Whitepaper - Bottom

Dedicated Third-Party Risk Management Resources

It's encouraging that some investments have now been made where none existed before. Still, existing budgets haven't increased significantly, and some may have declined due to the tightening economy. Even as organizations respond to the challenging economic environment, it's important to ensure that third-party risk management isn’t disproportionately affected by budget cuts or staff reductions. Third-party risk management must remain an organizational priority even when the organization is running lean.

Besides the cost of full-time employees, how much budget has been dedicated to third-party risk management?

Download Full Report

Many processes, inputs, and outputs must be coordinated and managed in third-party risk management, many of which are strictly timebound and require meticulous record-keeping. Organizations use many different methods and tools to organize, manage, and document these activities. Most organizations use a dedicated vendor risk management software or platform, increasing from the previous year. The focus on vendor risk management platforms makes sense as they have been designed to address the various processes and complexities under the third-party risk management umbrella.

Download Full Report

Technology Tools Used

Many organizations are still experiencing the onslaught of new and emerging risks generated or exacerbated by the pandemic and all that has followed since. We asked which new or emerging threats were causing the most concern. * Respondents were asked to mark all that applied.

Emerging Concerns

What is your primary tool for managing vendor risk?

One might be surprised that this number isn’t higher. Examples of data breaches or cyberattacks due to third parties are everywhere. Cyberattacks and breaches hit the healthcare sector the hardest. By some estimates, those attacks have increased over 400% in the last year.

of survey respondents rated cybersecurity as a top concern.

70%

Moving up the list from number three last year, it is clear that business continuity is increasingly important. Considering the business interruptions that often result from cyberattacks and breaches, it is no surprise that organizations are increasing their focus on their vendor's business continuity and disaster recovery planning. These days, a vendor's business continuity and disaster recovery planning must consider a broad range of business interrupting events, from natural disasters, pandemics, cyberattacks, and beyond.

of respondents rated vendor business continuity as the second concern.

49%

Regulatory changes are not a new concern but rather a "bread and butter" risk in the third-party risk management landscape. However, many organizations are awaiting pending regulatory changes, such as Interagency Guidance on Managing Risk of Third-Party Relationships, originally proposed by the Federal Reserve, the FDIC, and the OCC in July 2021. Regulatory changes can dramatically impact a third-party risk management program, from updating policy documents to adjusting workflows and processes and generating the right evidence of compliance for auditors and examiners. It is important to remember that your organization is only ever expected to comply with current regulatory requirements and guidance. Still, it is always wise to prepare for potential changes by doing a gap assessment to determine necessary changes and how your third-party risk management program can achieve them.

of respondents rated pending or anticipated regulatory changes as the third concern.

41%

Organizational structure Program investment Vendor landscape Operating models Vendor risk assessments Vendor due diligence questionnaires and documentation requirements TPRM metrics Regulatory focus and exam/audit results TPRM pressures Emerging vendor risks (such as cybersecurity, supply chain, ESG, vendor diversity) TPRM challenges Vendor management training and education Outsourcing TPRM TPRM ROI And much more!

Cybercrime and attacks are increasing, supply chain disruptions are rampant, and regulators enacted new laws to prevent human rights and labor abuses.

We continue to face third-party risk management challenges, while also having the chance to grow and mature. The best way to anticipate what might be ahead is to maintain awareness of what is happening in the third-party risk management industry and keeping your ears open.

The State of Third-Party Risk Management 2023 whitepaper provides an in-depth overview of the third-party risk management industry’s current focus, challenges, trends, and recommendations.

This invaluable resource is full of industry statistics, providing information you need to be aware of to make informed decisions on topics such as:

Most organizations use a dedicated vendor risk management software or platform, increasing from the previous year. The focus on vendor risk management platforms makes sense as they have been designed to address the various processes and complexities under the third-party risk management umbrella.

41%