So we moved on down and we have, who is responsible? Now, we know from our own experience in the category and dealing with our own clients, the first question a regulator asks when they walk into the room is, "Who is responsible for this program?" The next question is, "Show me the program," and the next question is, "Is this program operational? And prove that it is." So, one of the interesting findings, because this is an American category, not for everybody ... Clearly in banking it's more mature but one of the interesting things we have seen is the breadth of people involved in decision-making when it comes to developing and implementing risk management programs.

We've seen lots of different people and it's reflected here in the responses. Clearly, corporate risk is ahead of most people. Now, you can read as a positive or as a negative depending on your point of view, but in a quarter of organizations, and the management board, or the board of directors, are involved in this decision. I think I would see that as positive but there's obviously room for development. Compliance and procurement then follow next, after corporate risk in terms of departmental functions, who have a responsibility and are seen as the primary decision-makers with regard to third party and vendor risk management.

So again, not unsurprising, we've seen this before and it is something we've experienced, but noteworthy nonetheless. We imagine that as, and we've seen this as this discipline develops and matures itself, it will probably concentrate into its own dedicated area, and we see the emergence obviously of third party, vendor, risk management and a different type of [inaudible 00:18:50] coming up.

We moved on [inaudible 00:18:53] investment levels, and why would we ask that? Well, we see the quote here from Deloitte. This is again referencing the study that they have conducted in 2016. The increasing frequency of third party incidents, which was something they reported, if you remember, and almost 90% of people had had an incident in the prior two to three years ... Negatively impacting the reputation, we've seen lots of that. Earnings and shareholder value, which is critical, is currently the single-most compelling driver to invest in, but their acronym, Third Party Governance and Risk Management, so there's the reason people are spending money.

It's important that they do invest and deliver these programs properly. So we asked the question, will your budget for third party risk management increase? Just over half the respondents said that it would. Now, we were a little disappointed by that finding, just looks as though that [inaudible 00:19:50] percentage increase would take place, but considering the scope that we felt is there for the improvement in maturity of programs, it was disappointing that almost half of respondents didn't predict an increase. However, if you were going to increase the budget, what we found is that most of it was going to be under 10% and, interestingly, the organizations that are most likely to spend money are smaller companies.

I think this is related to the level of risk they perceive in the immaturity of their program and banking, not surprisingly, was quite prudent in regard to any increase that might take place. So their planning generally seemed to be under 10%. So we're going to move on now and ask the polling question again, so if you could please [inaudible 00:20:40] whichever. So, will your organization increase the budget dedicated to third party risk management in 2017? Yes or no on this one. ...

Some answers coming in here. ... Okay. We have a result. ... In this instance, we're looking at ... In the study, we found that approximately 52% of organizations believed they were going to increase their budget. Among yourselves as webinar attendees, that number's only 40%, with 60% not intending to spend anything, so, broadly in line but possibly less among this group than among the respondent group to the research. But thank you for that.

Okay, we'll move along. Obviously, the objectives behind the program are critical, and there are multiple objectives, so you know. It's not like there's any one thing that needs to be achieved. We've posed the questions about meeting your regulatory responsibilities, mitigate the risk of inappropriate actions of vendors, obtain tighter control and management of your vendors, improve your vendor performance, competitive pressure, and protecting your reputation.

We don't see them necessarily as discrete. People could select more than one but clearly regulatory responsibilities, considering the scale of [inaudible 00:22:30] in this area, came out as the number one, and again, don't think that's unsurprising. There were some variances in relation to who saw what as the objective. In one instance, it did appear from this, and it is related to those with the more mature programs, is an emerging set of responses that are about better business. It's about vendor performance and its improvement and control and management, and that desire to get more from this very valuable aspect of the value chain for any organization.

So, respondents were also given an option to select an alternative or an "other" response, and the only significant factor that came out here was the [inaudible 00:23:15], probably the only other thing that stood out, and that makes sense. We can all appreciate that. There's a very stark positive correlation between the largest firms and the objective of mitigating the risk of inappropriate practices by vendors and third parties, so that's the only other noteworthy issue that came out of this particular slide.

You can download a copy of the research report discussed here