Third-party risk management (TPRM) is compromised in many organisations because those holding the relationship with the third-party (relationship owners) don’t escalate red flags to compliance teams reliably, according to Gartner.
Relationship owners are most often midlevel managers, directors and senior vice presidents who have a crucial and unique view into multiple third parties that compliance leaders deem as high-risk.
“Organisations tend to be working with a lot more third parties as they are key to accelerating business growth after the various disruptions of recent years,” says Chris Audet, vice-president and chief of research in the Gartner Assurance Practice. “In light of rising sustainability standards that pertain to the use of third parties, this is an area that has the attention of compliance teams.”
A Gartner survey of approximately 900 third-party relationship owners in August 2024 revealed that while 95% saw a third-party red flag in the past 12 months, only around half of them escalate it to compliance teams.
“Relationship owners have a unique vantage point for identifying potential risks in third-party relationships,” said Audet. “By empowering them to share insights effectively, organizations can significantly enhance their risk management capabilities.”
The survey showed that three key factors significantly affect the likelihood of sharing: confidence in identifying red flags, objectivity in prioritizing third-party issues, and the perceived return on investment (ROI) of sharing information.
“Helping relationship owners to be more confident in identifying third-party red flags should be seen as low-hanging fruit for compliance teams and can likely be addressed with some targeted training or communications,” says Audet.
When relationship owners develop affinity for their third parties, however, they are less likely to involve compliance out of fear that compliance may overreact and harm the relationship. Thirty-six percent of relationship owners say they feel obligated to protect third-party relationships from people in their own organizations, and a further 27% are reluctant to do anything which might bring ham to third parties they manage.
Gartner experts advise compliance program leaders to educate relationship owners early to the possibility of bias through targeted training, and find opportunities to build ongoing conversation about bias with relationship owners and their managers.
“Organisations must prioritise effective communication and collaboration with relationship owners to enhance third-party risk management,” says Audet. “By addressing the barriers to sharing and fostering a culture of transparency, businesses can mitigate risks more effectively and align with strategic goals.”