Third-Party Risks – What You Need To Know

Third-Party Risks – What You Need To Know

If and when something goes wrong, your customers will look to your organization first and foremost for a resolution. Even though your business invests time and resources to manage and mitigate risk, third-party risks are complex and often only come to light after a disaster strikes or a significant business interruption event happens. For example:

• “A supplier’s factory collapses killing hundreds of workers, some of them children.
• Thousands of customers’ credit card information and other personal financial records are hacked after a third-party is granted access to an organization’s network.
• A major product recall needs to be launched when the organization discovers that a supplier used contaminated materials.”¹

According to a new whitepaper by Deloitte, there is much to understand when it comes to third-party risk. In fact, “a recent Deloitte global survey of 170 organizations found that 87 percent of respondents faced a disruptive incident with third-parties in the last two to three years.”²

Boards and business leaders are recognizing that a holistic approach to risk management involves looking beyond the immediate organization to the activities of their trusted suppliers. Third-party risks can take on many forms “including third-parties’ health, safety and environmental practices, compliance with labour laws and other regulatory requirements, use of intellectual property, practices around the sourcing of raw materials, corruption and more.”³

How To Manage Third-Party Risks

The bigger an organization is, the better the chance is for third-party risks to remain hidden. Across Canada, boards are often taking the lead and ensuring that businesses proactively manage specific risks associated with third-party activities. According to Deloitte, a few ways and means of doing so can include:

• Looking at “where risks are concentrated in terms of suppliers, products, commodities, geographies and other factors. In areas of extreme concentration, organizations should consider diversifying their third-party relationships.”⁴
• Ensuring that your organization’s insurance coverage is sufficient to protect the organization in the event of a major failure at a third-party.”⁵
• Creating “standards and expectations around key practices to which [third-parties] are expected to adhere. An organization should also include provisions in its contracts that describe the type of validation, monitoring, testing and other assurances that the organization may require to confirm that third-parties are meeting these standards.”⁶

Talk To Us About Third-Party Risk

If not already, putting third-party risk assessment on your boards’ and/or leaders’ agenda is an important first step. Our advocates can help you determine any coverage gaps with your current insurance policies as they relate to third-party risk as well as provide guidance on how to fill them.

To learn more about ALIGNED, our commitment to providing insurance expertise and the best insurance products or solutions, talk to one of our advocates today. We can help you secure the best products, services and solutions for your business.

Source: ^1,2,3,4,5,6 Deloitte “On the board’s agenda. Extended enterprise risk management” May 2016