In financial services firms, third party risk is increasingly being seen as an extension of operational risk, and consequently falling under the ownership of this function. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.

However, with this trend to locate third party risk within the context of operational risk, it is also important to recognize that third party risk has its own distinctions and requirements as to how it is managed. Aravo’s latest whitepaper, Third Party Risk – A Unique Kind of Operational Risk, outlines five key differences between third party risk and traditional operational risk that should be taken into consideration:

  1. As a specific type of operational risk, third party risk has received unprecedented regulatory and legislative focus.
  2. Significant engagement with entities outside the core organization is required.
  3. Third party risk programs must be engaged with other internal stakeholders, and information types, at an intensive level.
  4. Reporting for third party risk can be much more complex.
  5. Third party risk management needs to be integrated directly into the business workflow.

The whitepaper provides insight into these differences and where people, processes and technology can align, but also where unique requirements should be taken into account.

The paper also provides best practice approaches to essential, intermediate and advanced reporting requirements.

This paper is a useful resource for:

  • Third party risk managers
  • Operational risk managers
  • Compliance teams
  • Sourcing Managers
  • Supply risk managers
  • IT Vendor Risk Managers
  • Procurement managers
  • Centre of Excellence (COE) teams

Aravo White Paper -- Third Party Risk - A Unique Kind of Operational Risk_Page_cover.png


For more information about the Aravo solution for Third Party Risk Management, please contact us.


Related Content:

BlogAravo and SecurityScorecard Partner to Improve Actionable Third Party Cybersecurity

Executive Overview - The New GDPR: Taking A Strategic Approach To An Internationally-Focused Data Protection Rule

BlogState and Federal Financial Services Regulators Apply Focus on Cybersecurity and Third Party Relationships

Executive Exchange Series - The Business Case For Better Third Party Risk Management

White Paper - Evaluating Third Party Risk and Performance – Best practice approaches to risk and performance scoring and automated workflow

Blog - Third Party Risk: Why Global 2000 Companies Should Be Focused on Third Party Compliance

Analyst Podcast - Session 1 - How to Develop a Third Party Management Strategy

Request A Demo of Aravo Third Party Risk Management Solutions