CMBYND supports buyers, vendors and investors in developing and utilising class leading solutions for risk and regulation. This whitepaper, developed specifically for our investor community, is one of a series that focuses on a specific buyer need, leveraging our insights from working across the value chain. More in-depth insights are available through consultation.
Dependency on third parties, either buy or sell-side, presents a complex but necessary risk exposure for any business. Intelligence providers that can offer outside-in perspectives for managing this exposure are primed for strong growth, beyond the 16% CAGR estimated by market analysts.
Building or maintaining a competitive advantage requires accumulation of a broad range of data sources and a flexible platform for bespoke interpretation. Whilst this is already being achieved in pockets, both customers and providers will benefit from market investment and consolidation.
For any business, multiple risk exposures arise when entering and maintaining a third-party relationship, including operational, reputational, regulatory, financial and cyber. This suite of risk categories has continued to evolve with respect to inclusion and prioritisation, with ESG being a pertinent and comparatively recent addition.
There is a natural overlap in the activities performed to address these risks – for example, background checks that may be necessary to comply with Anti-Bribery & Corruption regulations are something many organisations would do to manage reputational risk anyway. Hence a risk monitoring service that addresses one risk has scope to address many.
Whilst there is a natural tendency to think of these risks as being supply-chain related, for many businesses, they apply equally to the sell-side. This is particularly true when an intermediary, such as a local distributor, is responsible for sales of a regulated product (such a model being common in both the financial and pharmaceutical sectors, amongst others).
Just as with internal risks, third party risks are dynamic. Anyone responsible for third party risk will typically think of this as a two-stage process – when performing a one-off assessment at the point of onboarding and, if onboarded, on a periodic or continuous basis thereafter. Significantly, the effectiveness of ongoing monitoring will be more effective if it can achieve a continuous, or near-continuous, state.
This can be broken down thus:
Process | Data |
---|---|
Procedures for standardising onboarding and monitoring of third parties. Relevant services for supporting this include:
|
Information and intelligence to screen and monitor third parties. Relevant services include:
|
These requirements are a snapshot, with emphasis given to areas where there are variations or shortcomings in current offerings, as identified by our buyer-side engagements (including those specifically concerned with procuring the services addressed in this workpaper) and from our broader research.
Service providers in this space need offerings attuned with the following 4 criteria:
Market valuations are provided with reference to several independent market analyst reports, typically spanning 5-7 years, considering both the specific segment being addressed as well as the broader risk and regulatory market. With respect to this specific sector, we observe a relatively high consistency between analyst predictions:
CMBYND insights – What are the likely drivers of above average growth that analysts are consistently forecasting for this sector? We consider the following factors to be pertinent:
Beyond market size and growth, this table summarises segment attractors and detractors when compared to other sectors in the risk and regulatory market. This assessment is focused on data services, this representing the more attractive market sub-segment, with a focus on factors that differentiate this sector from its adjacencies.
Attractors | Detractors |
---|---|
|
|
The rest of this whitepaper focuses on opportunities for building service provider value. These specifically focus on risk data/intelligence providers rather than technology, as we consider the former to offer greater growth opportunity.
Suggestions are provided both with respect to future proposition development and investment strategies. These are not mutually exclusive.
The proposals outlined below focus on addressing the gaps we identify from assisting risk and compliance professionals who continually seek better ways of managing third party risk.
Platform development | Acquire service providers with different market focus. Aside from addressing a broader range of markets, significant efficiency opportunities will likely exist, with the same data sources being relevant to multiple sectors. | Seek tuck-in opportunities with specialist monitoring capabilities on specific risk categories. In particular, such players are well placed to better serve both ESG and InfoSec risk categories, for which market demand is markedly high. |
---|---|---|
Revenue growth | Identify possible opportunities for better service leverage. This is a service area where both technology vendors and data aggregators offer key, additional channels to market. | |
Margin growth | Invest in AI and other technologies to improve the quality, breadth, analysis and timeliness of raw data aggregation and interpretation, whilst also reducing overhead. |
Today there are distinct groups of service provider that offer third party risk intelligence, with a focus on specific industry sectors and/or personas. Fundamentally, their customers’ data needs, if not their interpretation, are the same or have significant overlap. Hence this is a market that is ripe for consolidation.
A successful consolidation strategy will efficiently harness a broad, singular dataset but will continue to provide nuance how this data is shaped and provided for different user groups. Indeed, this data shaping is sometimes best left to clients, particularly those in Tier 1 who will wish to perform their own interpretation, while smaller users may prefer ‘answers’ (or ratings) to data.
Until recently, many data providers have required large teams to mine, manage and interpret data. Amongst this cohort, many are now well progressed with using technology to both improve operational efficiency and customer insights. This development pathway has no obvious end though. In fact, technology advances are only extending it. Hence targeted investment not only provides scope for better customer services but is also a necessity for staying relevant and competitive.
For more information and in-depth insights, please contact us.
we are
combined.
local expertise, global experience.
© CMBYND Inc. All rights reserved.