I will admit I was surprised to learn that even the largest companies may have third party risk sitting on the corner of ONE person’s desk. Worse yet, it is often times just ONE FACET of a busy compliance officer’s job.
In today’s world, that simply doesn’t work. A well-managed program, if handled largely in-house, requires a team of people, who can span the various pillars of third party risk management.
2 Main Reasons Why Vendor Management Takes a Team
Two main reasons uncover why vendor management is more effort than one person can handle. They are:
- You have to cover all pillars. You have to go through your vendor list of potentially hundreds of vendors and perform due diligence, risk assessments, ongoing monitoring, reporting and contract reviews.
- There’s ongoing work. Ever since the Office of the Comptroller of the Currency (OCC) issued Bulletin 2013-29 in October 2013, we’ve had to grapple with the very real dilemma that third party risk is an ongoing lifecycle. This means, keeping up to date on all the pillars on a continuous basis for those hundreds of third parties.
The Third Party Risk Management Team You Need
If you’re handling it all in-house, you likely need:
- A person dedicated to each of the vendor management pillars but also cross-educated to help out at high workload times with other areas of third party risk.
- You must have real subject matter expertise in financial analysis, business continuity planning and information security. When is the last time you met someone who had all of that experience?
All of this is troubling for a small or even mid-sized company when profit margins are extremely tight and the focus of controlling expenses argues against hiring additional dedicated staff.
In those cases, outsourcing to a team of experts can help. In that situation, make sure the team you are hiring is:
- Easily accessible
- Responsive to your needs
Setting up a team of talented individuals to cover third party risk at your company will lead to proper vendor management and security.
And, within your team, make sure you keep up with cybersecurity, download our infographic.