As economic recovery picks up speed, businesses are facing a new risk reality. Mounting uncertainty from supply chain disruption, cyber threats and growing inflationary pressure demand that they review their operating models and approach to third-party risk management (TPRM).
It comes as no surprise then that businesses are growing increasingly concerned with their operational resilience and reliance on third and fourth parties. KPMG International’s Third-Party Risk Management Outlook 2022 report reveals that TPRM is a strategic priority for 85% of businesses — up from 77% before the COVID-19 outbreak.
The report, which surveyed 1,263 industry professionals across six sectors and 16 countries, including Singapore, delves into five key challenges of TPRM and offers solutions to transform risk management in this area. Strong leadership and the ability to talk the language of the business — reflecting the priorities that business partners themselves set for third parties — are key.
Recognising the need for action, while cognisant that there is no quick fix to the challenges faced by TPRM executives, we outline recommendations designed to support a business environment in which TPRM remains high on the boardroom and management agenda throughout the pandemic recovery and beyond.
5 key challenges of TPRM
Weaknesses in the TPRM operating model, leading to missed opportunities to mitigate risk, are proving to be a major problem for businesses worldwide. Three in four respondents to our survey have experienced at least one significant disruption, caused by a third party, within the last three years.
Practitioners are held back by limited budgets that see them prioritising tactical initiatives over strategic improvements. Six in 10 (61%) believe TPRM is undervalued despite its enterprise-critical role. If businesses understood the full complexity of a sound TRPM programme, they could support larger budgets while benefitting from new efficiencies around operational resilience, cyber security and fraud.
Respondents expect to use technology to automate or support 58% of TPRM tasks within three years, which will free them to focus on activities that require human review and interaction. Today, however, 59% are frustrated by the lack of visibility that their technology gives them around third-party risk.
TPRM programmes are continuing to evolve while teams contend with a growing body of work. Digital tools will help shoulder the burden, but TPRM’s remit is expanding across all risks, domains and types of third parties. The number of businesses assessing all third parties for environmental risk is, for example, expected to reach 30% within three years. A risk-based approach, allocating resources to the highest-risk arrangements, would be preferable.
Respondents largely accept that it has been luck, rather than their TPRM programmes, which have helped them avoid major third-party incidents during the COVID-19 pandemic. In turn, 77% believe that their operating model is overdue for an overhaul.