Regulatory action and reputational damage arising from third party actions could cost organisations’ shareholders an average of ten times the size of the fine itself as the market value of the company is impacted. This is the stark warning issued by business advisory firm Deloitte.
Deloitte’s research report – entitled ‘Third Party Governance and Risk Management: Turning Risk Into Opportunity’ – highlights the average combined direct fine and remedial costs of failing to appropriately identify and manage third parties. This has ranged from £1.3 million to £35 million before the cost of indirect losses, such as reduced sales and reputational damage.
Where legislation is applicable on a global cross-industry basis for businesses operating on an international basis, the range is far higher reaching as high as £650 million.
Deloitte states that the negative impact on share price itself is an average of 2.55%.
However, Deloitte estimates that organisations could gain competitive advantage over their peers, outperforming them by an additional 4%-5% return on equity by adopting effective third party governance and risk management (TPGRM).
In the case of Fortune 500 or Financial Times 500 (FT500) companies, this could mean an average uptick in earnings (EBITA) of between £17 million and £350 million.
Kristian Park, partner and global head of third party governance and risk management (TPGRM) at Deloitte, explained: “It’s not all doom and gloom for organisations reliant upon the services of third parties. Headline stories depicting regulatory action and reputational damage have caused many to reconsider their approach towards third party management. Those that adopt a proactive and leadership-led approach stand to unlock significant gains by turning risk into opportunity.”
Park continued: “Good governance and risk management isn’t about eliminating the risk of doing business with third parties, but rather managing it appropriately. An effective TPGRM structure will seamlessly incorporate the right structures, processes, people and technology into the business and ensure consistent use throughout the organisation.”
Implementing Best in Class TPGRM
The Deloitte study provides seven elements towards implementing a Best in Class TPGRM. They are:
*Governance structure: Strong governance structures are those that manage third party risk at an enterprise-wide level and have dedicated and empowered senior level teams in place to drive consistent behaviours throughout the organisation
*Ownership (clarity of roles and responsibilities): The extent of ownership of performance and oversight of the TPGRM framework should be known by those tasked with it and kept up-to-date to avoid an inability to manage risk in the event of staff departures or role changes
*Stakeholder engagement (awareness and commitment): An effective TPGRM programme will ensure an organisation’s people are aware of its processes and, crucially, understand how they are followed. Internal compliance is also key and dependent on the quality of ‘back-end monitoring’
*Capability: Ensuring that the most appropriate individuals with decision-making authority are allocated ownership for tasking TPGRM efforts. Such individuals will have the competencies and skills needed to apply judgement in line with business requirements and risk management needs
*People and skills: Linked to the above, resourcing the right individuals will ensure that skills, experience and seniority are compatible with TPGRM demands
*Process: Good processes are not only robust, clear and achievable, but also aligned with the organisation’s stated risk appetite. The most optimised processes will provide a positive experience for both businesses and third parties
*Technology: Having the right technology in place seamlessly supports a TPGRM framework from inception to exit of a third party. At the very highest level, this would also include the ability to manage third parties at both an engagement and relationship level, in turn exploiting all opportunities arising from the extended enterprise