Gartner Says Compliance Leaders Need Consistent Communication with Relationship Owners to Effectively Manage Third-Party Risk

Third-party risk management (TPRM) is compromised in many organizations because those holding the relationship with the third-party (relationship owners) don’t escalate red flags to compliance teams reliably, according to Gartner, Inc.

Relationship owners are most often midlevel managers, directors and senior vice presidents who have a crucial and unique view into multiple third parties that compliance leaders deem as high-risk.

“Organizations tend to be working with a lot more third parties as they are key to accelerating business growth after the various disruptions of recent years,” said Chris Audet, vice president and chief of research in the Gartner Assurance Practice. “In light of rising sustainability standards that pertain to the use of third parties, this is an area that has the attention of compliance teams.”

A Gartner survey of approximately 900 third-party relationship owners in August 2024 revealed that while 95% saw a third-party red flag in the past 12 months, only around half of them escalate it to compliance teams.

“Relationship owners have a unique vantage point for identifying potential risks in third-party relationships,” said Audet. “By empowering them to share insights effectively, organizations can significantly enhance their risk management capabilities.”

How to Increase Sharing of Third-Party Red Flags

The survey showed that three key factors significantly affect the likelihood of sharing: confidence in identifying red flags, objectivity in prioritizing third-party issues, and the perceived return on investment (ROI) of sharing information.

“Helping relationship owners to be more confident in identifying third-party red flags should be seen as low-hanging fruit for compliance teams and can likely be addressed with some targeted training or communications,” said Audet.

When relationship owners develop affinity for their third parties, however, they are less likely to involve compliance out of fear that compliance may overreact and harm the relationship. Thirty-six percent of relationship owners say they feel obligated to protect third-party relationships from people in their own organizations, and a further 27% are reluctant to do anything which might bring ham to third parties they manage.

Gartner experts advise compliance program leaders to educate relationship owners early to the possibility of bias through targeted training, and find opportunities to build ongoing conversation about bias with relationship owners and their managers.

“Organizations must prioritize effective communication and collaboration with relationship owners to enhance third-party risk management,” said Audet. “By addressing the barriers to sharing and fostering a culture of transparency, businesses can mitigate risks more effectively and align with strategic goals.”

Additional information is available to clients in the Gartner report Top Insights to Understand Your Third-Party Relationship Owners. Nonclients can read: How to Increase Third-Party Relationship Owner Objectivity to Improve Reporting Rates.