Skip to content

A data strategy for managing third-party risk

The sheer volume of data when managing third-party risk can overwhelm organizations if not handled correctly. Our recent webinar with the OCEG think tank has highlighted flexible, customizable and fit-for-purpose solutions for intelligent data management.


  1. Organizations need to embrace the new landscape of big data, but too much information can be a double-edged sword when managing third-party risk.
  2. As data becomes cleaner and more linked, risk management improves and organizations can pivot towards high-quality, forward-looking activities.
  3. Our webinar with the OCEG not-for-profit think tank presents a data strategy for managing third-party risk, including the best practise for selecting the right technology.

Refinitiv has partnered with OCEG — a global non-profit think tank that aims to ‘inform, empower and help advance’ its members in the field of governance, risk and compliance — to produce a new ‘playbook’ providing detailed steps to help organizations manage data more effectively.

The guide should be viewed as a practical toolkit to help compliance professionals understand where and how various data sources are being used within their organizations.

Watch: Visualise the power of World-Check data

It also offers some valuable insights into best practice for selecting the right technology to enable better data management in the third-party risk arena.

In conjunction with the playbook, we also co-hosted a January 2019 webinar entitled How much is too much? Addressing the challenge of third-party risk data to deliver further insights into the many challenges surrounding — and solutions to — third-party risk data management.

The third-party risk landscape

The third-party risk landscape is complex, with a range of risks — including operational, financial, reputational and regulatory — that must be fully assessed and mitigated.

This is not always easy, given the scale and global nature of many third-party networks. Refinitiv’s 2018 True Cost of Financial Crime survey revealed that nine percent of respondents dealt with over 10,000 third-party vendors, suppliers or partners during the 12 months preceding the survey.

Moreover, the survey highlighted gaps in due diligence, with 41 percent of respondents revealing that they had never screened these parties.

Country Risk Ranking. A data strategy for managing third-party risk
Country Risk Ranking

A 2017 OCEG Third-Party Management Strategy survey report also reveals gaps in formal compliance.

When asked if they conduct any screening of fourth-parties (those used by third-parties), nearly half of respondents (49.5 percent) answered ‘No’, meaning that they are potentially leaving themselves vulnerable to risks further down their supply chains.

The data management challenge

The last few years have witnessed a fundamental shift in the prominence, accessibility and volume of available risk data. This data is powerful and can be used to uncover risk deep in supply chains, but the data revolution has led to a host of further challenges, including:

  • A lack of trusted, reliable data.
  • The need to use multiple data vendors to cover all risk areas.
  • Insufficient depth of available data.
  • Lack of data connectivity.
  • High costs.

We cannot escape the age of big data. Organizations need to embrace this new landscape and adopt a strategic approach to overcoming these challenges and managing data to unlock its true power.

Can you find the signal in the noise?

Our playbook outlines that, as organizations move up the data management maturity curve, they are likely to move through the following stages:

  • Determining how much data is needed and deciding on the level of granularity required.
  • Securing reliable, accurate data sources.
  • Properly maintaining data.
  • Automating data delivery and integrating risk information into internal systems.

The importance of the second stage — securing access to reliable, trusted data — cannot be underestimated.

With the right tools, this data can be structured and streamlined so that compliance professionals find the signal in the noise and pinpoint areas of higher risk, which can then undergo enhanced due diligence to provide a more detailed risk analysis, where necessary.

A data strategy for managing third-party risk. A data strategy for managing third-party risk

Moreover, risk changes over time, and the level of risk identified at the time of onboarding a third-party may not remain static.

Any number of factors can have an impact, including, for example, jurisdictional changes or the emergence of adverse media, meaning that data must be properly maintained.

Intelligent data management

The explosion of available risk data over the last few years has brought both opportunity and challenge. Below is one of the poll questions posed during the webinar.

Which of these aspects of third-party management presents you with the greatest challenge?

Respondents’ chose ‘a’ and ‘d’ as the top two challenges. Refinitiv’s Kevin Bogdanov stated: “As technology improves, data matching and mapping is becoming easier and easier all the time, so there are ways forward”.

Reliable data is the key tool needed to pinpoint risk and fight back against financial criminals. However, too much data, that is not intelligently managed, can become a double-edged sword.

Increasingly, firms are adopting the flexible, customizable and fit-for-purpose solutions delivered by the regtech revolution. The technology now on offer is powerful, highly affordable and rapid to deploy, offering significant cost and efficiency improvements.

As data becomes cleaner and more linked, the capacity of third-party risk management teams is unlocked, risk management improves, and organizations can pivot towards high-quality, forward-looking activities.

Discover how World-Check Risk Intelligence can help meet your regulatory obligations