In the Shadow of the Pandemic, TPRM Is Even More Crucial

| By Aki Eldar

The coronavirus pandemic caught the world by surprise, hitting critical business services like supply chains especially hard. The COVID-19 crisis has changed the risk landscape. It has also exposed vulnerabilities in financial and other large organizations’ reliance on their third parties, which form the basis of their abilities to serve customers and maintain business continuity.

If these organizations want to maintain productivity and business continuity in the short and long terms, they need to take a closer look at their supply chains and begin rethinking their Third Party Risk Management (TPRM) programs.

risk management in pandemic


TPRM in the Short Term

Since the pandemic is far from over, organizations need to urgently understand how TPRM contributed to (or detracted from) the resilience of business services.  The following questions should be asked:

  • Which of their third and fourth parties remain robust, and which were (or still are) causing shortfalls?

  • Which parties have turned out to be the weak links, and how can these links be strengthened or circumvented?

  • Which business continuity dependencies failed, and how can redundancies or substitutes be created to avoid similar problems in the future?

  • Lastly, how can the dynamic landscape be continuously observed to respond to resulting risk changes in time?


What Happens After the Crisis? A Paradigm Change is Needed

To facilitate recovery from the current pandemic as well as resilience in the face of future crises, companies should focus on the following for their TPRM solutions

1. New Data Sources, processes and workflows. TPRM organizations need to adopt solutions that allow them to introduce new data sources, processes and workflows in a matter of days instead of months. These should be implemented for not only every new third party but also for those onboarded in the past – continuously reevaluating the risk they pose to the organization. For example, consider how useful it would be to understand the effects of COVID-19 on all third parties by cross-referencing the geographical locations of third-party offices with known pandemic outbreak hotspots. Doing this as part of due diligence for onboarding and as part of ongoing continuous monitoring would shine new light on the actual risks to business continuity from the pandemic.

2. Digitalization. The TPRM process overall needs to be faster to allow organizations to be able to keep up with the pace of business and global events – and respond faster. As large corporations have a problem with bureaucracy, digitizing the TPRM process is key, as it can sidestep slow-moving, lengthy administrative policies as well as labor-intensive processes, thereby making transformations less cumbersome and more timely.

3. Establish a “single data lake” approach. This will enable massive volumes of data, including real-time streamed data, to be stored in – and analyzed from – the same place. When all information is in one place, it may be easier to identify problems, connect the dots and understand how everything relates to each other in a wider context. For example, it may be more obvious for a company to see the risk posed by depending on a third party in just one geo-location. This could enable better preparation for frequent risk landscape changes. For example, while having effective back-up plans for one or even several locations was the standard pre-COVID-19, the pandemic showed everyone that there is, in fact, a need to plan for continuity and recovery when all third-party locations are affected, whether closed or forced offline.

4. Invest in human & technological resources. Current TRPM programs did not foresee COVID-19-related risks, specifically how the lockdowns of critical third parties in various locations around the world back in March would affect businesses’ continuity. Therefore, TPRM programs need to have more analysts who can understand the broader context that could foretell such risks – instead of just manage them – in the future. It’s a matter of investing in human and technological resources and utilizing them in a smarter way. Adoption of next-generation orchestration and automation TPRM solutions will enable improved visualization of online alerts and data. This will lead to stronger, smarter reporting and action.

There are of course many other data clustering examples that could help improve the efficacy of Covid-19 risk management. We’d love to hear your ideas and discuss how we can help you implement them. For further information or any questions please contact us.