Is Continuous Monitoring the Holy Grail of Third Party Risk Management?
Recent observations of the Third Party Risk Management (TPRM) landscape from industry conferences, surveys, and independent research have raised the question of whether continuous monitoring of vendors and suppliers is the real lynchpin of TPRM and whether this is an area that is underutilized by many practitioners.
While there are lots of options out there for performing and housing due diligence questionnaires and self-assessments, as well as options for centralizing contracts and workflows, these options often lack the ability to continuously monitor vendors. Additionally, companies often embrace a risk-based approach focused on just those at the highest end of the perceived spectrum. Consequently, these vendors receive almost exclusive attention and smaller, less risky companies are left without. This approach seems to be the norm in the industry.
Companies can benefit from developments in the technological landscape to utilize AI-based tools like NLP to really start analyzing enormous volumes of data across the globe. This way, they are able to make sure any potential risks are brought to attention, practically in real time, regardless of the size of the entity or where it is located. This can also speed up and make the onboarding process much more efficient as screens can be run instantaneously to ensure onboarding checks can be completed in a much more timely manner.
Adverse media screening doesn’t hold all the information you need to be entirely comfortable. However, in conjunction with mainstream due diligence and financial stability checks, it does provide a holistic view of the landscape and ensures any recent developments are captured before they show up in financial statements or in between reviews.
Why is continuous monitoring so special?
So what is so special about continuous monitoring and how does it help a practitioner get a better understanding of their vendors? Well, it’s practically impossible to perform manual and detailed due diligence on hundreds, if not thousands of vendors by a human that includes screening all available news across the globe in a timely manner. Moreover, machines can do the reading for you and only surface the relevant insights that you might have missed and give you the confidence that you can monitor a much larger universe than you could before. More importantly: not just the highest risk names get monitored, now ALL your vendors can get the same attention.
Consequently, the power is really in leveraging the ability of these machines that don’t sleep, don’t get tired and have incredible synthesizing capacity to augment the important work that analysts and third party risk managers engage in.
Can you really afford to be missing such a critical aspect of a truly comprehensive TPRM program?
Danny Haydon – Chief Commercial Officer, Owlin Inc.