Third-party risk management – how do we navigate the headwinds?

"Optimism" abundant despite the many challenges

Third-party risk management – how do we navigate the headwinds?

Risk Management News

By Kenneth Araullo

The intricate landscape of third-party risk management (TPRM) is evolving rapidly, propelled by the increasing dependence of organizations on external entities such as vendors, suppliers, and partners.

This evolution is driven by a complex web of regulatory trends, data security and privacy concerns, and a host of operational and reputational risks. Despite the challenges, Deloitte TPRM global lead Kristian Park (pictured above) is happy to report that sentiment continues to be positive, as reported by the firm’s annual global third-party risk management survey.

“We were pleased to see that the overall respondent sentiment on organisational TPRM practices continues to be positive in terms of its ability to help companies successfully navigate various headwinds,” Park said. “In particular, organisations continue to enhance their capability and agility to meet evolving – and ever-increasing – expectations.”

The survey uncovers a prevailing sense of optimism among TPRM leaders, with 32% describing themselves as “optimistic” and a total of 83% holding either an “optimistic” or “neutral” outlook towards managing third-party relationships.

This optimism, as Deloitte explains, is even more pronounced among organizations that continue to invest in enhancing their TPRM capabilities, highlighting the importance of focusing on people, processes, and technologies to navigate the complexities and interconnected risks more effectively.

The findings also reveal that navigating the TPRM landscape is far from straightforward, with numerous headwinds in the form of geopolitical challenges, inflationary trends, environmental, social, and governance (ESG) pressures, logistic disruptions, and labour-market shortages complicating the journey.

TPRM areas of improvement

Park noted that respondents have identified several priority areas for improving TPRM practices. A significant 63% of TPRM leaders express a desire to revisit and refresh their organization’s TPRM methodology, particularly within the government and public services sector, where the need is most acute at 78%.

Additionally, 48% of leaders see a pressing need to strengthen the role of executive leadership in managing and governing third-party relationships, a sentiment most strongly felt in the energy, resources, and industrials sector (53%).

“Building resilient third-party relationships continues to be a key area of focus, with scope to better align with sustainability initiatives,” Park said. “Increased resilience is being enabled by alignment with business strategy and risk alongside a more centralised and coordinated approach enabled by technology.”

Improving skills and talent related to TPRM is another area of focus, with 47% of leaders prioritizing this aspect, especially in the government and public services sector (56%). Furthermore, Deloitte notes that almost half (45%) of respondents underscore the importance of continued investment in technology, automation, and data for TPRM, with financial services organisations feeling this need most keenly (53%).

ESG taking centre stage once again

ESG considerations are increasingly taking centre stage in TPRM, driven by regulatory pressure, emerging legislation, executive attention, and customer and stakeholder expectations. Deloitte highlights a cultural shift towards a more supportive stance on understanding and managing ESG risks and opportunities within third-party ecosystems, with nearly 6 in 10 TPRM leaders (56%) acknowledging this trend.

“Organisational cultures are becoming more supportive in understanding and managing ESG risks and opportunities, with greater adoption of quantitative scoring and assessments – albeit focused on a specific subset of ESG areas – amid data quality concerns,” Park said.

The top ESG focal areas for ensuring sustainable and responsible behaviour among third parties are corporate ethics and responsible behaviours (69%), environment (51%), and labour risks (50%). These areas align with the priorities identified in Deloitte’s previous survey, though it's noteworthy that product liability, a significant concern in 2022 (59%), has dropped to 37% in 2023.

Deloitte also sheds light on the challenges related to ESG data quality and utilization, with 25% of TPRM leaders using quantitative scoring methods to assess ESG risks, supplemented by expert input and ESG tools.

However, nearly a third of respondents report that the quality of external ESG data is “low” or “very low,” underscoring the need for improved data traceability, transparency, and tracking across the supply chain.

Navigating TPRM headwinds

Deloitte notes several recommendations and insights for enhancing TPRM effectiveness. Among these is the urgent need for executives and board members to advance ESG initiatives ahead of legislative and regulatory deadlines.

The company also emphasises the importance of addressing risks not just from direct contractors but also from subcontractors, and it advocates for a strategic, long-term approach to sustainability and resilience.

“The four key elements that astute organisations are using to enhance third-party trust are transparency, reliability, capability, and humanity,” Park said. “This shifts the focus of governance away from administering questionnaires to, for example, more collaborative conversations around innovation, strategic growth, and enhanced performance.”

Moreover, strategic investments in technologies that improve the availability, accessibility, and timeliness of ESG data are highlighted as essential for informed decision-making. Organisations are urged to gain a better understanding of the ESG data they need and how to best obtain it from various sources.

“The complex, inter-connected nature and accelerated velocity of existing and evolving risks is driving greater automation using technologies such as artificial intelligence (AI) and natural language processing (NLP),” Park said. “Companies are also harnessing the power of external and internal data and integration with other platforms across their organisation. This will enable smarter segmentation, due diligence, and monitoring together with proportionate risk management mechanisms.”

What are your thoughts on this story? Please feel free to share your comments below.

Keep up with the latest news and events

Join our mailing list, it’s free!