Standards for the implementation of an enterprise risk management within BRE-Europe Luxembourg with a focus on third party oversight

Abstract

ABSTRACT Third party risk oversight has become something necessary for cost saving and freeing up infrastructure in order for organisations to be able to compete at domestic and international level and focus on their core business activities. However, third party oversight comes with its own portion of risks such as Operations, IT, Fraud/conflict of interest, business continuation, reputation, regulatory compliance, etc. Many organizations look at these risks, assess them when finalising a third party. However, Third-Party Risk Management and Due Diligence usually take a back seat after the third party have been brought onboard. This makes companies unaware of probably third-party risks, which if not mitigated can turn into critical issues that could significantly harm the organization’s reputation and profitability regardless of whether the risk comes from the service provider’s side. Ultimately an organisation that engaged with a third party is held responsible for not identifying and addressing the issue. Remaining competitive requires firms to only to develop their service providers’ network but also to see how sustainable their network is. Carrying out business with a high-risk can significantly lower a company’s reputation and lead to heavy fines, and penalties. As companies benefit from outsourcing arrangements with their service providers, they also go through challenges of managing the vast network of third-party spread across geographies. With limited resources, it becomes very difficult to ensure focus on third-party performance management, risk and third-party monitoring. Additionally, a large amount of Third-parties’ information including contact, financial and business information, contracts, agreements, certifications, risk assessments, compliance and audit results become difficult to manage. As such, organisations adopt ad-hoc processes to monitor their service providers and ensure regulatory compliance, which often highlight critical issues and limit organization’s ability to respond to eventualities. This practical thesis focuses on developing a Third Party-Party Risk Management (TPRM) Framework within BRE-Europe-Luxembourg and for the MasterCos in particular, the framework will take into consideration recommendations from the major key players and those from academia.