No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Risk

“And the Award for the Most Disastrous Third-Party Risk in 2020 Goes to …”

Some Third-Party Risk Management Providers Failed to Account for Leading Risks During the Pandemic

by Atul Vashistha
April 27, 2021
in Risk
“And the Award for the Most Disastrous Third-Party Risk in 2020 Goes to …”

Without a doubt, 2020 was a blockbuster year for risk and disruption – but by evaluating the shortcomings of risk practices, we can enable proactive strategies that can significantly improve business continuity and resiliency for whatever happens next.

“And the Award for the Most Disastrous Third-Party Risk in 2020 Goes to …”

Imagine if there were an annual award show for risk. Of course, due to the pandemic, the award show would have to be virtual – but if there were such a show, the pinnacle award would be for the Most Disastrous Risk of the Year.

Hands down, the award for 2020 would go to location risk. In case you aren’t familiar with location risk’s body of work, it includes events specific to a geographical location: natural disasters such as hurricanes, earthquakes and disease outbreaks; social unrest including riots and strikes; political instability resulting from high-level corruption or a coup; terror attacks, whether physical or cyber; and macroeconomic conditions like high inflation and high unemployment.

All kidding aside, this is detrimental because most organizations’ third-party risk management programs ignore location risk altogether. During 2020, their almost laser-like focus on financial and cyber risks left businesses uninformed and behind the eight ball, struggling to keep up with the rapidly changing risk landscape. In fact, during the pandemic, financial and cyber risks were actually lagging indicators.

As the pandemic gained steam, there were countless leading indicators, which – if known early enough – could have been used to improve business continuity and resiliency.

Financial and Cyber Risks: Lagging Indicators

Let’s take a look at COVID-19’s cascading risk scenario to further explain why financial and cyber risks were actually lagging indicators during the pandemic. When the crisis started, the first business continuity risks arose as China’s government enacted restrictions to stop the spread of the disease. Next came government regulations risk in other countries from shutdowns, border closures, travel bans, etc. Then entered people risks, as a pandemic is foremost a health risk. Risks of wide-scale absenteeism grew due to individuals either contracting the disease themselves or having to care for family members who were ill. Some locations were significantly more vulnerable due to weak health care infrastructure.

After people risks came remote-work requirements and lockdowns that were stricter and longer in some locations than in others. In many areas, this was a challenge due to poor internet infrastructure and a shortage of laptop computers. With people forced to work from home on unsecured networks and personal computer equipment, cybersecurity risks increased.

As the pandemic continued long-term and economies constricted to different degrees in different locations, financial cracks finally began to show with third parties. With a reactionary approach that relied on monitoring changes in only financial or even cyber risks, businesses were late to prevent a cascading downfall.

The 3 Resiliency Lessons Learned

If COVID-19 has a silver lining, it’s the opportunity to learn from our risk management shortcomings and advance our risk management practices to ensure greater future resiliency. Our experience during the pandemic brought into focus three critical lessons:

  1. Resiliency requires monitoring location risk. Unfortunately, as many enterprises ignored location risks in their TPRM program, they were left in the dark about the locations from where services were provided. They didn’t understand the inherent weakness and vulnerabilities of each location and were ill-informed when their location’s risk landscape changed, forcing them to manage risk reactively.
  2. Resiliency requires monitoring risk continuously. During 2020, the foundation of the majority of risk management programs were legacy processes like point-in-time assessments, due diligence and onboarding. Because most organizations lacked continuous monitoring capabilities, they were forced to rely on data collected months before the pandemic. As the risk landscape rapidly evolved and changed with each new day, this stale data was unhelpful and at times counterproductive for risk mitigation efforts during the pandemic.
  3. Resiliency requires monitoring risk across broad frameworks. A global crisis such as COVID-19 presents the unique challenge of cascading risks. Global business supply chains are hyperconnected, and managing business continuity during the unprecedented disruptions without a guidebook was difficult. There’s only one way to effectively predict what comes next when faced with a cascading risks scenario, and that’s through continuous monitoring of broad risk aperture.

The Risk Horizon for the Rest of 2021

The global effects of the pandemic are far from over. Although some countries are making progress on vaccinating their citizens, many countries are at a financial and health care infrastructure disadvantage. The longer the virus continues, the greater the chance that mutations could result in variants that could reduce the efficacy of our current vaccine protocols. Vaccinated travelers to foreign countries could bring variants home, re-igniting the problems we faced in the early days of the pandemic.

Beyond location risks, others to consider include:

  • People risks will continue to remain high. Talent well-being in terms of physical, mental and emotional health should be a high-priority focus in 2021. Talent is always a resource constraint, but it’s especially so in a pandemic.
  • Cyber risks will continue to increase as companies adopt more permanent remote and distributed working models.
  • Financial risks could rise. As the crisis is prolonged, we could see greater negative impact to revenues. This poses a tremendous financial risk, especially for small- and medium-sized companies without a strong enough balance sheet to get them through the crisis.
  • Regulatory and compliance risks will rise as regulators add new regulations to address the distributed and non-physical work environments of “work from anywhere.”
  • Supply-chain disruption risks got a lot of attention during the pandemic as enterprises realized they lacked view beyond their third parties. Effective mitigation of supply chain disruption risks requires a deep view to the Nth parties of the supply chain.
  • ESG risks have become a hot topic in the last six months. Failure to incorporate ESG risk monitoring will leave companies susceptible to compliance and reputation risks at their own enterprise level and throughout their supplier network.

Advancing Risk Management through Automation

When we are finally able to get COVID-19 under control globally, we must consider the possibility that the virus is only a “practice pandemic.” The next one could be worse in terms of mortality rate and business disruptions.

As it’s impossible to predict with certainty where the next global crisis will come from, enterprises must incorporate continuous monitoring capabilities across a broad risk aperture to enable the early warning system that continuity and resiliency requires. Unfortunately, today’s risk landscape is so vast that continuously monitoring risk is beyond human capabilities. The good news: there are risk solutions in the market that leverage automation to enable continuous monitoring that allows internal risk teams to move away from spending time on risk identification efforts to focus instead on risk mitigation.

For the increased volume of risk findings that may result, cutting-edge risk solutions have leveraged further advances in AI, data science and machine learning to automate a significant portion of risk actions required. Internal risk teams can focus on only the most critical risk mitigation efforts that require human intervention and effort. Incorporating today’s automation in TPRM programs can enable continuous monitoring across a broad risk aperture to provide a current and comprehensive view of an enterprise’s risk landscape.

Looking Ahead, Proactively

Eventually, we will move beyond the pandemic, but our dynamic risk landscape is here to stay. Proactive risk management can achieve continuity and resiliency going forward, but it will require enterprises to move to risk management practices that include continuous monitoring across a wide risk aperture, including location risk.

Fortunately, humans don’t have to do it alone. Today’s automation capabilities enable risk teams to stay ahead of the rapidly changing risk landscape effectively and cost efficiently. Early warning from leading indicators and automated risk-mitigation actions will enable risk teams to do more with less, and enterprises will experience improved business continuity and resiliency facing whatever new risk is next on the global horizon.


Tags: Risk AssessmentThird Party Risk Management
Previous Post

ThetaRay’s AML Solution for Cross-Border Payments Now Cloud-Based

Next Post

3 Priorities for Forward-Thinking Boards

Atul Vashistha

Atul Vashistha

Atul Vashistha is recognized globally as a leading expert on supply chain risk and global business governance. He has authored three bestselling books: The Offshore Nation, Globalization Wisdom and Outsourcing Wisdom. Atul is the Founder and Chairman of Supply Wisdom. Founded in 2017 as an early warning service for business disruption risk, today, Supply Wisdom® is the market-leading patented continuous risk intelligence, monitoring and risk actions automation solution. Atul serves on boards on IAOP, Shared Assessments and Zemoga. He has also recently served as Vice Chair for the U.S. Department of Defense Business Board.

Related Posts

Build and Scope Better Vendor Due Diligence Questionnaires

Build and Scope Better Vendor Due Diligence Questionnaires

by Corporate Compliance Insights
January 18, 2023

Make sure you're asking all the right questions when onboarding new third-party vendors White Paper Build and Scope Better Vendor...

SWISS GRC DAY 2023

SWISS GRC DAY 2023

by Aarti Maharaj
December 15, 2022

The SWISS GRC DAY brings together interested parties from all over Switzerland and nearby countries. Topics include first-hand news, challenges...

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

16th Edition Third Party Vendor Risk Management for Financial Institutions Conference

by Aarti Maharaj
December 8, 2022

The GFMI 16th Edition Third Party Vendor Risk Management for Financial Institutions conference taking place in New York, NY on...

cci top 10 stories collage

Top 10 Compliance Stories of 2022

by Jennifer L. Gaskin
December 7, 2022

The more things change, the more they stay the same. This time last year, we summarized the top 10 ESG...

Next Post
3 Priorities for Forward-Thinking Boards

3 Priorities for Forward-Thinking Boards

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT