using metrics to improve your third-party risk management … › en-us › file-download... ·...
TRANSCRIPT
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 0
Using Metrics to Improve Your
Third-Party Risk Management Program
Presented byRandy Stephens & Michael Volkov
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 1www.navexglobal.com
• NAVEX Global’s 2017 Third-Party Risk Management Benchmark Report
• Key Findings
• Using Metrics to Improve your Third-Party Risk Management Program
• Key Takeaways & Recommendations
• Q&A + Additional Resources
Agenda
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 2www.navexglobal.com
Statistical SnapshotThe 2017 Third Party Risk Management Benchmark Report
• Conducted by an independent research company, collected anonymously
• 427 respondents across more than 22 industries, Including:
Job Level:• 8% C-Suite & Senior Executives• 42% Senior Managers & Directors• 28% Other Management• 16% Non-Management
Regions Where Respondents Manage Third Parties:• 78% United States• 54% Europe• 50% Asia• 42% Latin America• 41% Canada• 33% Middle East• 32% Australia / New Zealand / Pacific Islands• 28% Africa• 21% Caribbean
Job Function:• 25% Ethics & compliance• 20% Legal• 15% Risk Management
Company Size:• 38% Large Organizations (5,000+ employees)• 34% Medium Organizations (500 – 5000 employees)• 28% Small Organizations (<500 employees)
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 3www.navexglobal.com
Key Findings
Using Metrics to Improve Your Third-Party Risk Management Program
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 4www.navexglobal.com
Risk-Based Programs are EvolvingKey Findings
• Top program concerns this year have shifted from previous years
• Budget security has improved
• Mature programs are aligning with evolving regulatory requirements
• Automation delivers program sophistication and performance
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 5
Survey QuestionHow concerned are you about your third party risk management program?
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 6www.navexglobal.com
A continual shift over the last three yearsTop Issue: Cyber Security and Data Protection
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 7www.navexglobal.com
Legal concerns top program objectives for the third consecutive yearTop Objectives Align to Risk Protection
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 8www.navexglobal.com
A shift in issues does not likely alter long term trendsA Shift in Issues in 2017
• Cyber security and data protection is a universal market concern
• Risk management essentials remain the focus of third party risk programs
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 9www.navexglobal.com
Consistent challenges for program stakeholdersBudget Trends Look Positive
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 10www.navexglobal.com
The third party landscape continues to growSignificant Organizational Risk Lies with Third Parties
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 11www.navexglobal.com
A realization of the level and nature of riskBudget Improvements Indicate Increasing Understanding & Maturity
• Increases in anticipated budgets allow for strategic planning and program consistency
• Understanding your risk factors helps to define program requirements
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 12
Survey QuestionAt what maturity level do you believe your program currently resides?
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 13www.navexglobal.com
Risk-based program requirements drive program sophistication We See an Increase in Program Maturity
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 14www.navexglobal.com
A risk-based approach drives risk mitigationImprovements in the Approach to Risk Management
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 15www.navexglobal.com
Screening and Monitoring Practices Tied to Program Maturity
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 16www.navexglobal.com
Regulatory Alignment Structures Strong Programs
• Multiple global regulatory agencies are aligning on program best practice recommendations
• Mature third party risk management programs tend to align to those recommendations, processes and structure
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 17
Survey QuestionDo you use a purpose-built automated solution to manage your third party risk management? (i.e., not an office management solution)
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 18www.navexglobal.com
Making the commitment to automated third party risk management is obviousAutomated Systems Are a Requirement for Program Success
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 19www.navexglobal.com
Automated solutions allow for more complete risk managementAutomated Systems Are a Requirement for Program Success
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 20www.navexglobal.com
Program Assessment Defined by Maturity
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 21www.navexglobal.com
Automated systems improve program performanceAutomated Systems Are a Requirement for Program Success
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 22www.navexglobal.com
Mature Programs See Exceptional Performance
Those respondents with advanced programs rate their ability to do the following:
• Implement a risk-based program: 87%
• Comply with laws and regulations: 87%
• Conduct deeper dives where needed: 82%
• Defensibility of program with enforcement agencies: 83%
• Accurately define risk: 84%
• Determine the ROI of the program: 50%
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 23www.navexglobal.com
Mature Programs See Exceptional Performance
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 24www.navexglobal.com
Program Maturity as a Performance Driver
• Those with reactive and basic programs put themselves at risk
• Those with maturing and advanced programs are most likely to see better results
• When seeking a third-party risk management program ROI, keep in mind that automated programs typically deliver measurable results upon which you can build additional program elements
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 25www.navexglobal.com
Using Metrics to Improve Your Third-Party Risk Management Program
Using Metrics to Improve Your Third-Party Risk Management Program
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 26www.navexglobal.com
Metrics to Know
• The point at which managing third parties appears to become more challenging is when the number of third parties reaches 100
• 57% of all respondents indicate that they pursue a risk-based program that corresponds to the nature and level of risk
• 38% of respondents update their third party due diligence policy once a year
• In 2016, 25% of respondents identified none of their third parties as high risk. In 2017, only 3% identified none of their third parties as high risk.
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 27www.navexglobal.com
Metrics to Know
• 69% of respondents identified or discovered red flags or other negative third-party information through their due diligence processes
• Among those who use third-party due diligence providers to facilitate their programs, those systems typically return:
− adverse media reports (64%)
− government investigations or conviction (59%)
− connections to government officials (55%)
− adverse financial information (54%)
− politically exposed persons (52%)
− individuals or entities on a government or sanctions watch list (51%).
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 28www.navexglobal.com
Key Takeaways and Recommendations
Using Metrics to Improve Your Third-Party Risk Management Program
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 29www.navexglobal.com
Demonstrating third-party risk management program valueKey Takeaways
• Benchmarking your program is critical; identify points of improvement
• Secure an annual budget and executive support
• Understand where your program lies on the the maturity index – strive for improvement
• Consider how you will measure program effectiveness
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 30
Additional Third Party Risk Management Assets
• Third Party Risk Management Thought Leadership: http://www.navexglobal.com• White Paper: How to go from Manual to Automated Third Party Due Diligence Monitoring: Ten Steps
to Success• White Paper: Anti-Bribery & Corruption Risk Assessment Checklist• White Paper: What to Ask: Assessing Third Party Risk Management Solutions• Guide: A Prescriptive Guide to Third Party Risk Management• Guide: Definitive Guide to Third Party Risk Management
• More Benchmarking Resources From NAVEX Global:o 2017 Hotline Benchmark Report & Toolkito 2017 Policy Management Benchmark Reporto 2017 Ethics & Compliance Training Benchmark Report
Become a member of our community-driven resource library: ComplianceNext.com
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 31www.navexglobal.com
Questions
Copyright © 2017 NAVEX Global, Inc. All Rights Reserved. | Page 32www.navexglobal.com
Thank You