Third parties are the vendors, partners, and all the other players that are mission-critical to growth and productivity in the digitized world. They’re the foundation of global supply chains. And short of customers, they’re the greatest strength of any company.
Yet they’re also the greatest potential weakness.
Despite the clear danger that third parties can pose, it is increasingly difficult to collect and manage quality and reliable news web data relating to them. A world of endless risk, it seems, is also a world of nearly endless news data on the open web. How can companies determine which news data to rely on to mitigate third-party risk, and how can they get that data in a format that can be parsed to produce insights at scale? Read on…
What is third-party risk?
Third-party risk is any risk to an organization from external parties – vendors, suppliers, partners, contractors, service providers, or others – who have access to internal company or customer data, systems, processes, or other privileged information.
E&Y provides a broad list of potential third-party risks that include “strategic, operational, financial, geopolitical, regulatory, digital, cyber and privacy, resiliency, and reputational” damage. And this potential becomes reality in many instances, with Deloitte claiming that over half of companies experienced one or more third-party risk incidents during 2020-2021.
The stakes are indeed high. In modern business models, third parties can actually constitute the core of a given organization’s activities. Consider what would occur if a strategically important cloud-based product or service stopped working due to a disruption in service or a product defect? What would happen if natural disasters or wars impeded third-party operations? Think of the payroll, customer relationship management, and email marketing solutions that are so readily available and require no technical resources to implement in-house. How much sensitive data are you entrusting to third-party applications and what could happen if they fail?
Third-party incidents like those discussed above can directly damage an organization through loss of revenue, IP or downtime. Yet the indirect damage of third-party incidents can be even greater – regulatory fines, legal action against organizational executives, and damage in the court of public opinion. What are the implications for your business if a third party doesn’t adhere to regulatory and legal requirements and is subject to severe legal penalties, fines, or even shutdown?
Since the true price tag of missteps with third parties can be catastrophic, mitigation of third-party risk has become top-of-mind for C-suites, boards, and audit committees. And this is why the quality of Third Party Risk Management (TPRM) efforts is gaining more and more attention.
What is third-party risk management?
TPRM is an ongoing process of identifying, analyzing, and mitigating risks from vendors, suppliers, partners, contractors, or service providers to an organization’s finances, reputation, operations, people, and data.
Effective third-party risk management enables organizations to constantly monitor and assess risk from third parties – identifying when the risk exceeds predefined thresholds. This empowers organizations to make risk-informed decisions, in order to reduce the risk posed by third parties.
In the past, third-party risk was an issue addressed solely at the procurement stage of a business relationship. Enterprise purchasing departments would identify a provider that could offer a set of services, examine the provider’s bona fides, then sign a contract and engage with the provider. If there was a problem down the road with the relationship, they could always find another provider.
Today, things are different. Third Party Risk Management is a well-budgeted and critical part of overall enterprise risk management. Effective TPRM delivers in-depth, continuously updated, and highly relevant information that is leveraged to generate insights about:
- Who exactly third parties are – what is each vendor’s ownership structure and financial interests?
- The exact nature of each third party’s engagement with the organization – what mission-critical organizational functions depend on the third party and what are the implications of this dependency?
- What else do third parties do – what do these vendors engage in beyond their scope of engagement with the organization?
- How safe are third parties – What safeguards do these organizations have in place to ensure that the organization is operationally and legally protected?
The need to proactively monitor different types of data
Deloitte suggests that the best approach to TPRM involves proactive decision-making, rather than putting out fires only when issues arise. Yet any attempt at TPRM proactivity is dependent on one overriding factor – the data used as the basis for decision-making.
Effective TPRM demands organizations look past the structured enterprise data offered by the third parties themselves. Even a team of researchers scouring the public web – or a collection of Google alerts covering each third party – is insufficient. A truly proactive TPRM approach involves data monitoring on a more granular, more in-depth level of reach and frequency.
TPRM data should be monitored, captured, and analyzed in unstructured format from multiple and diverse data sources – public and hidden. With new content posted every minute, TPRM data should be drawn from a massive number of sources – from news sites, company sites, blogs, podcasts, influencers, social media, and more. In addition, it needs to include accurate readership, audience, sentiment, engagement, and other metadata.
The biggest challenges to monitoring third parties
Third-party risk monitoring faces three key challenges:
- The difficulty of accessing high-quality third-party data – Enterprises don’t have the same access to internal data from third parties as they do from customers. This makes it crucial for third-party risk management solutions to consider new data sources, like news data.
- Evolving categories and types of third-party risk – The types and categories of risk are constantly changing. Third-party risk management systems must quickly filter the most relevant data – expanding search capabilities even as the definition and scope of risk expand.
- Third-party risk assessment is dynamic, too – Most third-party risk can’t be measured by a single data point or incident. Rather, it is based on an evolving set of data points on a spectrum. That’s why third-party risk assessment requires continuous monitoring of threats based on continuous access to high-quality data from external sources. Lawsuits, negative media, sanctions, watchlists, and politically exposed persons (PEPs) – all these affect third-party risk and need to be closely monitored.
The solution: News API from Webz.io
To truly manage third-party risk, data alone isn’t sufficient. Organizations require insights derived from the data gathered. To generate these insights at scale and in near real-time, third-party risk monitoring companies need the ability to automatically discover and classify new sources of relevant data, while enabling granular data analytics with adaptable and automated classification.
Webz.io’s News API provides feeds of tens of thousands of news articles, gathered in real-time, automatically classified into over 200 categories, and offering different types of sentiment analysis at the document and entity level. To complete the picture, our Government Data API gives access to the latest data from government and regulatory agency sites. Together, these products offer organizations a complete view of risks relating to third parties and supply chains – helping thoroughly vet vendors, suppliers, partners, contractors, and service providers.
Talk to one of our data experts today to see how News API can deliver real-time, reliable data on third parties from across the web.