Third-party risk management (TPRS) is the process of identifying key risks in an organization and creating a strategy and detailed plan to reduce them. This approach is aimed at third-party risks in particular that come from the outside, such as third-party vendors, contractors, suppliers, and other service providers that the company works with. It helps decide whether it’s worth starting a business relationship with a certain company by understanding how the entity operates and if it’s compliant and adapted to their values, security conditions, and other important factors, which can be adjusted by each company individually.
TPRM is also sometimes referred to by other names, like vendor risk management (VRM) or supplier risk management. In compliance terms, it is closely tied to the Anti-Money Laundering (AML) risk management process and other regulations, such as Know Your Business (KYB), which is an equivalent to the KYC or Know Your Customer (KYC) verification process, but targeted at other companies. In general, third-party risk management is a broader approach that covers all kinds of third parties and risks and is applied throughout the whole business relationship, not just before the entity’s onboarding process at the start.