2. The Technology TPRM Forum, utilizing insights and perspective from
leading TPRM executives, created a targeted survey to identify the
impact Digital Transformation is having on third party risk operations.
The questionnaire focused on:
Digital Technologies having greatest impact
Actions taken to meet the digital challenge
The benefit of these actions
Business Continuity developments
Anticipated regulator focus
The survey was promoted via Technology TPRM Forum's blog www.IT-
TPRM.com and was hosted on Survey Monkey. The survey was
available to respondents between May 28 thru June 15. In all, there
were a total of 114 respondents to the survey.
2
Survey Overview
The following represents the analysis, opinion and
recommendations of Technology TPRM Forum.
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
3. 3
Technology TPRM Forum
Future Areas of Study
The Impact of Digital Transformation
on TPRM Operations survey is the first
step to support development of TPRM
best practices. The Technology TPRM
Forum will follow this research with a
series of study's focused in the areas
identified in this survey as key to TPRM
operations.
FLOD/VMO Alignment
o FLOD Optimization
o VMO Empowerment
Accelerated Risk Process
Business Continuity Optimization
Findings & Recommendations
1. First Line of Defense organizations are
under severe pressure to support multiple
digital transformation areas, forcing them
to oversight role versus operational
contribution.
Recommendation:
Increase automation. Utilize a TPRM platform
Hire FLOD team members of diverse skills to
align with area of focus: establish credibility
Define alignment, roles & responsibilities with
VMO teams. Make certain FLOD is engaged,
collaborating and embedded in operations – not
an oversight layer
3. TPRM organizations are yet to identify
the best manner to support Business
Continuity & Resilience requirements
despite increased regulator focus.
Recommendation:
Assign FLOD with knowledge of infrastructure
operations
Collaborate, coach and support response plan
creation – drive/facilitate scenario definition with
roles and responsibilities
TPRM-BC teams support incident management -
not own
2. TPRM leaders are placing priority on
accelerating processes to support
business initiatives, increasing potential
risk exposure.
Recommendation:
Establish joint TPRM-IT-Business-InfoSec panel
to define accelerated process for risk
identification and tolerance leveling
Establish dynamic monitoring strategy to
continually assess risk of critical emerging third
parties such as FinTech enablers
Clearly define rules of engagement with
consequence for non-compliance across
operations
4. TPRM leaders work with
Procurement/Strategic Sourcing and
Legal to continually identify terms to keep
pace with regulatory requirements and
nature of your environment.
Recommendation:
TPRM, VMO, Procurement & legal to schedule
frequent review of Terms and Conditions
necessary to be added to existing agreements
Review anticipated regulatory requirements and
collaboratively identify language to support
if/when regulatory change is confirmed.
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
5. 94% of survey respondents indicated they are currently being
impacted by digital transformation or anticipate it happening in
the coming 12 months.
Extent of Digital Disruption
Near universal acknowledgment exist that digital transformation
is impacting TPRM operations. This dynamic is well documented
across the TPRM community, yet little detail exist on specifics
challenges and opportunities for TPRM professionals
5
Technology TPRM Forum’s goal is to identify the exact digital
technologies, their impact and actions to harness digital capability.
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
6. TPRM leaders overwhelmingly indicate Cloud (89%),
Automation/RPA (73%) and Cyber Security (68%) as the top
technologies driving digital transformation. At 21%, Blockchain
has quickly grown in awareness with TPRM leaders and is
anticipated to accelerate in the coming months.
Digital Transformation Decomposed
As a generic term, Digital Transformation encompasses multiple technologies.
Respondents were asked to identify the specific technologies which they
identify are producing disruption in their TPRM operations.
6
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
7. Not surprisingly, TPRM operations have employed multiple techniques
to meet the growing challenge to operations caused by digital agendas.
These actions show the breadth of areas TPRM leaders must effectively
support including business operations, procurement, IT, Audit and
InfoSec.
Nature of Digital Impact
To date, accelerated ‘fast track’ process development top the list of
tactics to meet the digital transformation challenge. Results also
show broad cross-functional impact across Business Continuity (IT
Infrastructure), Cybersecurity (InfoSec), and Contract Management
(Procurement). This highlights the diversity of skills and expertise
required of FLOD teams and a high need for collaboration.
7
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
8. TPRM Actions Intended Benefits
8
TPRM leaders indicate alignment with the Vendor
Management Organization is the leading action to
meet the digital agenda. This places a high
degree of dependency on VMO’s understanding
risk operations and FLOD members providing
value.
TPRM leaders also seek greater involvement with
Procurement and Legal to ensure contract terms
with strategic third parties remain current.
The primary anticipated benefits of the actions
identified by TPRM leaders is to successfully
accelerate risk identification, monitoring and
mitigation actions to support business operations.
Additional benefits are enhanced alignment with
internal VMO and Procurement with improved Third
Party monitoring capability.
Collaboration supports the ability to establish an
integrated front producing more rapid and
comprehensive risk decisions and effective
monitoring to track change to tolerance levels.
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
9. FLOD organizations run the risk of being viewed as an unnecessary
overhead layer lacking credibility or value. It appears that TPRM
operations have not as yet settled on best practice to support BC and
operational resilience. This could be a reflection of BC being a more
recent area of focus for regulators.
Business Continuity
Response to Business Continuity show a distinct separation between
oversight and operational activities. TPRM leaders indicate a clear current
focus on oversight and governance activities.
9All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
10. The FFIEC’s Appendix J combined with OCC comments have
created an environment where TPRM leaders are anticipating
incremental and expanded requirements. Respondents indicate 2 of
the 3 top areas anticipated for increased scrutiny relate to Business
Continuity.
Anticipated Regulator Focus
Increased focus by regulators on Business Continuity and
Resilience will ultimately drive TPRM teams to get engaged in a
more significant fashion than currently indicated. It will require
deeper understanding of operations, business impact and
contingencies to accurately assess capacity and concentration.
10All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
11. The normalized profile of a respondent to Technology TPRM Forum’s survey on the impact of digital
transformation on TPRM operations is a TPRM professional from the Banking & Capital Market Community
with over $50 billion in assets under management.
Respondent Profile
11
All rights reserved by Technology TPRM Forum – Not to be distributed without explicit permission
Key Demographic Data Points:
o 58% of respondents are from Banking & Capital Markets
o 56% represent organizations with over $50 Billion in assets under
management.
o 13% of the respondents are from organizations with over $300 Billion in
assets under management.
o 62% of respondents are from risk organizations – 49% are from TPRM
teams
o 18% of respondents are from PMO or Procurement organizations
12. www.IT-TPRM.com
Questions & Comments:
Jim.hussey@it-tprm.com
The Technology TPRM Forum supports the TPRM community through the www.IT-TPRM.com blog featuring original
research, articles and perspectives on the emerging issues. In addition, the Technology TPRM Forum provides advisory
services focused on FLOD Assessment & Enablement Strategies, VMO Risk Sensitivity Strategy and Business
Continuity Modeling & Operational Responsiveness.
The Technology TPRM Forum is proud to be an Executive in Residence with Global SRN (https://www.globalsrn.org/)
The leading non-profit organization dedicated to drive informed decision-making and best practices around global
sourcing of services.
All rights reserved by Technology TPRM Forum and www.IT-TPRM.com – Not to be distributed without explicit permission 12