Resilience Beyond Regulation in TPRM

Article

In a thought-provoking Q&A, Jeff Simmons, Senior Advisor at Alba Partners, challenges the traditional mindset of compliance-driven third-party risk strategies. Instead, he advocates for exceeding regulatory standards, focusing on critical business functions, and integrating robust exit plans with broader resilience frameworks.

Dec 19, 2024

Jeff Simmons, Senior Advisor, Alba Partners

The views and opinions expressed in this content are those of the thought leader as an individual and are not attributed to CeFPro or any other organization

Organizations should treat regulations as the minimum standard and focus on creating exit strategies that are tailored to critical functions, ensuring long-term resilience rather than mere compliance.
By prioritizing processes categorized under Important Business Services (IBS) and Critical and Important Functions (CIF), organizations can develop tailored, actionable exit strategies that align with broader business continuity efforts.
Simmons highlights the importance of preparing for chaotic, unplanned supplier disruptions by focusing on impact tolerance, alternative solutions, and clear communication strategies to minimize operational disruption.
Exit planning must address the resilience of third-party IT frameworks while considering fourth-party risks. Establishing clear linkages between third-party dependencies and critical services is essential for mitigating disruptions.