No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
    • On-Demand
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Risk

“And the Award for the Most Disastrous Third-Party Risk in 2020 Goes to …”

Some Third-Party Risk Management Providers Failed to Account for Leading Risks During the Pandemic

by Atul Vashistha
April 27, 2021
in Risk
“And the Award for the Most Disastrous Third-Party Risk in 2020 Goes to …”

Without a doubt, 2020 was a blockbuster year for risk and disruption – but by evaluating the shortcomings of risk practices, we can enable proactive strategies that can significantly improve business continuity and resiliency for whatever happens next.

“And the Award for the Most Disastrous Third-Party Risk in 2020 Goes to …”

Imagine if there were an annual award show for risk. Of course, due to the pandemic, the award show would have to be virtual – but if there were such a show, the pinnacle award would be for the Most Disastrous Risk of the Year.

Hands down, the award for 2020 would go to location risk. In case you aren’t familiar with location risk’s body of work, it includes events specific to a geographical location: natural disasters such as hurricanes, earthquakes and disease outbreaks; social unrest including riots and strikes; political instability resulting from high-level corruption or a coup; terror attacks, whether physical or cyber; and macroeconomic conditions like high inflation and high unemployment.

All kidding aside, this is detrimental because most organizations’ third-party risk management programs ignore location risk altogether. During 2020, their almost laser-like focus on financial and cyber risks left businesses uninformed and behind the eight ball, struggling to keep up with the rapidly changing risk landscape. In fact, during the pandemic, financial and cyber risks were actually lagging indicators.

As the pandemic gained steam, there were countless leading indicators, which – if known early enough – could have been used to improve business continuity and resiliency.

Financial and Cyber Risks: Lagging Indicators

Let’s take a look at COVID-19’s cascading risk scenario to further explain why financial and cyber risks were actually lagging indicators during the pandemic. When the crisis started, the first business continuity risks arose as China’s government enacted restrictions to stop the spread of the disease. Next came government regulations risk in other countries from shutdowns, border closures, travel bans, etc. Then entered people risks, as a pandemic is foremost a health risk. Risks of wide-scale absenteeism grew due to individuals either contracting the disease themselves or having to care for family members who were ill. Some locations were significantly more vulnerable due to weak health care infrastructure.

After people risks came remote-work requirements and lockdowns that were stricter and longer in some locations than in others. In many areas, this was a challenge due to poor internet infrastructure and a shortage of laptop computers. With people forced to work from home on unsecured networks and personal computer equipment, cybersecurity risks increased.

As the pandemic continued long-term and economies constricted to different degrees in different locations, financial cracks finally began to show with third parties. With a reactionary approach that relied on monitoring changes in only financial or even cyber risks, businesses were late to prevent a cascading downfall.

The 3 Resiliency Lessons Learned

If COVID-19 has a silver lining, it’s the opportunity to learn from our risk management shortcomings and advance our risk management practices to ensure greater future resiliency. Our experience during the pandemic brought into focus three critical lessons:

  1. Resiliency requires monitoring location risk. Unfortunately, as many enterprises ignored location risks in their TPRM program, they were left in the dark about the locations from where services were provided. They didn’t understand the inherent weakness and vulnerabilities of each location and were ill-informed when their location’s risk landscape changed, forcing them to manage risk reactively.
  2. Resiliency requires monitoring risk continuously. During 2020, the foundation of the majority of risk management programs were legacy processes like point-in-time assessments, due diligence and onboarding. Because most organizations lacked continuous monitoring capabilities, they were forced to rely on data collected months before the pandemic. As the risk landscape rapidly evolved and changed with each new day, this stale data was unhelpful and at times counterproductive for risk mitigation efforts during the pandemic.
  3. Resiliency requires monitoring risk across broad frameworks. A global crisis such as COVID-19 presents the unique challenge of cascading risks. Global business supply chains are hyperconnected, and managing business continuity during the unprecedented disruptions without a guidebook was difficult. There’s only one way to effectively predict what comes next when faced with a cascading risks scenario, and that’s through continuous monitoring of broad risk aperture.

The Risk Horizon for the Rest of 2021

The global effects of the pandemic are far from over. Although some countries are making progress on vaccinating their citizens, many countries are at a financial and health care infrastructure disadvantage. The longer the virus continues, the greater the chance that mutations could result in variants that could reduce the efficacy of our current vaccine protocols. Vaccinated travelers to foreign countries could bring variants home, re-igniting the problems we faced in the early days of the pandemic.

Beyond location risks, others to consider include:

  • People risks will continue to remain high. Talent well-being in terms of physical, mental and emotional health should be a high-priority focus in 2021. Talent is always a resource constraint, but it’s especially so in a pandemic.
  • Cyber risks will continue to increase as companies adopt more permanent remote and distributed working models.
  • Financial risks could rise. As the crisis is prolonged, we could see greater negative impact to revenues. This poses a tremendous financial risk, especially for small- and medium-sized companies without a strong enough balance sheet to get them through the crisis.
  • Regulatory and compliance risks will rise as regulators add new regulations to address the distributed and non-physical work environments of “work from anywhere.”
  • Supply-chain disruption risks got a lot of attention during the pandemic as enterprises realized they lacked view beyond their third parties. Effective mitigation of supply chain disruption risks requires a deep view to the Nth parties of the supply chain.
  • ESG risks have become a hot topic in the last six months. Failure to incorporate ESG risk monitoring will leave companies susceptible to compliance and reputation risks at their own enterprise level and throughout their supplier network.

Advancing Risk Management through Automation

When we are finally able to get COVID-19 under control globally, we must consider the possibility that the virus is only a “practice pandemic.” The next one could be worse in terms of mortality rate and business disruptions.

As it’s impossible to predict with certainty where the next global crisis will come from, enterprises must incorporate continuous monitoring capabilities across a broad risk aperture to enable the early warning system that continuity and resiliency requires. Unfortunately, today’s risk landscape is so vast that continuously monitoring risk is beyond human capabilities. The good news: there are risk solutions in the market that leverage automation to enable continuous monitoring that allows internal risk teams to move away from spending time on risk identification efforts to focus instead on risk mitigation.

For the increased volume of risk findings that may result, cutting-edge risk solutions have leveraged further advances in AI, data science and machine learning to automate a significant portion of risk actions required. Internal risk teams can focus on only the most critical risk mitigation efforts that require human intervention and effort. Incorporating today’s automation in TPRM programs can enable continuous monitoring across a broad risk aperture to provide a current and comprehensive view of an enterprise’s risk landscape.

Looking Ahead, Proactively

Eventually, we will move beyond the pandemic, but our dynamic risk landscape is here to stay. Proactive risk management can achieve continuity and resiliency going forward, but it will require enterprises to move to risk management practices that include continuous monitoring across a wide risk aperture, including location risk.

Fortunately, humans don’t have to do it alone. Today’s automation capabilities enable risk teams to stay ahead of the rapidly changing risk landscape effectively and cost efficiently. Early warning from leading indicators and automated risk-mitigation actions will enable risk teams to do more with less, and enterprises will experience improved business continuity and resiliency facing whatever new risk is next on the global horizon.


Tags: Risk AssessmentThird Party Risk Management
Previous Post

ThetaRay’s AML Solution for Cross-Border Payments Now Cloud-Based

Next Post

3 Priorities for Forward-Thinking Boards

Atul Vashistha

Atul Vashistha

Atul Vashistha is the founder and chairman of Supply Wisdom, a risk intelligence monitoring platform. Atul serves on boards on IAOP, Shared Assessments and Zemoga. He has also recently served as vice chair for the U.S. Department of Defense Business Board.

Related Posts

chess strategy

Regulatory Pullback Amplifies Need for Strategic Risk Controls

by Elizaveta Egorova, Melanie Standish and Jonathan Roberts
July 8, 2025

Deregulatory environments can mask growing hidden risks from shareholder litigation to reputational damage

GAN Integrity TPRM & AI

Where TPRM Meets AI: Balancing Risk & Reward

by Corporate Compliance Insights
May 13, 2025

Is your organization prepared for the dual challenges of AI in third-party risk management? Whitepaper Where TPRM Meets AI: Balancing...

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

robot reviewing contract

9 Emerging Use Cases for AI in TPRM

by Miriam Konradsen Ayed and Craig Moss
May 6, 2025

(Sponsored) As third-party ecosystems grow more complex, compliance teams face mounting pressure to assess and monitor external relationships effectively. Miriam...

Next Post
3 Priorities for Forward-Thinking Boards

3 Priorities for Forward-Thinking Boards

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
    • Upcoming
    • On-Demand
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights