AML and Financial Crimes

Third Party Risk Management

Companies in every sector around the world are fighting harder than ever before to survive and thrive. And many are increasingly aware that their risk management practices are ineffective. Those practices need to change.

Managing the extended enterprise means managing third-party risks and relationships, their material 4th parties, and so on to the nth party across the universe of core products and services prioritized by bottom-line impact.

Is your third-party risk management program enabling data-driven risk-informed decisions?  Or did the pandemic highlight some disconnects between work effort, actionable insight, and predictability?

We can help.

Bates Group has partnered with recognized financial services industry third-party risk expert Linda Tuck Chapman to bring clients deep, actionable insight and exceptional expertise to assess, plan, and implement third-party risk management and training programs.

Third parties represent a major risk for companies, their managers, and even their board members who may personally face fines or regulatory action. Managing third-party relationships risk has never been more important.

Third-Party Program: Maturity and Effectiveness Assessment

Our proprietary Assessment is a three-step process to determine whether your existing and proposed program is strong enough to meet the threat landscape and regulatory requirements. Along with recommendations, we’ll prepare a high-level roadmap to guide future enhancements.

Third-Party Management Framework

3PRM Framework

Compliance and Completeness Assessment

We will examine scope, processes, policies, controls, and information management across the lifecycle of critical third-party relationships to determine if your program meets business needs, regulatory requirements, and addresses the threat landscape for your extended enterprise.

Effectiveness Assessment

We will assess the overall effectiveness of the program by reviewing the governance and control activities, quality of documentary evidence and degree of visibility and insight the program delivers to internal business leaders, executive management, and board of directors.

Future State Roadmap

We will work closely with you to create a phased Roadmap to increase awareness the effectiveness and efficiency of your third-party risk management program, aligned with business and regulatory requirements. Your Roadmap will address opportunities and gaps identified during the Maturity and Effectiveness Assessment.


Working collaboratively with stakeholders, we will ensure your program can easily evolve and expand over time. We bring proven, adaptable tools and templates to accelerate the design/build timeline, and ensure your program meets your needs.

Monitoring & Controlling “Work-from-Home” Risks

Work-From-Home can be expected to continue for many months, and in some cases is here to stay. Working closely with your risk domain owners and policies, we bring deep experience and specialized expertise designing, implementing, and monitoring Work-From-Home controls for third-party employees.  

Our services include assessing current practices and making recommendations to strengthen existing practices and mitigate risk. We are expert in cyber, information security, connectivity, and physical security controls, and can transition a labor-intensive management and monitoring activities from your risk domain experts to ours.

Risk and Controls, Assessments/Contract Reviews

Now is the time to eliminate backlogs, [re]certify your critical third parties, and [re-]evaluate third-party risks, controls, and legal agreements. Our experienced resources will accelerate data collection, risk identification, controls evaluation processes, targeting our recommendations to the greatest risks.

We can review vendor and third-party MSAs, Service Level Agreements, and contract terms to ensure they meet your needs and requirements. We’ll identify deficiencies and risk and prioritize our recommendations for closing the gaps. And we can support [re]negotiation efforts, taking charge of remediation activities until they’re finalized.

Training and Education

In partnership with Third Party Risk Institute Ltd. we offer a wide range of classroom and eLearning third-party risk management training. Whether your employees are risk management professionals, vendor/third party relationship managers, procurement professionals, auditors, senior managers, and others who need to understand third-party risk management, we cover the landscape.

We offer a wide range of content-rich, half-day eWorkshops that provide training and real life examples of every step towards effective third-party risk management. Or we’ll work with your key stakeholders to align content and taxonomy with your program.

Certified Third Party Risk Management Professional (C3PRMP) is an on-demand, 10-week eLearning program created by Linda Tuck Chapman. Graduates earn a recognized professional designation and are eligible for 66 CPE credits (NASBA) and 20 CPD credits (GARP).   

Contact Bates Group

Bates Group is with you every step of the way. Contact us today for more information on how our End-to-End Solutions can help your firm.

Contact Bates Group