Third-party risk management (TPRM) and vendor oversight have always been a vital necessity for companies.
But conducting vendor evaluations is a time-consuming, expensive process, especially for organizations subject to stringent regulations and limited resources. Now, with the COVID-19 outbreak, they’re more critical than ever, yet they’re even more challenging. COVID-19 is forcing companies to quickly alter the way they find and vet vendors at a time when social distancing is the law of the land.
COVID-19 is no doubt the most significant health risk the world has seen in modern times. Not only are billions of people at risk, it’s also bringing a massive number of companies to a standstill or at least dramatically curtailing their ability to conduct business. The first priority for companies has been to protect the health of employees and customers. The second has been determining how they can continue to deliver services and products to customers during these challenging times.
Redefining the method of evaluating vendor partners
The current outbreak has redefined the methods in which vendor managers, procurement specialists and risk managers evaluate supply chains and how preferred vendor partners provide goods or services. Many companies, not just new vendors, are also reassessing existing networks. In the past, most companies didn’t have staff in place to manage these tasks. It isn’t getting any better now that companies are downsizing because of the expected impact of COVID-19 on sales and the economy.
Companies have always focused on vetting vendors for performance and security, but these days they have health concerns to consider as well.
Companies have always focused on vetting vendors for performance and security, but these days they have health concerns to consider as well. It is a whole new level of TPRM. While business continuity planning isn’t a new discipline to TPRM, with the current crisis, the scope of what to look for has expanded to include pandemic response initiatives. This is especially true for vendors that directly interact with customers, borrowers and other third parties.
Managing third-party risk requires expertise and technology
Security also becomes an even bigger issue with a dramatic increase in companies conducting businesses online as operations and workforces go remote worldwide. This creates a more significant risk as digital information sharing grows exponentially. Therefore, verifying the security level of all applications vendors use continues to be a major part of mitigating vendor risk. That alone involves an even deeper dive into third-party operations.
Managing third-party risk obligations effectively requires both expertise and technology. While larger companies may have the resources in-house to fulfill security, health and all other necessary risk assessments, most mid-size to smaller organizations don’t. So, how do they maintain service stability and vendor trust? With staff stretched thin, several companies are now looking to outsource vendor oversight responsibilities to third-party service providers.