Third-Party Risk Management should be a focus of yours in 2023 if you’re working in Procurement or Legal. Let’s face it, we’re going to have a year filled with risks emanating from destabilised globalisation, data privacy laws, increasing regulation, failures in the supply chain and cyber breaches to name but a few.
What we need to figure out is how we stop these risk events from happening.
So here are five Third-Party Risk Management Trends for 2023 I’d be thinking about.
1. You need to understand Data Protection and track your data role
Gartner notes that "by the end of 2023, modern privacy laws will cover the personal information of 75% of the world's population”. GDPR was the first of many waves of new data privacy legislation.
Your organisation is responsible for personal data categories such as employee data. It will also have responsibilities regarding personal data that vendors can access.
For example, if you onboard a new HR System that requires your collection of you employees' personal information, your vendor is likely to be a processor. If so, you need to have the correct Standard Contract Clause in place within your Data Processing Agreement to govern this.
Under the General Data Protection Regulation (GDPR), organisations must comply with several data roles such as Controller, Processor and Data Subject.
You need to understand the data role of your vendors and your organisation. You can use the custom data capability within Gatekeeper to create data protection insights to track your role (e.g. are you a data controller or a data processor?) and that of your vendors.
Define custom data for your vendors within Gatekeeper
See, the fines are no longer a slap on the wrist but a hammer blow to your organisation.
The GDPR provides for two types of fines: administrative and corrective. Administrative fines are the more common type of fine.
You will receive an Administrative fine for less severe violations of the GDPR. A less severe fine is a maximum of €10 million, or up to 2% of the organisation's global annual revenue, whichever is greater.
Corrective fines are more severe than Administrative fines, and you'll receive this type of fine for violations of the GDPR that pose a higher risk to the rights and freedoms of individuals."
The severe fines are a maximum of €20 million, or up to 4% of the organisation's global annual revenue, whichever is greater.
Safeguarding your data privacy compliance within your Vendor base has never been more critical.
2. Increased focus on Sustainability and environmental, social, and governance (ESG) factors
As companies continue to prioritise sustainability and responsible business practices, they are likely to place greater emphasis on evaluating the ESG performance of their vendors. ESG performance could include factors such as a vendor's carbon footprint, labour practices, and human rights record in the risk assessment process.
Within Gatekeeper, you can use forms in the vendor onboarding process to ask specific ESG-related questions. Your vendor can access these questions through the vendor portal to provide responses that the Procurement Team and the wider business can review.
ESG and Sustainability-focused teams are emerging. It's rare to see a Sustainability Team in organisations today, but perhaps not in the next year or two. Procurement will likely have some ownership, but this direction will likely come from the Senior Leadership Team and become embedded throughout the entire organisation.
3. Greater use of technology and automation in vendor risk management
As the volume and complexity of vendor relationships continue to grow, companies are likely to turn to technology and automation. Using dedicated software will improve the efficiency and effectiveness of their Vendor risk management processes.
Your business may choose technology that includes:
- Artificial intelligence
- Machine learning
- Data analytics in automated risk assessments
- Continuous monitoring of vendor performance, such as their credit scores.
See your vendor's cyber and financial health with risk intelligence feeds
Third-Party Risk Management software, like Market IQ, can provide several benefits over a manual approach to third-party risk management, including:
- A. Improved efficiency: Third-party risk management software can automate many tedious and time-consuming tasks. This includes issuing comms to your vendor should a risk event emerge that was identified through a continuous monitoring feed that analyses your vendors using thousands of data points to determine their financial and cyber health.
If your vendor suffered a drop in its cyber or financial health overnight you’ll have automation that alerts you to these issues. The move to software can free up time and resources for more strategic tasks and help ensure that risks are identified and addressed promptly. - B. Increased accuracy: Third-party risk management software can help to reduce the risk of errors and omissions. By automating the risk assessment process and providing standardised templates and tools, this software can help to ensure that risks are consistently and accurately identified and evaluated.
- C. Enhanced collaboration: Third-party risk management software often includes tools for collaboration and communication, such as secure messaging and document sharing. This software can improve communication and coordination between different teams and departments, ensuring that all stakeholders are involved in the risk management process.
- D. Improved reporting: Third-party risk management software can generate comprehensive reports that depict an organisation's third-party risks. These reports can be used to demonstrate compliance, identify trends and patterns, and inform decision-making. I'm particularly fond of the Credit and Cyber scores that I can see on-screen whenever I view one of my vendors.
4. Increased emphasis on resilience and continuity planning
As businesses continue to face uncertainty and disruption from various economic, geopolitical, and environmental sources, they are likely to emphasise the resilience and continuity of their third-party relationships.
To create resilience, you could diversify vendors, conduct scenario planning, and implement contingency plans to mitigate disruption risks.
Ensuring you have the Disaster Recovery and Business Continuity Plans of your most strategic and important vendors (identified through your Vendor Segmentation activities) could be the difference here.
These documents would allow you to carry out a disaster recovery exercise involving these vendors. Such tests ensure you have the best processes to bounce back from any issues should they arise in the real world.
Store business continuity plans centrally in Gatekeeper
5. Vendor Cyber Health will be top of mind
Conducting regular vendor risk assessments is essential to protect your business from the risks associated with vendor cyber health. You'll want to implement robust vendor management processes across your organisation. You could provide vendor cyber security training.
By taking these steps, you can protect your business from cyber threats and position yourself for success."
Through Gatekeeper, you can have confidence that your Vendor's Cyber Health is monitored through Market IQ: Cyber. We can provide you with a Cyber score that indicates the health of your Vendor and allows you to make informed business decisions.
Once that is populated, you can get a health score and continuously monitor your Vendor's cyber health. If it drops, Gatekeeper will start a risk mitigation process by notifying those that need to know, such as your Software Procurement Manager and InfoSec Team. You can then review and monitor this change until you're happy that the issue has been closed.
Wrap Up
These trends will likely be driven by a combination of factors, including changes in the business environment, technological advances, regulations and evolving stakeholder expectations.
By staying up-to-date on these trends and adapting their third-party risk management practices accordingly, companies can ensure that they are well-positioned to manage the risks associated with their Vendor relationships and maintain the resilience and sustainability of their business.
Unlock the power of third-party risk management in 2023 with Gatekeeper."
Book a demo of our innovative Contract and Vendor Lifecycle Management platform now and see how it can transform your business.