As the extended enterprise grows and becomes more complex, the ability to manage third-party relationships becomes more critical to success than ever before. Organisations that hesitate to expand their ecosystem, out of fear of the potential risks it could create, will likely be outpaced by organizations that boldly decide to seize the value of third-party relationships, confident in their ability to effectively identify and manage the accompanying risks.
Third-party risk is a hot topic
Many organisations have already experienced the consequences from shortcomings of third-party providers. They range from brand and reputational damage to regulatory penalties and the disruption of the ability to meet customer expectations.Furthermore, insufficient management and oversight of third parties often results in contract value leakages in areas such as overcharges, missed service credits as well as discounts and rebates. The implementation of a robust enterprise wide Third Party Risk Framework helps companies to manage the risk associated with third party interactions along the entire lifecycle.
Third-party risk is a very hot topic within the Financial Services (FS) sector. Senior executives across many organisations in the industry are having discussions to find a consensus on the best strategies, procedures and policies to mitigate the risks posed by third parties. The type of third parties engaged by a business can range from small niche providers to large outsourced services. Results from our recent third-party governance and risk management survey show that:
- 74% of the respondents have faced a disruptive incident involving a third party in the last three years,
- 94% of the surveyed executives are not confident in the tools and processes available to manage third-party risk,
- 74% of the respondents believe third parties will play an important role in the year ahead, and
- 54% of the participants were identified as having a high or critical level of dependence on third parties in their organisation
Compared to other sectors, FS organisations have the highest dependency on third parties. At the same time their industry is also exposed to the highest regulatory scrutiny (e.g. FINMA has revised the provisions of Circular 2008/7 "Outsourcing - banks" with the new regulation FINMA-RS 17/xx “Outsourcing banks and insurers”). Moreover, the FS industry has experienced the largest number of instances where global regulators have made organisations responsible and accountable for actions of their third parties. This has not only resulted in large fines and penalties, but also driven the increased need of focus on governance and risk management.
However, when the discussion turns to third-party risk, risk functions within many FS organisations remain primarily concerned with risk directly linked to capital at stake as well as transactional and credit risks. This focus clearly disregards the continuing rise of internal reliance placed upon third parties in terms of outsourcing sizeable portions of operations and third-party supplier agreements. As the following example shows, such risk can have vast impacts to commercial operations.
Latest observations from FS organisations
A recent supplier compliance inspection of a global FS organisation resulted in the following observations:
• Overcharges of service/product fees exceeding CHF 1.2 million
• Potential regulatory non-compliance
• Multiple off-contract costs and expenses, and
• Unsupported commercial deals and operations.
To face this challenge, an increasing number of FS and other organisations are conducting compliance reviews of their third parties to verify adherence with contractual terms and conditions. This includes verifying the third-party spend and assesses whether benefits and credits due under the contract are correctly allocated. Our experience suggests that supplier compliance inspections identify recoveries in the region of 1-10% of the analysed contract spend on average.
The implementation of a robust enterprise wide Third Party Risk Framework protects our clients, the communities they impact, and ultimately their clients against existing and future third party risks, by delivering a robust, proportionate, proactive and scalable framework, that is integrated into the business. This will lead to an increase of the supplier compliance, the strengthening of the contractual governance, the identification of supplier management process improvement and it will also deliver a positive P&L impact.
If you are conducting or considering a review of your third-party risk and would like to understand more about any of the tools and techniques discussed above or to speak to one of our experts, please get in touch with us. To find out more about this topic, please download our Third-party governance and risk management survey.