Third party risk management

Build and deliver trust in your whole ecosystem

Latest insights - 4 items

Digital Trust Insights 2024: Asia Pacific

Cybersecurity in Asia Pacific: Rising threats and GenAI adoption

Global Risk Survey 2023

How a tech tipping point is fueling reinvention, resilience and growth

Updates to the MAS Outsourcing Notices

What banks and merchant banks need to know about Notice 658 and 1121

How your board can oversee third-party risk

Third parties are critical to businesses, but they can also bring risk

As the world changes geo politically and technologically, so do businesses’ supply chain, operations and business models. Organisations cannot remain competitive and relevant without third party relationships as part of their service offerings and operations.

With the opportunities with third party collaboration also brings exposure to specific risks, such as the potential loss of sensitive data, and possible disruptions to critical business services. The sheer number of third-party relationships companies often have can make it difficult to oversee the multiple risks involved.

As organisations increasingly expand their ecosystem, enhancing collaboration with third parties, the need to have a robust third party risk management program also increases. Hence, having an efficient and effective tech-powered third-party risk management programme is critical, from onboarding, including integrity due diligence, to persistent monitoring.

We help organisations prioritise their third-party risk management program to focus on the risks that matter (e.g., technology, cyber, resilience, concentration, etc) and offer effective and pragmatic solutions to tailor risk and control processes and operating models to effectively manage third party risks.

How our third party risk management services can help you

We assist your organisation with the design and implementation of third party risk management programmes, including strategically selecting the right technology and providing managed services solutions, to ensure you receive the necessary support throughout the entire third party risk management journey.

Third party risk management framework
Third party risk target operating model
Third party risk management operations
Service standards and control environment

Third party risk management framework

To manage your third parties and their risk, we can help you build or enhance your third party risk management framework that is fit for purpose while meeting regulatory requirements.

Our framework helps you understand and identify risk associated with your third party in alignment to your enterprise business and risk management strategy. As part of the framework, we can help you establish:

third party risk governance structure, including reporting lines and oversight functions;
develop or enhance your policies and standards for third party risk;
key risk considerations in evaluating your third parties;
minimum regulatory considerations for third party risk management, for example MAS Outsourcing Guidelines.

Third party risk target operating model

We provide advisory services to help you design and build a fit-for-purpose target operating model tailored to your organisation’s needs, ensuring operational compliance with regulatory requirements and protecting stakeholder trust in your organisation.

The model would help to address 3 important aspects in your third party risk management:

People - Roles and responsibilities
Process - Risk management processes through your third party management lifecycle
Tools - Enablers to standardise and streamline your risk management activities such as, guidance or templates to support risk assessment, materiality assessment, due diligence, exit management, and more

We are also here to support you in your journey to optimise your third party risk management programme through technology integration to drive an effective programme.

Third party risk management operations

We can provide support in the operations of your third party risk activities in pre-onboarding, ongoing monitoring and exit management of your third party arrangements, such as:

risk and materiality assessment and mitigation based on nature of arrangements;
due diligence on third parties based on risk exposure, for example third party security control review, business continuity management process in third parties, ability of third party to meet regulatory requirement such as MAS Technology Risk Management Guidelines, etc;
third party independent assessment including intra-group arrangements reviews, on-site visits, remote visits, etc;
service terminations and offboarding assessment such as controls related to data disposal, service transitioning, return of asset, etc.

Our pay-per-use service model can help your organisation to manage volume of risk management activities and optimise cost of operations while achieving a consistent, standardise and quality executions.

Service standards and control environment

We can provide support to assess and enhance service provider’s readiness/maturity against relevant industry best practices and applicable regulations such as ISO, NIST, MAS TRM Guidelines, etc. We help service providers take stock of their current environment and advise them on ways to bring their maturity to the next level.

PwC can provide the following services:

Assess the service provider’s environment against various regulatory requirements and industry standards (MAS TRM Guidelines and Notices, OSPAR, NIST, ISO, etc.);
Assess the service provider’s maturity against relevant industry practices (Cyber Maturity, etc.).

Check out our latest events

05/05/25

PwC at Ecosperity Week 2025

Confronting a world in transition: Strong climate plans, adaptation, nature-based solutions for a resilient future.

11/04/25

Asia Pacific M&A Summit

04/11/24

PwC Singapore at COP29

PwC Singapore will join the Singapore Pavilion at COP29 to catalyse the shift from visionary ideals to concrete actions, realising our shared climate vision together.

17/10/24

Singapore fund tax incentive schemes – What’s new?

MAS extends and revises fund tax incentives under ITA sections 13D, 13O, 13U, and introduces new scheme under 13OA.

Hide

Required fields are marked with an asterisk(*)

Business email*

Name*

Organisation*

Job title*

Message*

Tick the box to verify you are not a robot. *

By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.

Contact us

Kyra Mattar

Third Party Trust Leader, PwC Singapore

Tel: +65 9735 2506

Siou Kee Ong

Director, Digital Solutions, PwC Singapore

Tel: +65 9665 4963