In financial services firms, third party risk is increasingly being seen as an extension of operational risk, and consequently falling under the ownership of this function. Operational risk is defined as the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events.
However, with this trend to locate third party risk within the context of operational risk, it is also important to recognize that third party risk has its own distinctions and requirements as to how it is managed. Aravo’s latest whitepaper, Third Party Risk – A Unique Kind of Operational Risk, outlines five key differences between third party risk and traditional operational risk that should be taken into consideration:
- As a specific type of operational risk, third party risk has received unprecedented regulatory and legislative focus.
- Significant engagement with entities outside the core organization is required.
- Third party risk programs must be engaged with other internal stakeholders, and information types, at an intensive level.
- Reporting for third party risk can be much more complex.
- Third party risk management needs to be integrated directly into the business workflow.
The whitepaper provides insight into these differences and where people, processes and technology can align, but also where unique requirements should be taken into account.
The paper also provides best practice approaches to essential, intermediate and advanced reporting requirements.
This paper is a useful resource for:
- Third party risk managers
- Operational risk managers
- Compliance teams
- Sourcing Managers
- Supply risk managers
- IT Vendor Risk Managers
- Procurement managers
- Centre of Excellence (COE) teams
For more information about the Aravo solution for Third Party Risk Management, please contact us.