Episode Transcription
Shatyoki
Hello and welcome to the second episode of what’s the Risk, a SignalX podcast. I’m your host, Shatyoki Bhattacharjee, and this podcast is brought to you by SignalX, a company that’s at the forefront of making due diligence automated using AI and making business transactions safer and more efficient than ever before. So today we have a very special guest with us. He’s the CEO of SignalX, Mr.Govind Balachandran. Welcome to the show, Govind.
Govind
Thanks, Shatyoki. Great to be here.
Shatyoki
We are thrilled to have you. Today we are going to talk about a topic that’s on the minds of many business leaders in 2023. How to select the best third party risk management solution for your company? So let’s dive right in. Govind, to set the stage, can you briefly explain what third party risk management is and why it’s so important in today’s business landscape?
Govind
Certainly, Shatyoki. So as we know, increasingly, enterprises are outsourcing significant part of their functions to third parties. So we have enterprises that are outsourcing marketing, finance, it could be underwriting, it could be it could be collections and various types… It could be productions, manufacturing, etc. So today, it has become important to assess the risk and compliance posture of the third parties that we as businesses depend on to generate value for our customers. This requirement for assessing the risk and compliance posture is partly coming from a regulatory point of view, where in certain industries, regulates a key to understand who are the parties that you are outsource to and what their credentials and what their integrity posture is, and second is from an internal controls point of view. So this entire aspect of assessing risk and compliance posture of third parties and ensuring that anything adverse in the third party network is discovered early on so that there is more resiliency in the business. So this is what third party risk management is about today.
Shatyoki
That’s a great introduction. Thank you, Govind. Now, let’s come to the main point. With so many solutions out there, what would you say are the key features that companies should actually look for in a third party risk management solution?
Govind
Yes. Enterprises today work with thousands of third parties in different capacity. So for example, if you take an HR team, an HR team may have third parties or suppliers of multiple type and risk posture. There could be parties who are providing the HRMS solution, who are exposed to data, significant operational data of the organization. There could be parties that are supplying learning and development solutions who may not have as much information as a HRMS provider. And there could be parties who are supplying, say, goodies or T shirts to a business. Different types of suppliers in an organization pose different types of risks. So today, the requirement of an effective third party risk management program is the ability to conduct checks across these various types of third parties, starting with verifying the identity to even going to the depth of understanding the cyber security posture or the sustainability posture of critical third parties, and having the capability to conduct enhanced public database due diligence, having the capability to collect compliance and risk disclosures, having the capability to monitor these third parties over time.
Shatyoki
That makes a lot of sense. Now, let’s talk about integration. How important is it for a third party risk management solution to seamlessly integrate with the company’s existing system and processes?
Govind
Integration is essential for seamless operation. The vendor on boarding systems and vendor databases of businesses have certain information around identity. Your internal audit and finance function may have certain information about the third parties. Your business teams may have certain function about the third parties. Your CISOs and IT teams may have certain information about third parties. Bringing all of this together into a single platform so that all of these different stakeholders of third party risk management can have access to information is essential. Integrating with existing systems like SAP Finance and accounting related tools and other monitoring tools can be very easily achieved through automation and available technologies.
Shatyoki
Absolutely. That’s very insightful. So lastly, for our listeners who are just starting to explore third party risk management solution, could you give them one piece of advice that you would feel that would make them their starting ground of implementing a third party risk management solution for their company who are doing it for the very first time, or for the companies who are trying to renovate or bring innovation in their third party risk management program?
Govind
It is a process of implementing a third party risk management system. It is not a piece of software that you can plug in and start doing everything over time. You may want to start off with certain components and build your third party risk management program over time. You may want to put in a KYB system that is able to verify identity. You may want to put an enhanced due diligence system that is able to conduct due diligence of public data. That could also do some level of monitoring and reporting on an ongoing basis. And then you may want to put in place certain disclosure collection and rating systems that is able to automate the data collection from third parties on the risk and compliance posture. And then you may want to bring everything together in a similar view. So a modular third party risk management system allows you to start very small and enables you to go through this journey of building third party risk management program block by block.
Shatyoki
Yes, that’s again very interesting. So I have one last question, though, for our listeners. Everyone is talking about AI right now. So generative AI have disrupted the way we see technology and the innovation that it has brought to the world. And it’s just the beginning we are seeing. And the future beholds the various capabilities of generative AIs and everything. So how can a company map these AI along with their third party risk management program? How do AI make a difference in their third party risk management program, even when selecting the solutions? Do they go for AI based solution? In what ways does AI makes his contribution into third party risk management?
Govind
So this is a very transformational moment in the entire enterprise software landscape, particularly when it comes to risk and compliance. Third party risk management, the core of it is about collecting information either from public domain or also from the party through disclosures to understand the posture of the party that you’re doing business with. So this process has always been laborious where you may have a managed service provider who is reaching out to your third party, is collecting a lot of artifacts, a lot of documents to support the risk posture that they claim to have, to break down this document, to understand what the risk portion of that particular third party is. You may collect certifications; you may collect policy documents, et cetera. Today with generative AI and automation, this entire data collection process and breaking down of these artifacts to generate insights is significantly automated. It takes significantly less effort and time and human capital invested in processing all of these documents. There’s also a greater level of accuracy when it comes to identifying insights. This level of automation now is available for enterprises to leverage. It is possible for you to plug in a system like SignalX and start collecting disclosures, start utilizing public data, start implementing a monitoring program, or start putting in place a KYB system and be alerted on the risk that are developing in your third party network to drive resilience in the organization?
Shatyoki
Right. So you mentioned SignalX at one point in your previous answer. So I want to get it clear for our audience that how SignalX, being an AI based risk assessment company, is playing a crucial role in changing the paradigm in the way people used to see third party risk management and implementing that program into their own system for their supply chain, and right now with the AI in the picture with the technology and how SignalX is adapting to that technology and providing its solution. So how SignalX is making a difference.
Govind
So signal is an A I based risk intelligence in a solution that helps enterprises conduct, a wide set of checks on the third parties that they’re engaging with starting with their identity to something even as intricate as cyber or sustainability of third parties.
We are also, one of the largest digital due and platforms that connect with, a comprehensive set of sources, to pull, an enormous amount of public data information, including things like litigation, history, media, law enforcement, data, financial records, corporate regards, tax filing history, statutory records, et cetera.
To help our, users understand the risk and compliance posture with minimal data collection from third parties and also provides the required automation to collect disclosures and using automation to break it down to derived sites.
So, what this means is, the time and effort and, the cost savings in conducting third party risk management is up to 80% of what it would otherwise take if you were doing it manually.
And, so that is where automation comes in. And that’s what we are excited about building this.
Shatyoki
That’s a golden nugget right there! Thank you so much, Govind, for sharing your expertise with us today. It was an absolute pleasure having you on the show.
Govind
Thanks for having me shatyoki, it was great to be here and I hope the listeners found this information insightful
Shatyoki
I’m sure I’m sure they did! And thank you to our listeners for tuning in to the second episode of “What’s The Risk?”. Also I would like to tell you guys that there is a Third Party Risk Management Software Evaluation Guide and Checklist available on our website.
You can find the link to the resource in the description of this episode. Download the guide today and choose the best TPRM software for your organization.
Make sure to subscribe to the SignalX Podcast so you don’t miss out on any episodes. Thank you so much for tuning in. Until next time, this is Shatyoki Bhattacherjee, signing off.
