A Better Way to Manage Third-Party Risk

An iterative approach better equips legal and compliance leaders to combat third-party risks in a rapidly changing business environment.

A large technology organisation hires a third party to help with routine website updates, and allows access to its intranet. For some of the work, the third party employs its own third party. It is suddenly a lot harder for the organisation to assess and mitigate risks they are aware of — let alone the ones they are not.

In 2019, 71% of organisations report their third-party network contains more third parties than it did three years ago, and the same percentage reports their third-party network will grow even larger in the next three years. In fact, our research shows that 60% of organisations are now working with more than 1,000 third parties.

“Third parties have greater access to organisational data assets and are working with an increasing number of third parties”

What keeps GC from being personally effective is a large gap between aspiration and reality. They want to operate as corporate executives, but the majority (59%) act as lead attorneys, providing legal guidance and tactical support to the business. Only a fraction (8%) behave as corporate executives who have the power to sway critical executive decisions and drive enterprise success.

Make small changes to management behaviours

The good news is that by adopting certain behaviours — and eliminating others — GC can achieve the personal effectiveness they want. This does not mean doing a radically different job; for most GC, it just means approaching their role differently and making small but essential tweaks to their management behaviours.

For example, GC often get bogged down in day-to-day legal opinions and tactical work. And this is exactly what most executive teams will use them for, unless explicitly “trained” to think about them differently. To change this perception, GC should redefine their role and have deliberate conversations with executive leadership about the organisation’s long-term strategic needs and where and how GC can provide the highest value.

“Focus on understanding and addressing clients’ most significant needs and challenges”

Client service is another area where a simple behaviour shift can have a major impact. Most GC (73%) believe success means pleasing clients, but this can undermine GC performance and even weaken client relationships. Personal effectiveness drops 31% when GC fail to push back on client-suggested work or priorities directed solely at satisfying clients.

Business partners do not want positive reinforcement so much as they seek partners who deliver positive outcomes. “Focus on understanding and addressing clients’ most significant needs and challenges instead of trying to please in every interaction,” says Martin.

As leaders at the centre of mission-critical business activities, GC must provide guidance and decision frameworks to resolve uncertainty and reduce organisational complexity. Adopting personally effective behaviours enables GC to increase their impact on business performance and boost their stature in the organisation.