The recent guidance from the U.S. Department of Justice (DOJ) for compliance departments emphasized the importance of ongoing monitoring in third-party risk management (TPRM) processes. Specifically, they ask whether companies monitor third parties “throughout the lifespan of the relationship” and mention the role of “third-party relationship managers” within monitoring practices.[1]
On average, TPRM leaders spend 25% more time on third-party due diligence compared to monitoring.[2] However, due diligence can only go so far: it often fails to sufficiently identify and remediate third-party risks that can emerge over the course of a third-party relationship. Ongoing monitoring, alternatively, allows for the business to monitor for changes that could flag potential risks—most effectively accomplished when scanning for relationship scope changes and using dedicated relationship managers.