In an effort to focus more on the core competencies and stay ahead in the disruptive market, organizations are looking forward towards third party vendors for managing their non-core operations. While businesses usually are well aware of their internal risks and vulnerabilities they face in the day to day operations, not many are monitoring the risks related to their up-stream and down-stream third party associations. These associations if not properly governed, may pose huge risks to the business which can lead to operational and financial distress.
In the current generation, i.e. Industry 4.0, block-chain is considered as one of the most promising technology for ensuring integrity of data. According to a World Economic Forum survey, by 2027, 10 percent of GDP will be stored in blockchain. International Data Corporation (IDC) also forecasts that spending in blockchain applications will reach about $ 11.4 billion in 2022. Thus we see that blockchain is gaining momentum and will soon be exercised in all the industry aspects.
One of the potential applications of blockchain is vendor risk management, owing to the fact that it ensures data transparency and integrity. The basic advantages of using blockchain for managing vendor risks are:
Now let’s see how blockchain technology can be put to use in Third Party Risk Management (TPRM). We see that the TPRM basically has four steps as shown in the below diagram. All these four steps can be managed efficiently if blockchain technology is introduced in this lifecycle.
The first stage of Vendor Risk management is understanding the requirements which needs to be contracted to a vendor. This can be assessed easily if all the processes are managed using blockchain because the relevant information such as audit reports, performance evaluation, SLA targets, Quality slips etc. would be available to the internal stakeholders on real time basis and with most certain transparency. This way the risk of unnecessary investment on vendors can be averted. Another major advantage of blockchain is that the parent organization can short-list vendors based on the information publicly available on the distributed ledgers (Customer reviews, audit trails, CSAT scores, financial capabilities etc.) This helps organizations avoid the reputational and the legal risks up to some extent by short listing the right vendors.
>The next stage is the due diligence and contract signing where in the parent organization needs to visit the vendor site for understanding the actual capacity of the vendor. As a good practice, every organization generally provides a lengthy questionnaire to the vendors for initial assessment. Vendors need to answer these which consumes a lot of time. If VRM is built upon blockchain technology, then all these details would be stored on blockchain ledgers which would be made available to the customers using a public key to decrypt the information. This would ensure that data is not tampered by external parties or modified at the vendor’s will and saves time.
Using blockchain, organizations can sign ‘Smart Contracts’ with their vendors. These contracts are stored with proper security controls in the blockchain and are accessible to the relevant parties. With smart contracts, it is also possible to automate the execution of contract clauses and retributions. Thus legal and financial risks can be managed efficiently. Since no intermediaries are involved in signing these contracts, a financial advantage can also be realized.
The contracting organization and the vendor, both are equally responsible for ensuring that the business risks are managed efficiently. Blockchain applications enables this by making the day to day operations transparent and track any suspicious behavior of the vendor. Thus compliance to the contract terms and regulatory obligations can be measured on real time. This also helps to eliminate any operational risks (time delay, inventory mismanagement, resource management, order fulfillment error etc.) on the down-stream and up-stream processes.
The various operational activities such as incident, change and compliance and resource management becomes easier and explicit. Technological risks such as disruptions are also reduced because blockchain technology is continuously evolving and has forward compatibility provision. Blockchain also acts as an audit enabler as every activity can be tracked by the relevant stake-holders (organization and vendor) on real time basis.
Having blockchain in place for Vendor Risk Management also helps in business resiliency. Since it enables proactive monitoring of risks and disruptions to business, it provides the capability to develop a robust business resiliency framework. In the peer to peer network of blockchain, the information present is immutable and is continuously monitored to mitigate the risk of cybercrime. This helps the vendor and the parent organization to process the data securely.
Towards the end of a contract, automated smart contracts help to execute the termination or renewal clauses successfully depending on the organization’s requirement. Thus on-boarding and off-boarding of vendors becomes easier and a trust-worthy process.
It is evident that blockchain technology will have a huge impact on managing vendor risks and relationships. Since, vendor relationships sustain on the quality of service delivery, even the vendors must soon upgrade to blockchain technology. Thus we can see that third party vendor risk and resource management is a two-way street in which cooperation and coordination plays an important role in the success.