TPRM
Third-Party Risk Management
Definition
The framework and processes used by firms to identify, assess, monitor, and mitigate risks arising from relationships with external service providers and vendors. TPRM encompasses initial due diligence, ongoing monitoring, contractual requirements, concentration risk assessment, and contingency planning for third-party failures.
Regulatory Context
TPRM has become a supervisory priority following high-profile third-party failures and cyber incidents. DORA and operational resilience frameworks have elevated third-party risk to a board-level concern, requiring firms to maintain registers of third-party arrangements and conduct regular assessments.