1 (888) 836-6463 CONTACT US


November 3, 2016

Defining the Scope Of Your Third Party Risk Management Program

Podcast: Play in a new window | Download

You must define specifically who will be a part of your third party risk management program and also, equally important, who is out.

Available on
Listen-on-Apple-Podcasts-badge.jpg  google-play-badge 2.jpg


Podcast Transcript

Branan_Cooper_2017_circle.jpgHi! Welcome to Third Party Thursday. I'm Branan Cooper, the Chief Risk Officer here at Venminder. Today we're going to talk a little bit about defining the scope of your third party risk management program. Defining the scope is one of the most fundamental and also one of the most important activities in your entire third party risk program. It is absolutely crucial that you know who is in the program and who is out and why.

Clarity is important. You need to define specifically who's going to be a part of the program, the selection criteria and also the exclusion criteria is equally important to determine who needs to be out of the program. A best practice is to start with accounts payable. Identify a certain threshold amount and all the third parties then pay that amount or more.

You can then have a list, probably of thousands, but then you go to the various lines of business and consult with them to figure out which ones need to be actively managed. Actively managed is an important concept because, again, you're going to be putting through all the paces of the third party risk management program, including the appropriate selection criteria, doing a risk assessment, ongoing due diligence, ongoing monitoring, reporting to your board and senior management and hopefully managing the contracts in a centralized manner to ensure they include all the appropriate provisions.

It's important then that you also go back to lines of business on a regular basis and reverify them hopefully it's often as annually. If not, more frequent in certain cases. You need to work with senior management to keep them informed, specifically on changes around third party risk management, changes in the risk profile and ones that you may want to terminate a contract on, as an example, are things you want to bring to your board's attention. The board and senior management involvement is directly dictated by regulatory guidance.

Again, I'm Branan Cooper. Thanks for watching. And don't forget to subscribe to receive notification of next week's Third Party Thursday video.


Subscribe to our Third Party Thursday Newsletter


Join hundreds of clients and see how Venminder can help.