2 min read
Establishing a Single Source of Truth for Third-Party Risk in Financial Services
Philip Ideson : August 4, 2024
“What’s interesting in financial services is that third-party risk management is very different than supplier risk management. When a financial institution looks at risk, they look at the risk at the relationship level, not just at the supplier level.” – Arnaud Malardé, Director of Product Marketing, Ivalua
In the highly-regulated financial services industry, managing third-party risk is non-negotiable.
For procurement, it is a high-stakes endeavor that can make or break operational success. In a recent Art of Procurement webinar, Kelly Barner spoke with Arnaud Malardé, Director of Product Marketing at Ivalua, and Vivek Jayaraj, Managing Director at Deloitte Consulting LLP, about the importance of establishing a single source of truth in order to successfully navigate third-party risk.
Without a single source of truth, institutions face increased difficulty in accurately assessing overall supplier risk, challenges with compliance, an inability to accurately calculate total spend with any one supplier, and inefficiencies in supplier relationship management.
In this discussion, they explore how procurement can look beyond the supplier-level and access a single unified and reliable view of what Arnaud calls “deep relationship information.” This includes information data around contracts, suppliers, orders, invoices, and any other relationship-defining information.
According to Arnaud, “If you want to have this single view, you have to have two things right – you need to have a single repository for suppliers and a single repository for contracts.” This nuanced approach requires a comprehensive view of all interactions and supplier data so that nothing gets lost or overlooked.
Looking at third-party risk through a three-tiered lens can also help procurement have a more tightly integrated repository of suppliers and, ultimately, a single view of each supplier across all business systems and tiers. Here’s how Vivek breaks down the three tiers needed to achieve that single source of truth for supplier data management:
Tier 1: ERP Systems
- Accounts payable
- Basic supplier information
Tier 2: Source-2-Pay Systems
- Sourcing and contracting
- Vendor performance management
- Supplier onboarding
Tier 3: Governance and Risk Systems
- Specific governance and risk data
- Integrated data from third-party sources
The key here, said Vivek, is to achieve tight integration across all the data tiers, which then enables a single view of suppliers across all systems. When procurement has to consult multiple supplier databases, it is difficult to reconcile the data and accurately monitor for risk because, as Arnaud put it, “how do you know if one supplier is a duplicate of the other? How do you calculate the overall risk or overall spend of a single supplier? That is very difficult.”
When it comes to creating a comprehensive view, source-to-pay solutions are usually procurement’s go-to resource. As Arnaud said: “Obviously, a good candidate to host all of this information is your source-to-pay solution,” which can give procurement access to all of the data points and pieces of information that make up the relationship and can surface any areas of risk.
Having a connected and comprehensive view isn’t just about efficiency. It can greatly impact compliance and risk readiness. For example, said Arnaud, procurement should use this data to consider performance assessment, exit strategies, or alternate suppliers as part of their risk management approach. By not doing this, organizations face non-compliance and the inability to react quickly and effectively to any supplier-related issues that surface.
As he said, “If you don’t have these things in place, you are not ready to comply with regulations, and if you have a risk occurrence – a problem or issue with one of your suppliers – you are not ready to react.”
Subscribe to Art of Procurement
Apple | Stitcher | iHeart Radio | Email