A Third Party Management Framework

The Situation and Challenges

XCF were engaged to implement a Third-Party Risk Management (TPRM) module of a major GRC platform; the client was an international PE backed Financial Services organisation.  XCF understood that the client had policies and process in place supporting the end-to-end processing of Third Parties however the module was required to enable processes to be scaled and some outlying elements of the organisation to be fully integrated.

Following mobilisation for the engagement it became apparent that the quality and maturity of policies, process and data across the firm were deficient.  The situation required

(i) delivery of appropriate policies,

(ii) clarification of roles and responsibilities to establish appropriate processes and governance

(iii) identification of data sources to clarify the number,  ownership migration approach and to start reporting on current Third Parties.

Deficiencies  existed not only in the Third-Party Risk space but across the whole Third-Party Management lifecycle; these deficiencies compromised progress with the implementation of the TPRM Module.

What XCF Consulting Did

XCF escalated and communicated the situation within the organisation suggesting they :-

• Be honest about the situation, create a Business Case and gain buy-in – a Business Case  was created to define the situation and challenges and establish more appropriate resources, funding and mobilisation within the firm. The observations raised by XCF were previously raised by Audit and there was concern about regulatory scrutiny, notwithstanding Business Case funding was very restricted due to other business commitments.

  
  

• Engage appropriately skilled resources – the breadth of work required additional resources with broader skills, the project was a transformation not purely a module implementation. Additional change resource was made available to be supported by mobilised specialist from BAU roles availability permitting.

  
  

• Establish a Roadmap – a review was undertaken using the XCF Third Party Management (TPM) Framework. The framework would be used to  (i) communicate a baseline of a typical TPM Framework and Lifecycle;(ii) gauge the current maturity and state of the organisations third-party management lifecycle; (iii) establish areas for prioritised work (iv) shape the longer-term roadmap and future funding; (v) create a framework to communicate the directional outcome for the organisation.

Value Delivered

XCF collaborated with the firm on the business case and the communication around the resource mobilisation. The use of the TPM Framework established:-

• Clearer understanding and plans – the framework created context for broader understanding and alignment on terminology allowing the various firm wide participants to establish a shared understanding, vision and agreement on priorities.

  
  

• Expedited Business Value – the planning exercise triggered an organisation-wide exercise to collate Third-Party data and the roles associated with the Third-Party (e.g. owner, relationship manager). The data collation enabled a live Road Test of the Third-Party Risk Module to be expedited so technology enabled business value started to be established.

  
  

• Credible material – was created that reflects the firm has a clear understanding of any deficiencies, has a directional strategy, has prioritised any urgent and acute issues, and had plans in place move forward. This material help mitigate Audit and possible regulatory issues to help mitigate audit and possible regulatory issues.

The TPM Framework can be used in a variety of ways please do make contact if you wish to discuss further.