ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø

As regulatory, policy, and geopolitical risks continue to shift, Compliance reassesses risks and controls related to third parties and how automation can assist. ÀÖÓ㣨Leyu£©ÌåÓý¹ÙÍø discussed third-party risk management (TPRM) changes with Chief Compliance Officers (CCOs).

Key themes and insights shared include:

Resourcing & Scope:

• Differences in federated versus centralized third-party processes/structures depending on both industry as well as on vendor tiering
• 4th party concerns â€� analysis for social/ethical sourcing compliance; overall nominal oversight and recognition of the dependence on the robustness of third-party program/control strength

Monitoring & Reporting:

• Shift to engagement level risk assessment
• Reassessment of TPRM risks amidst regulatory/policy changes (e.g., FCPA, cyber, security, privacy)
• Difficulty/complexity to aggregate and establish commonality of KRIs across groups/functions (e.g., Quality, Finance)

Automation, Tools, & AI:

• A 'promise of AI' but still in use case phase of "crawl-walk-run"
• Actively looking at how to utilize AI/ML (e.g., screenings, execution of de novo reviews versus relying on certifications)
• Initial adoption of AI in select areas like onboarding (e.g., anti-bribery/corruption checks)

Compliance stakeholders should be united with other key stakeholders across Procurement, Business, Risk Oversight, and Legal to understand where and how third/nth parties are being used and whether that is acceptable within risk tolerances. Compliance should help drive a risk-based selection and monitoring of third parties. Third-party risk is a strategic priority whose success rests on four pillars: governance, process, infrastructure, and data.

For more CCO insights and perspectives, see "Explore More" below.