HOW MUCH IS TOO MUCH?

ADDRESSING THE CHALLENGE OF

THIRD-PARTY RISK DATA
AN OCEG PLAYBOOK CONVERSATION

PRESENTERS
KEVIN BOGDANOV, DIRECTOR, MARKET DEVELOPMENT 3PRM, REFINITIV
CAROLE SWITZER, CO-FOUNDER & PRESIDENT, OCEG

99/99/99
Discussion Participants

Carole Switzer Kevin Bogdanov

Director, Market
Co-Founder & President, Development 3PRM,
OCEG Refinitiv

2
Housekeeping
■ Download slides at https://go.oceg.org/how-
much-is-too-much-addressing-the-challenge-of-
third-party-risk-data-an-oceg-playbook-
conversation
■ Answer all 3 polls
■ Certificates of completion
(only for OCEG All Access Pass holders)
■ Evaluation survey at the close of the webinar
■ Find the recording on the Resource tab of the
OCEG site, under Archived Webinars
3
 Learning Objectives

■ Review how to use the playsheets

provided in the Playbook

■ Define steps for identifying, managing

and refining data sources across the
organization

■ Determine challenges that arise in using

different types of data sources and
manually organizing information

■ Outline key characteristics of 3PRM

technologies that are essential for data
management capability

4
Poll 1
Do you have an OCEG All Access Pass (a paid membership) and would you like
to receive CPE credit for this event?

a. Yes, I have an All Access Pass and I would like to

receive a Certificate of Completion for this event
b. Yes, I have an All Access Pass but I do not need a Certificate of
Completion

c. No, I do not have an All Access Pass but I would like to get one
and receive CPE credit for this and future webcasts I attend

d. No, I do not have an All Access Pass and I don’t want to buy one
at this time (so I won’t get CPE credit for this event)

5
Tips and Tools for Managing Third-Party Risk Data

Download the Playbook from oceg.org/resources

6
 Discussion Questions
■ What makes management of data related to third-party risks so
difficult?
■ What are some of the key challenges?

7
The Playsheets

8
Playsheet 1 – 3PRDM Sources in Use Questionnaire
■ This questionnaire is used to
develop a complete view of
the data sources and
methods your organization
currently uses in monitoring
third-party risk data, as well
as associated expenditure of
resources.
■ Gather input from business
process managers and
identified third-party risk data
managers.

9
Playsheet 1 – First Identify Data Source Types
■ Data Source Types
■ Sanctioned Entities
■ Watch Lists
■ Politically Exposed Persons
■ Adverse Media
■ Financial and Credit
■ Entity Information
■ Ownership Information
■ Cyber Security Scores/Ratings
■ Social Media
■ Fourth Party Data

10
 Playsheet 1 – additional information requested
■ Sources
■ Specify (when relevant) the particular source, e.g. which news outlets,
vendor or government sanctions lists, consolidated services (such as World-
Check or Media-Check, etc.)
■ Type of Risk
■ Specify type – e.g. beneficial ownership, sanctions, geopolitical,
environmental, cyberthreat, financial, social, technological, or list other type
■ Monitoring Method
■ Specify manual (person reviewing this source) or automated (system that
monitors and reports based on established taxonomy and triggers)

11 11
■ Frequency
■ specify daily, weekly, monthly, quarterly, continuously or other periodic timeframe
■ Annual Cost – Fees
■ Specify costs paid externally to consultants and/or for content provider software as
service (if both, delineate them)
■ Annual Cost – FTE time
■ Specify FTE equivalent cost if done wholly or partially by internal manual
monitoring or review of automated reports
■ Storage of Data
■ Specify spreadsheets, SharePoint, third-party management system, other risk
management system; specify siloed, shared across unit, shared across enterprise

12 12
 Poll 2

Which of these is your top third-party risk area of concern?

a. Sanctions risk
b. Cyber Security
c. Bribery, Corruption, Fraud
d. Financial, Credit and Business Risk
e. Reputational
f. Other or I don’t know

13
Playsheet 2 – 3PRDM Challenges Questionnaire
■ This questionnaire is used to develop a
complete view of the challenges your
organization currently faces in collecting
third-party risk data.
■ The Challenge Scores developed from
this questionnaire can be used in
conjunction with developed Risk Scores
(from risk assessments for each risk or
risk category) to develop a Priority Score
that you can use to prioritize change
projects.
■ Gather input from business process
managers and identified third party risk
data managers.

14
Playsheet Two
3PRDM
Challenges
Questionnaire
continued

15
Playsheet Two
3PRDM
Challenges
Questionnaire
continued

16 16
Playsheet Two
3PRDM
Challenges
Questionnaire
continued

17 17
 Poll 3
Which of these aspects of third-party risk management presents you with
the greatest challenge?
a. Collecting information about your third parties
b. Verifying risk exposure against independent data sources
c. Managing unstructured data (e.g. adverse media)
d. Connecting data across internal / external / system / business
e. Other or I don’t know

18
Playsheet 3: Third-Party Risk Management Technology
Data Capabilities Questionnaire

19
Playsheet 3: Third-Party Risk Management Technology
Data Capabilities Questionnaire continued

20
Questions?

21