1、EBOOKHow to Create an Effective Third-Party Risk Management PolicyContentsPART IWhat Is a Third-Party Risk Policy,and Why Do I Need It?03What is a third-party risk policy?04Why does compliance need this?04Who else uses the policy?07What are the risks of not having a third-party risk policy?07PART II

2、Creating the Policy:How Do I Get Started?09Determining pertinent risks and proportionate risk levels 09Entity assessment fundamentals 12PART IIINow that I Have a Third-Party Risk Policy,What Happens Next?13Operationalizing the policy 13More about automated,policy-led compliance solutions 14Maintaini

3、ng the policy 15Shaping an organizational risk culture 1603How to Create an Effective Third-Party Risk Management PolicyPART IWhat Is a Third-Party Risk Policy,and Why Do I Need It?“No man is an island”weve all heard that famous line of 17th-century poetry.The same is true for businesses and other o

4、rganizations.Its virtually impossible for todays organizations to operate as“islands,”without connections to third parties,if they intend to function on a basic level much less grow and thrive.Whether youre a financial institution,a CPG company,or a nonprofit,working with third parties such as vendo

5、rs and suppliers is essential to meet strategic objectives.That said,doing business with third parties carries inherent risks that could potentially outweigh the benefits of these relationships and these risks are continuing to intensify in the current business climate of increasing complexity,regul

6、atory expansion,and cyber and fraud threats.To guard against these risks,mature organizations develop and utilize a third-party risk management policy.This policy provides standardized guidance for evaluating specified risk factors and determining whether the third party is an acceptable partner one