Beyond the Checkbox (Ep. 6): Michael Rasmussen on AI in TPRM
Episode Summary
In the latest episode of the Beyond the Checkbox podcast, host Matt Kelly welcomes guest Michael Rasmussen, a prominent GRC analyst and blogger at GRC 20/20, to discuss the persistent challenges and advancements in third-party risk management. The conversation begins with Rasmussen providing a historical overview of third-party risk, emphasizing its complexity and the necessity for continuous monitoring beyond the initial onboarding phase. He highlights how the extended web of third-party relationships, including vendors, suppliers, and service providers, complicates the risk landscape for modern organizations.
The discussion then shifts to the role of technology, specifically the application of AI and automation in enhancing third-party risk management processes. Rasmussen points out that many organizations are still reliant on manual processes, which are inefficient and reactive rather than proactive. He explains how AI can aggregate and analyze data from various sources, such as sanction lists and financial ratings, to provide real-time insights and alerts. This integration of AI can streamline due diligence, policy management, and ongoing monitoring, significantly reducing the administrative burden on staff and improving risk visibility.
In the final segment, Rasmussen and Kelly dive into the governance of AI and its implications for third-party risk management. Rasmussen stresses the importance of structured governance frameworks to ensure the ethical and effective use of AI, both within organizations and by their third-party partners. He also discusses the need for a collaborative approach involving multiple departments, including compliance, IT, and procurement, to successfully implement AI solutions. The episode concludes with practical advice for companies embarking on their AI journey, emphasizing the importance of understanding the current state, assembling the right team, and being prepared for ongoing changes in the regulatory and business environment.
Key Insights
The Importance of Continuous Monitoring in Third-Party Risk Management
Third-party risk management remains challenging due to its fragmented approach in many organizations. Often, the focus is placed on onboarding, with inadequate attention given to continuous monitoring and offboarding processes. Organizations need a cohesive risk management program that integrates various departments and risk categories. Neglecting ongoing monitoring can result in incomplete visibility into risks posed by third-party relationships. By continuously evaluating and managing these risks, companies can better protect themselves from potential disruptions and compliance issues.
Leveraging AI for Enhanced Risk Intelligence
AI technology can significantly improve third-party risk management by aggregating data from diverse sources and providing real-time insights. It can connect to politically exposed person lists, sanction lists, financial viability ratings, and security ratings, among other data sources. AI helps in correlating this data to alert organizations about potential risks in their third-party relationships. Properly implemented, AI reduces the manual effort required to manage risks and enhances the accuracy and timeliness of risk assessments. This allows companies to be more proactive in identifying and mitigating risks associated with their third-party partners.
The Need for Structured Governance of AI
Effective use of AI in third-party risk management requires a structured governance framework. This includes setting clear policies on how AI is adopted, used, and monitored within the organization and by third-party partners. Proper governance ensures that AI is used ethically and effectively, mitigating potential risks associated with its implementation. Collaboration among various departments, including compliance, IT, and procurement, is essential for successful AI integration. Additionally, companies must be agile and prepared for changes in the regulatory and business environment to maintain effective risk management practices.
Beyond the Checkbox (Ep. 6): Michael Rasmussen on AI in TPRM
Episode Summary
In the latest episode of the Beyond the Checkbox podcast, host Matt Kelly welcomes guest Michael Rasmussen, a prominent GRC analyst and blogger at GRC 20/20, to discuss the persistent challenges and advancements in third-party risk management. The conversation begins with Rasmussen providing a historical overview of third-party risk, emphasizing its complexity and the necessity for continuous monitoring beyond the initial onboarding phase. He highlights how the extended web of third-party relationships, including vendors, suppliers, and service providers, complicates the risk landscape for modern organizations.
The discussion then shifts to the role of technology, specifically the application of AI and automation in enhancing third-party risk management processes. Rasmussen points out that many organizations are still reliant on manual processes, which are inefficient and reactive rather than proactive. He explains how AI can aggregate and analyze data from various sources, such as sanction lists and financial ratings, to provide real-time insights and alerts. This integration of AI can streamline due diligence, policy management, and ongoing monitoring, significantly reducing the administrative burden on staff and improving risk visibility.
In the final segment, Rasmussen and Kelly dive into the governance of AI and its implications for third-party risk management. Rasmussen stresses the importance of structured governance frameworks to ensure the ethical and effective use of AI, both within organizations and by their third-party partners. He also discusses the need for a collaborative approach involving multiple departments, including compliance, IT, and procurement, to successfully implement AI solutions. The episode concludes with practical advice for companies embarking on their AI journey, emphasizing the importance of understanding the current state, assembling the right team, and being prepared for ongoing changes in the regulatory and business environment.
Key Insights
The Importance of Continuous Monitoring in Third-Party Risk Management
Third-party risk management remains challenging due to its fragmented approach in many organizations. Often, the focus is placed on onboarding, with inadequate attention given to continuous monitoring and offboarding processes. Organizations need a cohesive risk management program that integrates various departments and risk categories. Neglecting ongoing monitoring can result in incomplete visibility into risks posed by third-party relationships. By continuously evaluating and managing these risks, companies can better protect themselves from potential disruptions and compliance issues.
Leveraging AI for Enhanced Risk Intelligence
AI technology can significantly improve third-party risk management by aggregating data from diverse sources and providing real-time insights. It can connect to politically exposed person lists, sanction lists, financial viability ratings, and security ratings, among other data sources. AI helps in correlating this data to alert organizations about potential risks in their third-party relationships. Properly implemented, AI reduces the manual effort required to manage risks and enhances the accuracy and timeliness of risk assessments. This allows companies to be more proactive in identifying and mitigating risks associated with their third-party partners.
The Need for Structured Governance of AI
Effective use of AI in third-party risk management requires a structured governance framework. This includes setting clear policies on how AI is adopted, used, and monitored within the organization and by third-party partners. Proper governance ensures that AI is used ethically and effectively, mitigating potential risks associated with its implementation. Collaboration among various departments, including compliance, IT, and procurement, is essential for successful AI integration. Additionally, companies must be agile and prepared for changes in the regulatory and business environment to maintain effective risk management practices.
