Third Party Risk Management

Valorant can help implement a robust Third Party Risk management program at your firm.

  • In the last few years, the news has been filled with instances of cyber attacks and security breaches, regulatory fines, legal actions against top-level executives and reputational damage caused by third-party data breaches. These have become board level issues for every single Financial Services firm. The C-Suite has a growing concern for ensuring that all third parties have been properly vetted and they are ultimately accountable to ensure that there are no vulnerabilities with their supply base.
  • Third parties pose numerous risks for Financial Services organizations. Some of the key risks which they need to consider include cyber, reputational, regulatory, operational and privacy. The risk can increase depending on how Financial Services use these third parties. If a supplier has access to policyholders’ personal identifiable information (PII) and their systems get hacked, all of the policyholders’ personal information is compromised. This can cause irreparable damage to the organization's brand reputation and could lead to fines in the tens of millions of dollars.

Third party risks for financial services organisations

Cyber and Privacy Risk

An organization’s data is lost or security is compromised due to deficiencies in the cybersecurity and privacy controls of the third party.

Regulatory and compliancy Risk

Supplier fails to comply with required regulations, causing the client’s organization to be non-compliant

Digital Risk

Risks that stem from a third party’s digital business processes

Reputational Risk

Negative impact to a company’s brand and reputation due to the occurrence of certain events at the third party

Financial Risk

Third party cannot continue to operate as a financially viable entity, hence causing a disruption in the client’s core business.

Geopolitical Risk

Legal, regulatory, political and socio-economic repercussions of working with a third party that does business in a particular country

Valorant recommends a five step process to set up a third party risk management program


Establish a Governance Structure

  • Establish a robust governance structure with engagement from the board and C-Suite so that sound risk management practices are embedded into the organization’s culture. The tone needs to be set from the very top. TPRM governance defines the vision of the organization’s TPRM capability and provides direction for the execution.

Identify all the third parties who you are currently working with

  • Identify, categorize and assess your existing third-party population to effectively manage your third-party inventory. Not all third parties are the same; segmentation allows organizations to prioritize their efforts and ultimately helps in guiding how vendors should be managed from a risk perspective. This third-party inventory needs to be maintained as it is constantly changing, with third parties being added and removed or services expanding and reducing.

Establish a defined risk approach and model

  • Adopt risk models according to your organization’s risk appetite and culture. Determine the level of risk your organization is willing to take. As organizations develop a clear view of their third-party landscape through a robust inventory, it is important to differentiate among third parties based on risk and understand what further actions organizations may need to take to remain protected.

Implement TPRM policies and standards

  • These should outline the purpose and phases of the TPRM framework and define the roles and responsibilities of all the key stakeholders. It is vital for all stakeholders to understand their responsibilities when engaging a third party, the risks associated with doing business with an external party and the consequences of not complying with the organization’s policies and standards to achieve effective TPRM execution.

Establish and execute TPRM processes

  • Most organizations focus on risk management activities during the due diligence and monitoring phases. However, organizations need to embed TPRM activities across the third-party risk management life cycle.


Interested in learning more about how Valorant can help your organization strategically reduce your 3rd party spend, as well as manage vendor-related risk? Reach out to us now