Determining the Risk of Critical Third Parties

Leveraging third parties can lead to significant efficiencies, but it is not without risk. This session will explore criteria used to establish inherent risk and provide approaches for assessing a critical third-party relationship. Panelists will share the results of a recent Shared Assessments Critical Third-Party Survey covering TPRM processes including: Risk Tiering Techniques; Inherent Risk Criteria; Critical Third Party Criteria; Number of Critical Third Parties and Assessment Timeframe Approvals. Additionally, panelists will highlight work being done by Shared Assessments members on an Inherent Risk Product. Note: You can review our Corporate Due Diligence blog and download our responses to regulation enhancements requested by: • Prudential Regulatory Authority - Operational Resilience: Critical Third Parties to the UK Financial Sector; • NYS- Department of Financial Services - Cybersecurity Requirements; • Security Exchange Commission - Rule on Outsourcing by Investment Advisors