On September 30, Everest Group's experts participated in a webinar titled, "Could Your Business Partners Be Offering More Risk than Support?" Cybersecurity attacks are constantly in the headlines. And while companies are indeed developing robust programs to face those challenging threats, focusing on your assets alone is no longer enough. Today, many companies exceed more than 150,000 external vendors to help run their business. But, did you know that over 60% of security breaches are actually caused directly or indirectly by a third party? Managing, monitoring, and mitigating that risk has become incredibly challenging in today’s interwoven digital universe. In this session, we discussed how the market stands today, what issues organizations are facing, why this risk is complex to manage, and above all, we reviewed new strategies and tactics to ensure robust cybersecurity practices across the supply base. Our speakers answered the following questions: Why is third-party risk management more challenging today than just a few years ago? How does the market stand today in regard to maturity, current solutions, etc.? Why aren’t historical procurement practices (contractual clauses, questionnaires, etc.) sufficient anymore What kind of innovative solutions can be implemented to put things on a better track?

Financial services firms engage with a number of third parties including outsourcing vendors. Some of the reasons for this are cost containment, access to talent pool, improving time-to-market, and adopting technology solutions. Third-party vendors play a critical role in the financial services ecosystem; however, they also pose some risks that need to be managed. Third-party risks emanate from relying upon outside parties to perform services or activities on behalf of an enterprise. Regulators expect enterprises to be responsible for all activities, regardless of whether they have been performed by a third-party or internal resources. Therefore, it is important for enterprises to manage risks from third-party relationships. As financial institutions increase dependence on third parties to deliver critical business processes and services, the complexity of oversight also increases. Third-party relationships are under increasing scrutiny by regulators globally, including the U.S. Office of the Comptroller of the Currency (OCC), Financial Industry Regulatory Authority (FINRA), the UK Financial Conduct Authority, the Prudential Regulation Authority, and the Monetary Authority of Singapore. Third-Party Risk Management (TPRM) refers to a structured approach to identify, manage and mitigate risks arising from parties other than the financial services firms or the end-consumers. To stay ahead of competition and ensure compliance, avoid fines/penalties, and manage business risks, financial services firms are focusing on containing costs of compliance and adopting disruptive business models, and mutualizing costs through shared utilities. In this research we highlight the importance of efficient TPRM practices and define the best-in-class operating model of a TPRM practice. Scope of the analysis Industry: Banking, Financial Services, and Insurance (BFSI) Geography: Global Key findings of this research are The lack of standardization with regards to collecting and distributing due-diligence data lead to duplicate efforts, creating costly and inefficient processes The standardization of technology infrastructure for Third-Party Risk Management (TPRM) enables enterprises to drive efficiencies in the entire TPRM value chain and automate several tasks Financial services firms can benefit from industry collaboration in the field of TPRM to adopt modern technologies as well as mutualize costs Shared utilities help firms to reduce costs, improve vendor information collection process, provide real-time visibility & continuous monitoring of risks, and equip financial services firms with data and analytics to respond to regulators’ demands Shared utilities empower financial services firms to gain competitive advantage by reducing costs of several non-core activities such as vendor information collection and due-diligence Financial services firms need to overcome challenges of change management, perceived loss of control, and security of vendor information to drive adoption of shared utilities Membership(s) Banking, Financial Services & Insurance (BFSI) - Information Technology Outsourcing (ITO)