Taking a fresh look at third-party risk: A board’s eye view

COVID-19 and subsequent measures to limit its spread have led to unexpected border closures, regional lockdowns, facility shutdowns, and quarantine mandates for workers—causing a shortage of raw materials, reduced production levels, and unprecedented supply-chain disruption and delays.

Spikes in demand for some goods and plummeting demand for others have further strained global supply chains. And, the quick shift to remote working for employees and online shopping for consumers has introduced new cybersecurity, data privacy, and IT risks for companies as well as their third-party vendors. 

These rapidly changing conditions have upped the ante on third-party risk management. While emergency measures were instrumental in managing third-party relationships through the first half of 2020, taking a fresh look at the company’s vendors and supply chain will be critical as companies prepare for the recovery phase and the new reality. According to a recent KPMG Board Leadership Center survey, one-third of directors anticipate that the company and board will substantially reassess supply-chain and third-party risk¹ as a result of COVID-19.²

Tarun Sondhi, a principal in the Cyber Security group of KPMG LLP, highlights key third-party risks exacerbated by the COVID-19 operating environment and longer-term business model disruptions, and discusses considerations for boards:

• Supply-chain risk

• Business continuity and resiliency risk

• Financial risk

• Cybersecurity, data privacy, and IT risk

• Geopolitical and environmental risk

• Brand and reputation risk