.gif?width=1920&name=Sample-Graphic-Animation%20(1).gif)
Available on
Podcast Transcript
In this 90-second podcast, you’re going to learn a few reasons why we believe it’s best to keep your third-party risk management program independent of the lines of business.
We have a team of third party risk officers who consult on best practices like this every day.
Third party risk should be independent of the lines of business, or departments, and depend on the hierarchy that has been decided and implemented into your policy documentation. And, third-party risk should report to the board of directors or the organization’s risk committee.
Here are 3 reasons why:
First, this means that third party risk is the primary focus for the group and decisions are made that will best align with the organization’s strategic goals, not a specific department.
Second, by including or reporting to the board, this means you can check off an important regulatory requirement, which is active involvement by the board - per OCC Bulletins 2013-29 and 2017-7.
Third, everyone involved will have an opportunity to share their opinion regarding vendors. Third-party risk management will have an equal say or vote in what gets decided at meetings rather than drowned out by a line of business.
By keeping third-party risk management independent, you’re ensuring that the decisions are as non-bias as possible and are also in the best interest of the organization and customers.
Thanks for tuning in; catch you next time!
