When Vendor And Supplier Risk Becomes Your Own
Companies are being held accountable for the actions of their suppliers. Under the broad notion that activities can be outsourced, but responsibility can’t, the CFPB and other regulators are holding companies responsible not only for their own actions but also for those of their vendors and suppliers. The new regulatory thrust poses a big challenge for companies because some of them have a limited perspective on their suppliers’ interactions with customers. The largest companies can have close to 50,000 suppliers. A significant number of vendor relationships are not closely managed, and some carry hidden risks.
The scope of regulatory oversight broadening to include the consumer, many firms are underprepared. But since companies must bear the responsibility for their suppliers’ misdeeds, they must improve the way they manage these relationships. A new approach can help to identify and manage sources of third-party risk. Are you doing it?
- Are you doing a comprehensive catalog of third-party risks?
- Are you doing a risk-based segmentation of suppliers?
- Are you doing a rules-based due-diligence test during vendor onboarding?
- Are you doing a disciplined governance and escalation process during breach?
Risks from vendors and suppliers pose a significant challenge to companies. A systematic approach to managing those risks can lower costs and help C level executives present a coherent approach to all key stakeholders, including regulators.