Documente Academic
Documente Profesional
Documente Cultură
PRESENTERS
KEVIN BOGDANOV, DIRECTOR, MARKET DEVELOPMENT 3PRM, REFINITIV
CAROLE SWITZER, CO-FOUNDER & PRESIDENT, OCEG
99/99/99
Discussion Participants
2
Housekeeping
■ Download slides at https://go.oceg.org/how-
much-is-too-much-addressing-the-challenge-of-
third-party-risk-data-an-oceg-playbook-
conversation
■ Answer all 3 polls
■ Certificates of completion
(only for OCEG All Access Pass holders)
■ Evaluation survey at the close of the webinar
■ Find the recording on the Resource tab of the
OCEG site, under Archived Webinars
3
Learning Objectives
4
Poll 1
Do you have an OCEG All Access Pass (a paid membership) and would you like
to receive CPE credit for this event?
c. No, I do not have an All Access Pass but I would like to get one
and receive CPE credit for this and future webcasts I attend
d. No, I do not have an All Access Pass and I don’t want to buy one
at this time (so I won’t get CPE credit for this event)
5
Tips and Tools for Managing Third-Party Risk Data
6
Discussion Questions
■ What makes management of data related to third-party risks so
difficult?
■ What are some of the key challenges?
7
The Playsheets
8
Playsheet 1 – 3PRDM Sources in Use Questionnaire
■ This questionnaire is used to
develop a complete view of
the data sources and
methods your organization
currently uses in monitoring
third-party risk data, as well
as associated expenditure of
resources.
■ Gather input from business
process managers and
identified third-party risk data
managers.
9
Playsheet 1 – First Identify Data Source Types
■ Data Source Types
■ Sanctioned Entities
■ Watch Lists
■ Politically Exposed Persons
■ Adverse Media
■ Financial and Credit
■ Entity Information
■ Ownership Information
■ Cyber Security Scores/Ratings
■ Social Media
■ Fourth Party Data
10
Playsheet 1 – additional information requested
■ Sources
■ Specify (when relevant) the particular source, e.g. which news outlets,
vendor or government sanctions lists, consolidated services (such as World-
Check or Media-Check, etc.)
■ Type of Risk
■ Specify type – e.g. beneficial ownership, sanctions, geopolitical,
environmental, cyberthreat, financial, social, technological, or list other type
■ Monitoring Method
■ Specify manual (person reviewing this source) or automated (system that
monitors and reports based on established taxonomy and triggers)
11 11
■ Frequency
■ specify daily, weekly, monthly, quarterly, continuously or other periodic timeframe
■ Annual Cost – Fees
■ Specify costs paid externally to consultants and/or for content provider software as
service (if both, delineate them)
■ Annual Cost – FTE time
■ Specify FTE equivalent cost if done wholly or partially by internal manual
monitoring or review of automated reports
■ Storage of Data
■ Specify spreadsheets, SharePoint, third-party management system, other risk
management system; specify siloed, shared across unit, shared across enterprise
12 12
Poll 2
13
Playsheet 2 – 3PRDM Challenges Questionnaire
■ This questionnaire is used to develop a
complete view of the challenges your
organization currently faces in collecting
third-party risk data.
■ The Challenge Scores developed from
this questionnaire can be used in
conjunction with developed Risk Scores
(from risk assessments for each risk or
risk category) to develop a Priority Score
that you can use to prioritize change
projects.
■ Gather input from business process
managers and identified third party risk
data managers.
14
Playsheet Two
3PRDM
Challenges
Questionnaire
continued
15
Playsheet Two
3PRDM
Challenges
Questionnaire
continued
16 16
Playsheet Two
3PRDM
Challenges
Questionnaire
continued
17 17
Poll 3
Which of these aspects of third-party risk management presents you with
the greatest challenge?
a. Collecting information about your third parties
b. Verifying risk exposure against independent data sources
c. Managing unstructured data (e.g. adverse media)
d. Connecting data across internal / external / system / business
e. Other or I don’t know
18
Playsheet 3: Third-Party Risk Management Technology
Data Capabilities Questionnaire
19
Playsheet 3: Third-Party Risk Management Technology
Data Capabilities Questionnaire continued
20
Questions?
21