread - is something that doesn’t look right just an anomaly or will it cause the whole design to fall apart?
- The regulatory expectations are going to get REALLY intense and the enforcement actions are going to get really expensive… be ready.
- Forget fishing trips; start worrying about phishing - they sound the same and both smell like rotten fish a few days later.
- You’ll never believe what the regulators are going to ask and expect us to do in just a few years.
- Hang on, it’s going to be a wild ride.
Maybe you can relate. What’s important now is making sure that you take care of these above points now. And, I’m sure this could even be considered advice for these coming years.
Off to see what Doc Brown and Marty McFly are up to nowadays (for those of you old enough to remember "Back to the Future").