We recently had the pleasure of sponsoring the GFMI Third-Party Risk Management Conference, hosted by Marcus Evans, where risk professionals gathered to discuss emerging challenges, best practices, and critical gaps in managing third party exposure.
During the two-day event, RapidRatings Executive Chair James Gellert joined New York Life VP of Third-Party Risk Management Brenden Healy for a discussion on why TPRM must be approached differently in today's increasingly complex risk environment.
The conversation sparked thoughtful questions from attendees and highlighted several key themes shaping the future of third-party risk.
Private Equity-Backed Vendor
One recurring topic was how organizations should evaluate private equity-backed vendors. As leverage levels rise and private equity firms seek greater returns from portfolio companies, PE ownership is no longer an automatic indicator of financial strength. While sponsorship can provide resources and support, it also warrants closer scrutiny of a vendors underlying financial health and resilience.
Mid-Market Distress and Enterprise Exposure
One of the most sobering moments of the presentation examined the growing gap between mid-market and public company financial performance over the last seven years.
This trend matters because approximately 80% of vendor ecosystems are made up of private companies, the very segment experiencing significant deterioration. As financial pressure builds within the middle market, enterprises face increasing exposure.
Making Risk Assessment an Enterprise-Wide Mandate
A common challenge among attendees was driving participation and compliance across vendor populations. Whether requesting financial statements, enforcing contractual requirements, or conducting periodic reviews, organizations often struggle to secure timely engagement from suppliers.
The discussion reinforced that TPRM cannot be owned by a single department, it requires coordination from procurement, finance, operations, compliance, and executive leadership.
Securing Executive Buy-In
Executive sponsorship remains one of the most important factors in building a mature TPRM program. Yet third-party risk management often competes with other business priorities for attention and resources.
One strategy discussed was positioning financial health analysis as more than a risk management tool. When financial intelligence is used to improve working capital allocation, optimize supplier investments, and support business performance, TPRM becomes directly connected to strategic and financial outcomes. This alignment helps elevate third-party risk management from a compliance function to a business value driver.
Key Event Takeaways
- Third-party risk is not actually a risk, it’s an exposure to all risk areas, from operational and reputational to cyber and IT. Therefore, it cannot be managed in a silo.
- The most difficult aspect of TPRM is remediation. Organizations can conduct countless assessments and generate extensive reporting, but success is ultimately measured by how effectively risks are mitigated and disruptions are managed when problems arise.
- Third-party risk is no longer just a vendor problem, it’s an organization problem. The rapid adoption of AI, for example, is blurring the lines between cyber risk, operational risk, and third-party risk, making cross-functional coordination more important than ever.
- As supplier ecosystems become more interconnected and financially stressed, organizations must move beyond point-in-time monitoring, better understand their Nth tier suppliers, and focus on building resilience across their entire third-party network.
To learn more about how RapidRatings is helping companies better manage their third-party risk, visit https://www.rapidratings.com/solutions/third-party-risk.
