Industrial manufacturers struggle on the road to third-party risk management maturity

Volatile global markets. Trade wars and protectionist tariffs. Reputational risk amid human-rights violations that include illegal labor and human trafficking. Regulatory scrutiny and potentially devastating penalties. The imposing threat of catastrophic cyber attacks.

These are historically turbulent times for the industrial manufacturing industry. And the profound impact of COVID-19 continues to heighten industry challenges as organizations endure supply-chain disruption, inventory volatility, cost cutting, and potential fraud and corrupt practices among suppliers.

Third-party relationships are increasingly embraced as a critical source of competitiveness and growth in today's remarkably challenging global environment. Yet, as our 2020 global survey of third-party risk management (TPRM) executives illustrates, industrial manufacturers are struggling to implement robust, sustainable TPRM programs amid the lack of strategies, investments, skills and technologies considered critical for the consistent selection, assessment and monitoring of third parties.

• Manufacturing businesses surveyed cite cyberrisk management, data governance/privacy, cost efficiency, business growth and brand reputation as 'business critical' initiatives. Yet 45 percent still lack the in-house capabilities needed to manage all third-party risks, with TPRM funding described as limited (51 percent) or scarce (21 percent), while 58 percent also believe their TPRM teams are 'undervalued.'
• Manufacturing businesses have the following TPRM processes in place today: assessment of third parties before contract (44 percent); third-party monitoring (40 percent) or on-site assessment (35 percent); a risk-based monitoring approach (41 percent); second-line (36 percent) or third-line (37 percent) oversight of TPRM and third parties; regular reporting of TPRM to senior management (42 percent).
• Three-quarters (74 percent) of overall respondents admit that their organizations 'urgently need to make TPRM more consistent across the enterprise.' Among manufacturers, relatively few are `highly proficient' in: ensuring global regulatory compliance (35 percent); managing global thirdparty issues (35 percent); managing or improving cyber defenses (33 percent); collaborating with internal stakeholders/partners (32 percent); fully understanding third-party risk (30 percent). Most sector businesses instead view their abilities in these areas as merely 'adequate' or 'requiring improvement.'
• Principle challenges to TPRM transformation cited among manufacturers include: lack of skills/ capabilities (36 percent); integration challenges (35 percent); regulatory breach concerns (37 percent); employee resistance (26 percent); lack of funding (27 percent); data quality/consistency (3s0 percent).
• Seamless data sharing of third-party information is viewed as 'the holy grail of TPRM' by 69 percent of overall respondents, yet many firms continue to face barriers to sharing third-party data: incompatible systems, privacy concerns, poor or inconsistent data, insufficient resources/ processes, organizational silos.
• Regulatory scrutiny of third-party relationships and privacy breaches/loss of customer data is growing -- 59 percent of respondents overall faced sanctions or regulatory findings concerning TPRM. Six of 10 say their highest reputational risk comes from the failure of third parties to deliver.