Tech vendors see rise in TPRM investment as liquidity strains remain

Tech vendors have encountered a surge in Third-Party Risk Management (TPRM) investment as a result of the pandemic, according to Steven Minsky, CEO and founder at LogicManager.

“Coronavirus amplified all risks across organisations – risks that were already there before the pandemic. What’s happening is that they are discovering where these fault lines are, where these weaknesses are within the organisation. Supply chains are interconnected, and their organisation survival is dependent on that.”

“We’ve seen an increase in investment in third-party risk management. Companies have been forced to adjust their business models overnight due to the crisis, and often this involves working with new third-party vendors,” said Jake Olcott, vice president of government affairs at BitSight, via email.

Deloitte’s Extended Enterprise Risk Management (EERM) survey – conducted prior to the crisis – reveals that third-party incidents including supply chain failure, data privacy breach or disruption to IT services, can cost up to $1bn (£767m) per incident for multinationals.

“Very few organisations are vertically integrated, they are doing the entire value stream by themselves. If any of the steps in the value process gets disrupted, the entire value gets disrupted,” explains Minsky.

“Being unable to provide your product or service and the timeframe the customer expects means that that dollar will likely find itself moving to a competitor.”

TPRM is now at the forefront of companies’ agenda due to supply-chain disruption caused by the crisis, according to Kristian Park, risk advisory partner at the firm and author of the report.

“As awful as it’s been from a human perspective it’s been a real business case eye-opener for several organisations in terms of understanding how much or how little they knew of the risks of the supply chain, and what more they needed to do and investment,” he says.

Like the 2008 crisis, liquidity remains a big issue for firms’ treasury today, which is why investment in TPRM is crucial to tackling supply-chain disruptions, according to Park.

“Liquidity is a big issue. If I go back to 2008-2009, where we saw the recession at the time, we found that companies were beginning to need to invest in organisations to keep them afloat for suppliers to keep them afloat and to continue delivering their products,” he says.

“We’re seeing something similar here. We’re seeing capital being tied up in orders not being delivered and that’s causing cash flow issues.”

Olcott believes organisations today are enhancing their TPRM.

“Organisations continue to improve their third-party risk processes. There’s still more work to do when it comes to partnering and engaging with third parties to improve their risk management efforts, and then tracking those efforts over time. TPRM isn’t a compliance exercise — the goal is to get your partners to improve so it reduces your risk,” he said.

Minsky, however, says businesses at still unprepared when it comes to tackling third-party failures.

“No, we’re not seeing companies being fully prepared. However, with that said, the customers we helped during the 2007 recession and the 2009 pandemic came into the first wave much better prepared than others.”

Deloitte’s research shows that 30 percent of listed companies surveyed believe share prices could fall by 10 percent or more as a result of a third-party incident.

Firms looking to maintain their efficiency in the supply chain are also investing in TPRM tech, explains Park.

“It’s about efficiency in the supply chain, driving that cost base – driving companies to have a leaner supply chain, a more cost-effective supply chain, and finally having the right management information to make decisions quickly.”

On top of that, companies failing to invest in TPRM could face reputational risk, according to Minsky.

“It always comes back to reputational risk. If you fail your customer, they don’t want to know whether it’s your organisation’s failure or your vendor’s failure. As far as they’re concerned, they were relying on you.”

For those that will face third-party failures, the biggest challenge will be to provide an immediate response.

“How do they, as an organisation, ensure continuity of supply? Somebody is going back to the supply chain or somebody having product quality issues or somebody’s having a data breaches, what they need to try and understand is how to keep their customers happy and the supply chain alive,” says Park.