31 Days to a More Effective Compliance Program -Third-Party Risk Expansion

Thomas Fox
Contact
What is third-party risk expansion and why is it a risk in compliance? Historically, people talked about simply an entity outside of your organization as a third party. However, that definition is broadening, to mean really that entity with which your company works. Obviously, this can be a supplier or vendor, it can be a service provider, a customer, a joint-venture (JV) partner and/or an intercompany affiliate. A broader view could include intercompany affiliates as third parties, even though many people would see them as just See more +
What is third-party risk expansion and why is it a risk in compliance? Historically, people talked about simply an entity outside of your organization as a third party. However, that definition is broadening, to mean really that entity with which your company works. Obviously, this can be a supplier or vendor, it can be a service provider, a customer, a joint-venture (JV) partner and/or an intercompany affiliate. A broader view could include intercompany affiliates as third parties, even though many people would see them as just being another entity inside of a business. As the definition of third parties expands, this only makes life more complicated for anyone trying to do third party risk assessments and then the tiering just creates an exponential change.

Previously, a tier one supplier was a direct counterparties to your organization, directly through the sales channel. Next a tier two was one that your company’s tier one counterparty is working through. This means for risk managers assessing the various risks now have to go deeper and deeper. One way to do so is through trying to understand the connection between tiers one, two, three, four and so on. The problem is there are many risks that companies do not manage this risk because they cannot identify which companies are taking risks, alleged on their behalf. One of the most difficult issues for compliance professionals and risk managers is trying to get their arms around how to handle this issue.

You should begin with mapping out and understanding the third-parties whose exposure needs to be assessed by your organization. Obviously, this includes both direct and indirect third-parties but in terms of the tiering, the best way for anyone to understand the risk is to have really good communication with their tier one third-parties to be able to discuss the risks to both businesses.

Three key takeaways:

Has your third-party risk management program expanded with your third-parties?

Why is transparency a key for third-party risk management?

What is the financial health of your third-parties? See less -

Embed
Copy

Other MultiMedia by Compliance Evangelist

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Thomas Fox, Compliance Evangelist | Attorney Advertising

Written by:

Thomas Fox
Contact
more
less

Compliance Evangelist on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.