Global SRN and our member companies are sponsoring an industry survey on the impact of intelligent automation and data analytics on TPRM operations. The questionnaire is live at this time and we are very excited to share response has been very strong.
If you are part of the TPRM, enterprise or operational risk community, please invest the time to share your opinion and insights. Global SRN, our member firms and our 15 Community Partners will be making the full survey results available at no cost so we all benefit!
Global SRN is currently leading a significant market research program on the ‘Impact of Intelligent Automation and Data Analytics on TPRM Operations’. As the leader of this program, I am in the fortunate position to consolidate the input from our 30 TPRM leaders who comprise the Advisor Team and the now 15 Community Partners. Last week I shared the insight pertaining to the skill challenge impacting TPRM operations. I want to share a second observation concerning FLOD structure.
We have received a tremendous amount of comment on the subject of TPRM FLOD structure. What should be a straight forward 3-tier structure, continues to be an area of confusion and exposure across a surprising number of those providing survey input.
Questions are typically in 2 primary areas:
If your FLOD is ‘centralized’:
How do you make certain your associates are integrated and viewed as a contributor by the line of business team?
Are they ‘risk-skilled’ – ‘expert in the assigned LOB’ – Both?
If your FLOD is ‘decentralized’:
Do the associates report to the SLOD organization or LOB?
Is FLOD activities executed by a full-time associate or are task assigned to existing LOB staff such as vendor management?
How do you ensure the FLOD activities are viewed as core versus optional?
Both approaches CAN produce the desired and required results IF LOB leaders and risk leaders work together to carefully identify roles, responsibilities, task and activities. While it is no small undertaking, this extra effort always produces positive results.
In my role with Global SRN, I am leading a major market research program to identify the impact Intelligent Automation and Business Analytics is having on current TPRM operations. We are very pleased to share that in all we have 30 TPRM Executives from large global financial organizations, 13 TPRM community partners and 3 academic partners helping develop, distribute and interpret the research results.
As I speak with leaders in each of these areas of the TPRM community, a consistent theme has emerged: TPRM organizations are struggling to secure the skills necessary to support todays operations and are highly concerned about the ability to identify and attract the skills necessary to transform their operations to meet business and regulatory demands. The core issue being how to evolve a community of operational risk professionals from a ‘rule-based’ orientation to a ‘judgment-based’ capability.
With the adoption of Business Analytics and Intelligent Automation, TPRM leaders will require First Line of Defense teams that understand the dynamics of their assigned Line of Business combined with analytical skills to quickly identify patterns and irregularities to take proactive measures. With the population of FLOD associates today primarily having operational risk backgrounds, there is likely a significant re-alignment on the horizon.
The team at Global SRN (www.globalsrn.org) is pleased to announce the formal kick-off of the research program ‘Impact of Intelligent Automation & Data Analytics on TPRM Operations’. A true community effort, Global SRN has formed an Advisory Panel of leading TPRM executives along with Academic Partners such as Carnegie Mellon and Community Partners such as KPMG, EY, Grant Thornton, Rapid Ratings, Aravo, WorkFusion and other TPRM participants to develop a comprehensive insight to this emerging issue. If you’re interested in joining the team, please let me know!
There are multiple operational ‘Maturity’ assessments promoted throughout the Third Party Risk Management community. Each offers a unique perspective and definite orientation on which operational capability and maturity is measured. What most of these assessments seem to have in common, is a mature TPRM organization (Level 4 & Level 5) introduces analytics to their operation.
Currently, the data captured in TPRM & GRC platforms is basic, essential data points. Much of which has been developed to meet or satisfy regulatory requirements. What happens when we take a fresh look at the information TPRM can collect and maintain with an eye toward business value?
Collaboration between IA platform providers, GRC & TPRM platform providers, data feed and dynamic reporting partners and implementation partners offers significant potential to help TPRM and GRC leaders unlock value. Global SRN (www.globalsrn.org) has initiated a research program with Academic and Market partners to facilitate this interaction. If this is an area of interest, please leave a comment in TPRM Forum’s Contact page and we will respond.
The Global Sourcing Research Network (www.globalsrn.org) announces the formation of the TPRM Sub-committee to support members increasing focus and engagement with vendor risk. The initial focus of the TPRM sub-committee is the introduction of a market research effort to identify emerging use case of Intelligent Automation in Third Party Risk Management operations.
As a market survey, Global SRN will engage Academic and Community partners to participate in design, execution and analysis of the results. The goal being to identify current and emerging IA use cases and document best practices to benefit TPRM operations. Potential Academic Partners include Carnegie Mellon University, NC State and others. Community Partners will feature leading Intelligent Automation firms, Governance, Compliance & Risk (GRC) platform, managed service and consortiums as well as advisory firms.
If you are interested to learn more about the Global SRN TPRM sub-committee, please visit Global SRN or TPRM Forum.
Thank you to the 114 risk professionals who completed the IT-TPRM.com survey on the impact of Digital Transformation on TPRM operations. The survey is now closed and we have initiated analysis of the results but wanted to share the typical profile or average demographics of the respondent.
Respondents to the IT-TPRM.com survey are:
Members of their TPRM organization
Work in the banking and capital market segment
On average, have $100 billion assets under management
Is being impacted by digital transformation
Cloud is the leading digital technology impacting operations
Primary operational focus is accelerating support of business operations
Most concerned about identifying 4th and 5th parties for business continuity
Believes regulators will increasingly focus on capacity and concentration of third parties
We will release final survey results and analysis next week!
Responses continue to stream in for the IT-TPRM.com survey on the impact of Digital Transformation on TPRM operations. We remain on track to share the full survey Mid-June!
The survey ask respondents to identify the digital technology dynamics impacting their organization currently or in the coming 12 months. To no surprise, Cloud, Cybersecurity & Automation are consistently identified as the technologies of greatest impact. The surprise so far is how low Blockchain is trending as a key area of focus for TPRM leaders.
At the recent RMW GCOR conference, during the regulator panel they stated the areas of great focus and interest is Cloud, Automation & Distributed Ledger (Blockchain). Are TPRM leaders not seeing what is emerging on the horizon or not clear as yet how it will impact their operations? Share your thoughts! Please take 3 1/2 minutes to take the survey.
As Operational Risk Management (ORM) leaders are rapidly establishing dedicated Technology Third Party Risk Management organizations, they are being challenged by their executives to address the accelerated pace of Digital Transformation. The need is to establish process, procedures, terms and assessments necessary to effectively assess risk of digital technology adoption, such as FinTech, while satisfying regulator expectations.
To be truly effective, Enterprise and Operational Risk leaders must seize the opportunity to establish themselves as strategic facilitator of the digital agenda. By doing so, ORM leaders reduce the strain on their organizations and enable improved focus and execution. Consider these steps to enable a comprehensive and effective Digital TPRM program.
1.Facilitate a focused Digital Transformation dialogue across leadership
Include Corporate Executives, Business, Product, Procurement, Audit, Technology leaders to establish a common vision.
Get clarity – move beyond technology to specific third parties in each area of category
2.Bring this detailed message to the operational leaders in each functional area.
Drive alignment between executive vision and operational execution
Challenge third party non-conformance
3.Clarify ‘risk must-haves’ for third parties to establish Minimum Viable Risk (MVR) tolerance
4.Establish process by which third parties are engaged with defined roles and responsibilities
5.Create frequent reporting to enhance transparency, status, gaps and corrective measures
Creating a dedicated Digital TPRM program separate from or a sub-set of the Technology TPRM will create the focus necessary for ORM leaders to meet accelerating business time expectations with identified risk.
Global Banks and Financial Institutions are under severe pressure to reduce operating cost while at the same time deliver on a Digital Transformation agenda that enhances customer experience and produces new revenue streams through expanded product offerings. To meet this challenge, these organizations are increasingly turning to Automation (RPA/AI) to gain operational efficiency and FinTech platforms to satisfy their digital agenda; both introduce incremental risk to their enterprise risk profile.
This dynamic is forcing Enterprise and Operational Risk leaders to re-think the treatment of technology third parties. As technology solutions have expanded beyond IT and are engaged across operations, Technology Third Party Risk Management first line and second line teams are being challenged to move beyond vulnerability and resilience to address the full spectrum of an expanded technology portfolio. To do so, FLOD and SLOD will need to be dedicated, multi-discipline teams. FLOD focused on collaboration across key internal parties with SLOD providing oversight and coordination with Audit, Compliance and enterprise leaders.
Working closely with procurement, Technology TPRM leaders need to establish clear positions on Right of Survivorship, Change in Ownership, Termination and other likely events when dealing with micro-venture backed companies. This will enable rapid contracting establish consistent risk categorization and support regulator expectations.