Financial Services Ireland

Third party risk management and the impact of Covid-19

Read More



Third party risk management and the impact of Covid-19

Third party risk management is relevant across all financial services sectors considering broad dependencies on third parties – whether vendors, suppliers, cloud service providers, FinTechs, BPO or intra-group arrangements with entities in other countries supporting key services.  The regulator has recently been very strong on this topic, performing a range of supervisory, inspection and thematic reviews.  With Covid-19 having a huge impact on global third-party supply chains, it’s more important than ever to risk assess the ability of third parties to continue to support critical functions. The key topics are summarised here and for more information, download our latest thought leadership using the button below.

Understand the key challenges for third party risk management

These challenges can be divided into three key areas: third-party operational resilience, third-party financial resilience, and data security. They include difficulties in obtaining a broad third-party universal view to fully understand dependencies and vulnerabilities, and growing concerns over data security or data leakage due to third parties moving to remote working and access.

Be proactive and take immediate action

Immediate actions required include evaluating critical relationships for technology infrastructure challenges and financial health concerns, and analysing critical global dependencies and locations as countries go into and out of lockdown scenarios.

Ask  key questions about third-party resilience including:

  • Can you map your key third parties to impacted jurisdictions and industries?
  • Do you know, talking to relationship managers, IT and facilities, which services you can’t afford to lose?
  • Are you clear which of your third parties perform any part of a critical economic function?

Plan, assess, respond and monitor

Conduct an assessment in three phases:

  • Plan: This includes identifying and prioritising third parties that provide critical services to a client’s organisation and leveraging third party risk management technology.
  • Assess: This includes assessing business continuity planning and security event management.
  • Respond and monitor: This includes evaluating third parties and developing recommendations based on those evaluations.

Look longer term

The focus is on execution now – but you also need to prepare for the next and beyond:

  • Now: Impact assessments for areas such as remote work and security operations.
  • Next: Testing to assess remote infrastructure and capabilities.
  • Beyond: Enhancing third party risk management frameworks through enhanced awareness, reporting, technology and collaboration, learning from Covid-19.

Explore our latest insights and thinking to support you in leading through these volatile times, and reach out if you have any questions.

Jerry O’Sullivan

Associate Partner, Risk Advisory
Jerry's Full Profile



Third party risk management

COVID-19 impact on third party resilience





More Topics