The building blocks of any compliance program lay the foundations for a best practices compliance program. For instance, in the life cycle management of third parties, most compliance practitioners understand the need for a business justification, questionnaire, due diligence, evaluation and compliance terms and conditions in contracts. However, as many companies mature in their compliance programs, the issue of third-party management becomes more important. It is also the one where the rubber meets the road of operationalizingcompliance. It is also an area the DOJ specifically articulated in the 2020 Update that companies need to consider.

Managing your third-parties is where the rubber meets the road in your overall third-party risk manage program. You must execute on this task. Even if you successfully navigate the first four steps in your third-party risk management program, those are in reality the easy steps. Managing the relationship is where the real work begins.

Three key takeaways:

  1. Have a strategic approach to third-party risk management.
  2. Rank third parties based upon a variety of factors including compliance and business performance, length of relationship, benchmarking metrics and KPIs for ongoing monitoring and auditing.
  3. Managing the relationship is where the real work begins.