Maybe it is Time to Rethink how Organizations Manage Third Parties

At a young age, around 8, I realized that life wasn't a fairy tale when I had to do collections on weekends to get paid for my newspaper delivery. Following my father's advice, who worked in collections for a financial institution, the first lesson I learned was not to rely solely on appearances. The customer with the stone/brick house and the fancy sports car didn't necessarily mean it would be a good business relationship.  The same logic applies to third-party suppliers, even if my risk was with my customers.

Bringing risk to a level of potential impact, many years later, after spending a few years in a Commercial Credit department, my career brought me to the job I was looking for. I was in the field, helping turn around companies that were in distress and/or financial difficulty. Regularly, we would see good companies close or be obliged to make a proposal to creditors to restructure themselves because of a problem with a third party. Interestingly, many of these distressed companies showed signs of a future problem that should have been detected before the storm.

 From a purely monetary point of view, the impact was often in the millions, without considering the collateral damage of the domino effect of a company going out of business or trying to get back on its feet. The harsh reality is that a third party can bring you down to the same level as a problem with key clients and/or employees.  I would even go as far as to say that third-party risk for an organisation increases as we rely more and more on external third parties, particularly in terms of technology for mission-critical products and services.

If you think doing your homework and investing in a department that will oversee your third parties is expensive. It's a better investment than trying to turn around a distressed company. If you do it right, you can potentially save thousands to millions of dollars per year, depending on the number of third-party relationships that you have.

Enough with the moral and history classes. If you’re interested in improving how you manage third parties, I have some practical ideas on where to start. 

Tips # 1 – Education & Tone from the top

Many people think that the function is purely legal and that all you need to do is send a contract to the lawyers, and they'll be able to tell you if it's okay. First, to implement a program successfully, decision-makers need to understand the complexity of the profession. A third-party management program requires dealing with many diverse relationships in different countries with different cultures, varied regulatory requirements, risks, privacy concerns, technology, and, of course, complex contractual agreements.

" The harsh reality is that a third party can bring you down to the same level as a problem with key clients and/or employees."

The reason is that it’s impossible to know everything, and you need the relationship owner and other key players to clearly identify the needs and the risks to be mitigated and, above all, do your due diligence. Proper due diligence is essential to determine whether a third party can meet your company's needs or whether it's just a fairy tale that's about to turn into a potential nightmare. 

Tips # 2 – Know your starting position.

It can be difficult to justify having resources and a department to manage your third parties. 

I would suggest capturing the attention of Senior Management by providing them with a list of your third parties and associated agreements. If you're not able to have summary information with these third parties, the people responsible for the relationships and the terms of your agreements, you have just proven that the organization has blind spots, and your first homework is building this inventory. If you're running around in circles looking for information, make friends with the Finance/Payables department.

Tips # 3 – Surround yourself with the right people and build a structured and formal process.

I'd say one must accept that it’s impossible to do this job alone, and you will need a complementary team as well as good collaborators inside and outside the organisation who will want to build a functional process and operate with formal roles and responsibilities. If you're not able to put together a team and collaborators who understand the organization collectively and want real debates and discussions with the aim of getting things right and putting the interests of the organization ahead of personal interests, you’ll be reducing your chances of success.

Talking about models, there are several which usually include the following steps: 

• Selection

• Due Diligence

• Negotiation

• Recommendation

• Execution

• Monitoring

I won't elaborate on the kinds of models, but I would say to be careful and make sure you adapt it to the reality and size of the organization. I think it’s good to know there are often excellent salespeople and firms who will try to sell you a supermodel «out of the box». I'd say start by identifying your needs and then going for a request for a proposal to find the right one and, at the same time, leverage for negotiating.

Tips # 4 -Take a step back

After a few months in operations, living with your processes, take a step back and, if possible, ask for an external opinion from someone with experience. I recommend someone who has experienced your situation and lived through the myriad of challenges with third parties. An objective and external view will enable you to adapt elements that you may not have considered, and the devil is in the details of our profession.

Last tips – Be ready to embrace the best and the worst.

People who know me know that I love meeting and getting to know people, building relationships, and creating win-win opportunities for all parties involved. However, I will never recommend a new third party unless they provide evidence and they don't want to open the hood after the sales pitch. 

Finishing with the reality of our profession, which requires backbone. Nothing has changed since the days when I delivered newspapers or at the special account. Even if you can mitigate most risks, you're never safe from a third party who has thrown you in the deep end, and you will need to swim, or you will sink. 

If this happens, remember that a smooth sea never makes a skilled sailor, and it’s your responsibility to take the necessary steps to protect the organization and ensure that the other third parties honour their commitments.