Transforming Third Party Risk Management with KY3P® Through Industry Collaboration

Third party The Know Your Third Party (KY3P) consortium transforms the third party risk management (TPRM) process for financial institutions through industry collaboration and the standardization of a pre-contract due diligence, ongoing monitoring and incident management. The consortium is now adding due diligence verification services (DVS) for its members.

Unlike the traditional third party risk assessment model where each individual financial institution assesses their own set of questions against differing controls for the same inherent risks, our service drives collaboration in order to centralize and standardize these activities. The result is a win-win-win scenario for financial institutions, third parties, and the industry as a whole.

“Third party risk is not a one company issue to solve. Financial institutions share many of the same third parties to help execute their operations and may be impacted by similar threats. So collaboration in this area just makes sense.

The KY3P Utility provides an ecosystem that is flexible enough to grow and change as industry needs evolve.”
- Dennis Frio, Managing Director, Grant Thornton
KY3P users already benefit from a central, cloud-based platform that streamlines how financial firms collect due diligence data from a range of third parties, including vendors, affiliates, sub-advisors, distributors, clearinghouses and other service providers in the financial industry. Improving how third party assessments are conducted is the next logical step.

This new service standardizes what controls members should test based on their specific third party risk, defines the process for how these controls will be tested and then prepares a standard report that summarizes the assessment for both desktop and on-site reviews

The KY3P Utility offers three levels of verification service:

  • Remote verification - due diligence information is independently validated through the KY3P platform
  • On-site verification - the service coordinates on site assessments of third party vendor information using a consistent and agreed upon approach by risk
  • Custom verification - on-site assessment is conducted based on parameters specified by the KY3P member.

For the remote and on-site verification services of third party controls, a standard report is created that can be consumed by other institutions that are members of the KY3P consortium. All banks – from small to large – benefit from the increased efficiency, quality, and consistency of assessments.

Across industries it is estimated that 74% of third party risk management assessments are ineffective. Are you confident in the effectiveness of your program?

“We believe that making vendor due diligence more efficient will ultimately raise the standard for how the financial services industry manages third-party risk.

Integrating verification services into KY3P is a critical step in helping our clients to more easily assess how their dependencies affect cyber security and other key risks.”
- Ellen Schubert, CEO, KY3P at IHS Markit.
On the flipside, third-parties benefit from this standardized and consistent approach which reduces the number of on-site and desktop assessments needed. There are now less overall assessments to disrupt operations or put a strain on third-party resources. Both sides benefit.

Grant Thornton is a preferred implementer of the KY3P Utility as well as the first professional services firm to join with IHS Markit to verify due diligence information.

For more information on the KY3P consortium, the utility, and verification services contact:

Dennis Frio
Managing Director, Risk Advisory Services
T: +1 973 747 2281