Blog — 10 Sep, 2024

Enhance Operational Efficiency with 5.0: The Third-Party Risk Management Challenge - Outsource, Automate, or Keep In-House?

Highlights

The London Metal Exchange three-month, or LME 3M, nickel price jumped 250.5% over two days to $101,365/t in trading March 8, after heightened concerns over Russian nickel exports activated a vicious short squeeze.

As firms have become more reliant on third parties for business-critical products and services, third-party risk management (TPRM) is now more complex than ever. Yet, when it comes to managing TPRM day-to-day, most companies are not harnessing operational efficiencies, choosing instead to rely on cumbersome manual processes.

Different Approaches to TPRM

A holistic TPRM framework includes a mixture of high-value, strategic activities and low-value, transactional activities. Some of these should be retained in-house, as they must be tightly aligned with broader organizational strategy. For example, establishing risk frameworks and setting risk appetite thresholds require a strong understanding of organizational culture and constant dialogue with leadership and other stakeholders. They also tend to be the most engaging and rewarding activities for in-house professionals.

However, other critical, high-value aspects of TPRM may benefit from working with an external specialist. This includes life-cycle management of critical suppliers, risk classification, and the continuous improvement of a TPRM framework to ensure compliance and the use of best practices. There are also many administrative activities that are ripe for automation and outsourcing, such as low-value transactions that are time-consuming and less rewarding for in-house professionals.

Two Routes to Efficiency Gains

Organizations should be looking to reduce the administrative burden of TPRM, improve efficiency, and manage risk. There are two main routes to consider, which can work together:

  • Harness the power of technology and automation.
  • Outsource the TPRM process, or parts of it, to a specialist TPRM managed service provider (MSP).
  • Harness the power of technology and automation. Using a central platform for all TPRM activity enables organizations to consolidate and digitize information and drive automation. This reduces the administrative burden on procurement and risk partners, as well as suppliers, and can provide large efficiency gains. Automating regular, lower value and burdensome tasks (e.g., supplier onboarding, questionnaire input, data input, and parts of the due diligence process) helps reduce risk and save time.
  • Outsource the TPRM process, or parts of it, to a specialist TPRM MSP. Given the costs associated with managing risk in-house (e.g., salaries of TPRM specialists), outsourcing the operational aspects of TPRM can be a cost-efficient option. However, according to S&P Global research, only 13% of organizations engage in an MSP. This is a missed opportunity to add value and gain efficiencies since an MSP provides access to people who live and breathe TPRM.

There are always elements of TPRM that should remain in-house, but tapping into external expertise helps organizations focus on their core competencies and the most strategically important suppliers. An MSP will also manage low-risk or transactional suppliers, and process administration and delivery.

The Benefits of Automation and Outsourcing

The true operational cost of TPRM is often unknown, with staff often managing third-party risk in addition to their main jobs. TPRM is often under-resourced with companies unable to meet the full scope of their regulatory obligations. S&P Global KY3P®, which offers an integrated suite of solutions to manage end-to-end third-party and vendor risk, completed an extensive analysis to review the typical tasks associated with a TPRM framework that aligns with industry best practice and regulatory guidance. Looking at the efficiency gains achieved, the results showed that leveraging technology or engaging an MSP can provide impressive efficiency gains in terms of costs, headcount, and resource requirements.

The results of the KY3P analysis showed that a company can realize significant headcount reductions across the supply chain and associated risk and control functions by leveraging technology or an MSP. Small companies (i.e., 300 suppliers) could realize a 40-50% operating efficiency pursuing technology versus using traditional manual processes (i.e., multiple spreadsheets, emails, and manual task tracking). This increased to a 60-80% reduction in overall effort when engaging an MSP to support the TPRM process.

For large companies (i.e., 1,000 suppliers), the TPRM and supply chain functions offer the highest opportunity for efficiency when leveraging technology and/or an MSP. The results showed a 40-50% reduction in effort with technology, which increased to 70-90% with an MSP.

Seizing the Efficiency Opportunity

In a complex and constantly evolving risk landscape, organizations are under a heavy burden to stay on top of TPRM. With clear efficiency gains, outsourcing parts of the TPRM activity can help strengthen an organization’s risk management process and free up in-house staff to focus on more value-added and rewarding activities.

Moving the responsibility to a firm where TPRM is the main business enables in-house TPRM staff to focus on risk management rather than process management. It is a win-win, which is why more organizations are utilizing outsourced TPRM. Done correctly, it can optimize processes, increase efficiency, and create a competitive advantage. While risk can never be eliminated entirely, the process of managing it can be less painful. There has never been a more imperative time to get smart around TPRM.

About KY3P for Third Parties

KY3P helps financial institutions simplify third-party oversight processes. A centralized data hub enables users to collect and maintain up-to-date information on vendors in a single location to assist with implementing best practices and ensuring audit readiness. Standardized questionnaires allow vendor information to be requested and stored once, with updates applied as needed. The platform helps firms collect and maintain risk information, including cybersecurity and financial ratings, sanctions data, news alerts, cyber event data, and questionnaire responses from third parties that can be used to generate risk scores. The recently released 5.0 assessment methodology enhances firms’ regulatory compliance, optimizes risk management by aligning with industry-standard risk types, increases risk transparency, and improves clarity for clearer risk communication to business teams.  Additionally, customized workflow capabilities enable users to implement KY3P into their existing processes seamlessly. Driven by insights from diverse banks, customers, and S&P Global cross-industry experience, the KY3P blended framework consists of control objectives critical to business.

Learn more about KY3P services.

Ready to see KY3P in action?

Blog

Infographic: Lithium and Cobalt Exploration Trends