As Operational Risk Management (ORM) leaders are rapidly establishing dedicated Technology Third Party Risk Management organizations, they are being challenged by their executives to address the accelerated pace of Digital Transformation. The need is to establish process, procedures, terms and assessments necessary to effectively assess risk of digital technology adoption, such as FinTech, while satisfying regulator expectations.
To be truly effective, Enterprise and Operational Risk leaders must seize the opportunity to establish themselves as strategic facilitator of the digital agenda. By doing so, ORM leaders reduce the strain on their organizations and enable improved focus and execution. Consider these steps to enable a comprehensive and effective Digital TPRM program.
1. Facilitate a focused Digital Transformation dialogue across leadership
- Include Corporate Executives, Business, Product, Procurement, Audit, Technology leaders to establish a common vision.
- Get clarity – move beyond technology to specific third parties in each area of category
2. Bring this detailed message to the operational leaders in each functional area.
- Drive alignment between executive vision and operational execution
- Challenge third party non-conformance
3. Clarify ‘risk must-haves’ for third parties to establish Minimum Viable Risk (MVR) tolerance
4. Establish process by which third parties are engaged with defined roles and responsibilities
5. Create frequent reporting to enhance transparency, status, gaps and corrective measures
Creating a dedicated Digital TPRM program separate from or a sub-set of the Technology TPRM will create the focus necessary for ORM leaders to meet accelerating business time expectations with identified risk.