In an interconnected world, understanding the value chain and its key participants is essential to ensure Operational Resilience and will help to mitigate the impact to your organisation and customers from new and emerging threats.
With new agile operating models emerging and the increased speed of transacting business, controls and security elements are often overlooked exposing the organisation to undesirable risk.
New regulation is also forcing financial organisations to take a more dynamic approach to manage suppliers, bridging the gap between traditional procurement functions and third-party risk management. As part of the agenda, business critical suppliers will be monitored closely including those that have traditionally been out of scope.
At TORI, we support financial services organisations to de-risk their operations, developing and embedding operating models that will foster long term strategic and secure supplier relationships. We deliver this from a solid foundation of a strong risk management approach and establishing a robust Third-Party Risk Management programme to mitigate or contain any potential impact.
Managing your supply chain is more than an administrative function, it involves connecting your business strategy, establishing valuable and secure relationships with your suppliers and mitigating the associated risks. This model represents the optimal state; however, organisations are facing the following challenges reaching that level:
- Viewing Supplier Management only as a procurement function
- Lack of control and / or visibility of the entire pool of suppliers
- Costly federated or decentralised Vendor Management
- Inadequate Supplier Lifecycle Management practices (onboarding, ongoing monitoring and off-boarding) and often disconnected from the Enterprise Risk Management activities
- Extracting full value from those relationships
- Establishing the difference between a supplier and a strategic partner
These challenges are not easy to achieve but having the right level of support and expertise will allow your organisation to reduce the time to reach a greater level of maturity for this function.
Third-Party Contract Operating Model Tier 1 Bank
09 May 2019
The client had established a centralised, ‘arms length’ internal service provider organisation model to meet regulatory ring fencing and Operational Continuity in Resolution (OCiR) requirements.
Managing Risks in Enterprise Transformations
04 February 2022
Heraclitus once wrote, ”The only constant in life is change.” No truer statement has been made, and this is equally applicable to strategic enterprise-wide transformations, which are no longer an option but a business imperative to remain competitive.
IT Outage: Are you Prepared to Contain the Impact?
08 November 2021
The pandemic has accelerated digital transformation across all industries (even faster than the CIO agenda), forcing organisations to quickly move key processes to digital environments to retain some level of activity during the disruption.
Six Steps To Managing Third-Party Resilience
24 April 2020
The impending application of the Guidelines on Outsourcing from the European Banking Authority (EBA) reflects a growing focus on the potential impacts Third Parties can have on the resilience of an organisation, and with good reason.
TORI Response to the Bank of England Statement on Cloud Risk
19 August 2021
The Financial Stability Report, published by The Bank of England in July 2021, presented the Financial Policy Committee (FPC) view that additional policy measures are required to mitigate financial stability risks for Financial Service companies using Cloud service providers.
Operational Resilience and Critical Third-Party Suppliers
18 August 2022
Given the mass adoption of new technology and adapting to new hybrid ways of working, organisations have been outsourcing more of their mission critical business functions and IT infrastructure to entities (often out of the regulated scope), increasing dependency, concentrating risk and potentially jeopardising market integrity.
The client had outsourced an Application Management Service with annual spend of c£10m.
Procurement Capability UK Specialist Insurance Broker
27 February 2018
The client had a decentralised operating model, having grown through multiple small business acquisitions, resulting in many small supplier relationships, inconsistency of governance, potential supply chain risk exposure and limited ongoing supply chain value management.
How Can TORI Help?
At TORI Global we have developed a global Supplier Operating Model & Third-Party Risk Management Framework that will allow your organisation, to de-risk operations and increase operational efficiency and business resilience.
Our approach considers not only regulatory requirements, but also best practice for managing your supply chain through the entire lifecycle.
Advisory services: having the right operating model and practices to manage your supply chain is essential to reduce potential disruptions. TORI have an extensive experience and expertise on:
- Supplier Model & Third-Party Risk Management Health checks
- Designing and implementing a Target Operating model: connecting Procurement with TPRM
- Benchmarking against regulatory requirements and industry best practice
Resource Augmentation: flexibility and scalability without comprising quality and expertise managing your suppliers, is our approach to support your business on these important tasks
- Vendor Review: onsite/desktop
- Managed Service & Outsourcing
- Service Management & SLAs
Operational Resilience is a set of techniques that allow people, processes and information systems to adapt to changing patterns.
Financial Crime (FinCrime) is a multi-faceted, and ever-changing threat that is advancing in its level of sophistication across sectors and regions.
Cyber Security is more than one off tick box exercise; it requires organisations to constantly review and calibrate its existing practices in line with emerging threats and technologies.