The relevance of third party risk management

5 Minutes

A recent Deloitte survey on Global Extended Enterprise Risk Management (EERM) shows that most companies believe the cost of a third-party incident has at least doubled in the past five years, and with Covid-19 being declared a global pandemic, the research predicts a further increased need for investment in risk management.

The research shows that the cost of a third-party risk incident such as a supply chain failure, data privacy breach or disruption to IT would cost your organization between €470m - €940m, or more. As highlighted by Kristian Park, Deloitte Global leader for Extended enterprise Risk management “despite an increase in incidents, companies are not yet investing sufficiently in managing third-party risk”.

What makes third party risk management so relevant for companies today?


While organizations may have considerable visibility into their own ethics, compliance and risk management practices, they often have little insight into, or understanding of, the risks posed by associated businesses. These threats are heightened by today’s regulatory environment, in which world governments and enforcement agencies are increasingly holding organizations responsible for the values, ethics and business behaviors of their third-party risks.

The potential harm posed by third parties is not limited to regulatory action. The reputational damage firms can experience for associating with an unscrupulous or negligent third party can be far more substantive and lasting than regulatory fines. Businesses can also be held accountable for the past actions and prior associations of the companies they acquire. In some cases, the relationship with the offending party may not even be known to the acquiring organization, yet the damage can be far-reaching, long-term and difficult to recover from.

Third-party relationship and reliance on third parties for crucial business requirements has existed for ages, but the art of managing your risk to regulatory requirements and best practices is a relatively new business requirement. To properly align your organization with the guidelines of numerous regulatory agencies and acts (SAPIN 2, UK Bribery Act, FCPA, BaFin, etc..), you need to pursue a risk-based program that adapts to the level and nature of the risk each of your third parties represents.

Enterprises entrust the protection of their crown jewels, their customer data, their finances, their reputation, and their business availability with their third parties.

A breach of your third party is a breach of your enterprise, so you need to know:

  • Are they trustworthy?
  • Why?
  • Why not?
  • What should be done about it?
  • What level of risk they pose?
  • What is your risk-appetite?

These questions are yours to answer and act on.

What are the challenges for companies?


Organizations across the globe are exposed to critical business risks emerging from COVID-19, sanctions violations, corruption, compliance violations, payment fraud data and security breaches. To combat these risks and protect the reputation of your organization, your compliance program must be dynamic, robust and effective enough to adapt to rapidly changing conditions and threats.

Third-party risk management is hard. It requires deep transparency, strong accountability, comprehensive and secure software and effective collaboration. To keep pace, organizations are expected to employ mechanisms designed to identify whom their third parties are, understand how they do business and determine how committed they are to ethical business and people practices. Knowing and understanding your third-party ecosystem and the risk that ecosystem could present to your company should be critical process in your risk management if it is not already.

Best Practice: The Risk-Based Approach to Third Party Risk Management


All organizations are now expected to employ a risk-based approach to the development and implementation of their compliance programs. Such a risk-based approach begins by applying objective criteria to all third parties, creating logical evaluations of potential risks that can used to formulate tailored risk-mitigation strategies. Organizations identified as high-risk can then be designated for further screening, depending on the specific red flags and risk factors posed. Finally, a risk-based approach to Third Party Risk Management requires a continuous monitoring of all parties, with assessments routinely updated to reflect any “apparent violations or systemic deficiencies identified” (A Framework for OFAC Compliance Commitments, page 4).

Adopting a risk-based Third Party Risk Management program provides numerous benefits for your organization including preventing third-party misconduct, avoiding government investigations and enforcement actions, enhancing your organization’s ethical culture and extending that ethical culture to your organization’s third parties.

The first steps for your third party risk management programme


If your organization has not formalized its Third-Party Risk Management program, it is important to understand the best practices that you should be striving toward. One-size-fits-all solutions never work, as each organization has a different inherent risk profile. Your compliance program needs to reflect actual risks rather than assumptions. The first step is to gather the right stakeholders from within the organization, including the compliance team, the legal team, procurement, audit and others, so everyone can understand both the broad objectives and the organization’s unique risk profile. That profile should steer all other risk-management processes.

We would be very interested to know how you and your company are positioned regarding to third party risk management! We would therefore be pleased if you would take a few moments to complete our survey.

Please send us your answers via the contact form. Thank you very much!


1. How would you rate your Third-Party Risk Management program?

a) Proactive & Automated

b) Reactive & Manual


2. In your organization, what is the biggest challenge faced within the Compliance Team in your Third-Party Risk Management Program?

a) Automation

b) Report Time

c) Program Defensibility

d) Report Accuracy

e) Documentation

Do you still have questions about third-party topics or are you interested in a personal demo of our third party solution?

We would be happy to help you in person.

Get in contact!

Privacy Settings


Paramètres de confidentialité

Configuración de privacidad

Configurações de privacidade

Impostazioni sulla privacy

Ustawienia prywatności

Nastavení ochrany osobních údajů

Nastavenia ochrany osobných údajov

On our website we use cookies that are necessary for technical reasons, for example to save your cookie settings and, after you have provided your consent, also marketing cookies, which help us to improve our web presence and implement advertising campaigns.

In this regard, we also use technology by third-party providers (Google, LinkedIn, Microsoft), with which data processing in the USA, where there is no adequate level of data protection, cannot be excluded. IP address data is anonymised by abbreviation.

Your consent is provided on a voluntary basis and may be revoked at any time. Please note that this information applies only to our company website. In order to guarantee absolute confidentiality, we still do not use third-party provider cookies or other marketing technologies in the BKMS® Compliance System.

You can find more information in the data protection policy.

Auf unserer Webseite verwenden wir technisch notwendige Cookies, etwa zur Speicherung Ihrer Cookie-Einstellungen und, nach Ihrer Einwilligung, auch Marketing Cookies, die uns helfen, unseren Internetauftritt zu verbessern sowie Werbekampagnen durchzuführen.

Dabei nutzen wir auch Technologien von Drittanbietern (Google, LinkedIn, Microsoft), bei denen eine Datenverarbeitung in den USA, wo kein angemessenes Datenschutzniveau gewährleistet ist, nicht ausgeschlossen werden kann. IP-Adressdaten werden durch Kürzung anonymisiert.

Ihre Einwilligung ist freiwillig und jeder Zeit widerrufbar. Bitte beachten Sie, dass dieser Hinweis nur für unsere Unternehmenswebseite gilt. Zur Gewährleistung absoluter Vertraulichkeit verwenden wir im BKMS® Compliance System weiterhin weder Drittanbieter-Cookies noch sonstige Marketing Technologien.

Weitere Informationen finden Sie im Datenschutzhinweis.

Sur notre site web, nous utilisons des cookies techniquement nécessaires par exemple pour enregistrer vos réglages en matière de cookies et, après avoir reçu votre consentement, également des cookies de marketing qui nous aident à améliorer notre présence sur Internet et à réaliser des campagnes publicitaires.

Nous utilisons aussi des technologies de fournisseurs tiers (Google, LinkedIn, Microsoft) au cours de l’emploi desquelles ne peut être exclu un traitement des données aux États-Unis, pays où aucun niveau raisonnable de protection des données n’est garanti. Les données d’adresse IP sont tronquées pour les anonymiser.

Votre consentement est facultatif et révocable à tout moment. Veuillez noter que cette remarque ne vaut que pour notre site web d’entreprise. Pour garantir une confidentialité absolue et comme par le passé, nous n’utilisons dans le BKMS® Compliance System ni cookies de tiers ni technologies de marketing diverses.

Vous trouverez d’autres informations dans l’avis relatif à la protection des données.

En nuestra página web utilizamos cookies técnicamente necesarias, como las que se usan para almacenar sus ajustes de cookies, y, tras recabar su consentimiento, utilizamos también cookies de marketing que nos ayudan a mejorar nuestro sitio web y a llevar a cabo campañas publicitarias.

Para ello, hacemos uso también de tecnologías de terceros (Google, LinkedIn, Microsoft), en cuyo caso no se puede descartar que el tratamiento de datos se lleve a cabo en los EE. UU., donde no se garantiza un nivel adecuado de protección de datos. Los datos de las direcciones IP se anonimizan mediante acortamiento.

Su consentimiento es voluntario y puede ser revocado en cualquier momento. Tenga en cuenta que este aviso solo es de aplicación para la página web de nuestra empresa. Para garantizar una confidencialidad absoluta, en el BKMS® Compliance System no utilizamos cookies de terceros ni otras tecnologías de marketing.

Puede encontrar más información en el aviso de protección de datos.

Na nossa página de internet, utilizamos cookies necessários do ponto de vista técnico, por exemplo, para o armazenamento das suas definições de cookies e, após a sua autorização, também cookies de marketing que nos ajudam a melhorar a nossa presença na internet , bem como a realizar campanhas publicitárias.

No processo utilizamos também tecnologias de outros fornecedores (Google, LinkedIn, Microsoft), nos quais não é possível excluir um tratamento de dados nos EUA, onde não é garantido um nível de proteção de dados adequado. Os dados do endereço IP são anonimizados através de redução.

A sua autorização é voluntária e revogável em qualquer altura. Por favor, tenha em consideração que esta mensagem só é válida para a página de internet da nossa empresa. Para garantir absoluta confidencialidade, continuaremos a não utilizar no BKMS® Compliance System nem cookies de outros fornecedores nem outras tecnologias de marketing.

Encontrará mais informações no aviso relativo à proteção de dados

Sul nostro sito web utilizziamo cookie necessari dal punto di vista tecnico, ad esempio per salvare le impostazioni dei cookie e, se l'utente ha fornito il suo consenso, utilizziamo anche cookie di marketing che ci aiutano a migliorare il nostro sito web e realizzare campagne pubblicitarie.

A tale scopo, utilizziamo anche tecnologie di terze parti (Google, LinkedIn, Microsoft) per le quali non è possibile escludere il trattamento dei dati negli Stati Uniti, dove non è garantito un livello adeguato di protezione dei dati. I dati dell'indirizzo IP vengono resi anonimi mediante abbreviazione.

Il consenso dell'utente è volontario e revocabile in qualsiasi momento. Questo avviso si applica solo al nostro sito web aziendale. Per garantire la massima riservatezza, non utilizziamo nel BKMS® Compliance System né cookie di terze parti né altre tecnologie di marketing.

Maggiori informazioni sono disponibili nell'informativa sulla protezione dei dati.

Na naszej stronie wykorzystujemy niezbędne technicznie pliki cookie, np. do zapisywania ustawień cookie, oraz – po wyrażeniu zgody, również cookie marketingowe pomagające nam ulepszać naszą witrynę internetową oraz prowadzić kampanie reklamowe.

Wykorzystujemy przy tym również technologie od dostawców zewnętrznych (Google, LinkedIn, Microsoft), w przypadku których nie można wykluczyć przetwarzania danych na terenie USA, gdzie nie jest zapewniony dostatecznie wysoki poziom ochrony danych. Adresy IP są anonimizowane poprzez skrócenie.

Udzielana zgoda jest dobrowolna i można ją odwołać w dowolnym momencie. Prosimy pamiętać, że ta informacja dotyczy całej naszej strony. Dla zapewnienia pełnej poufności w BKMS® Compliance System nadal nie stosujemy plików cookie dostawców zewnętrznych ani innych technologii marketingowych.

Więcej informacji można znaleźć w informacji o ochronie danych.

Na našich webových stránkách používáme technicky nezbytné soubory cookie, například k uložení vašeho nastavení souborů cookie, a s vaším souhlasem také marketingové soubory cookie, které nám pomáhají vylepšovat naše webové stránky a provádět reklamní kampaně.

Při tom používáme technologie třetích stran (Google, LinkedIn, Microsoft), u nichž nelze vyloučit zpracování dat v USA, kde není zaručena adekvátní úroveň ochrany dat. Data IP adresy jsou anonymizována zkrácením.

Váš souhlas je dobrovolný a můžete jej kdykoli odvolat s účinkem do budoucna. Vezměte prosím na vědomí, že toto upozornění se vztahuje pouze na webové stránky naší firmy. Abychom zajistili absolutní důvěrnost, v systému BKMS® Compliance System nadále nepoužíváme žádné soubory cookie třetích stran ani jiné marketingové technologie.

Další informace naleznete v informacích k ochraně dat.

Používame technicky potrebné súbory cookies, napríklad na úschovu vašich nastavení cookie, a s vašim súhlasom tiež marketingové súbory cookies, ktoré nám pomáhajú zlepšovať našu webovú stránku a uskutočňovať reklamné kampane.

Používame tiež technológie od tretích strán (Google, LinkedIn, Microsoft), pre ktoré nemožno vylúčiť spracovanie údajov v USA, kde nie je zaručená primeraná úroveň ochrany údajov. Údaje IP adresy sú anonymizované skrátením.

Váš súhlas je dobrovoľný a je možné ho kedykoľvek odvolať. Upozorňujeme, že toto oznámenie sa týka iba webových stránok našej spoločnosti. Aby sme zaistili absolútnu dôvernosť, v BKMS® Compliance System naďalej nepoužívame súbory cookies tretích strán ani iné marketingové technológie.

Ďalšie informácie nájdete v oznámení o ochrane osobných údajov.

Show detailed settings Ausführliche Einstellungen anzeigen Montrer des paramètres détaillés Mostrar configuración detallada Apresentar configurações detalhadas Mostra le impostazioni dettagliate Pokaż szczegółowe ustawienia Zobrazit podrobná nastavení Zobraziť podrobné nastavenia Hide detailed settings Detaileinstellungen ausblenden Cacher les paramètres détaillés Ocultar los ajustes detallados Apresentar configurações detalhadas Nascondi le impostazioni dettagliate Ukryj szczegółowe ustawienia Ukryj szczegółowe ustawienia Ukryj szczegółowe ustawienia