A third party security is security given by an entity which secures the legal responsibility of a third party. If the third party security does no longer include any non-public obligation to pay at the part of the mortgagor or chargor, it is able to be handled like a constrained recourse assure in order that the liability of the mortgagor or chargor is confined to the amount which may be realized upon disposal of the third party security.
In this guide, we look at how this type of security is different to direct security and the key considerations for lenders to be aware of and take into account when they are being granted third party security.
Why does third party security differ from direct security?
Third party security differs from direct security, because the rights and duties applying in relation to guarantees and indemnities also apply to a third party charge. Generally speaking the duties are embodied in the overriding principle that a creditor must not prejudice the rights of the surety against the principal debtor or the rights of contribution against his co-sureties. Broadly speaking, the right of subrogation is the right of the surety to “stand in the shoes of” the creditor once it has been repaid by the surety and the right of contribution is the right of the surety to recover from his co-sureties money to the extent that the surety has borne more than his fair proportion of the liability to the creditor.
How can you achieve the same effect as a third party security?
The same effect can be achieved by taking a guarantee and a direct security and indeed this is probably a better method. Many banks will not have a third party security template for this reason.
Why is third-party security is of critical importance for modern days?
Third-party security is yet to be your enterprise top priority, it will be so due to some of the high profile security breaches that have happened in the recent years. The emerging technologies and challenges from supply chain complexity, remote working (due to COVID-19 pandemic), cloud storage, data privacy regulations, phishing and ransomware attacks all raise the third-party security risk concern.
When dealing with third parties, such as vendors, suppliers and other partners, it is very common to conduct a third-party security assessment to help your enterprise understand what cyber risk exposure involves and carry out risk migration to reduce attack surface and to achieve regulatory compliance. Just recall the recent SolarWinds incident, if one of your partners has a significant weakness, a hacker could easily exploit it and gain access to your system anyway.
Content of typical third-party security risk assessment?
By practice third-party security helps prevent risk involved in the third-party security matters, and protect against potential vulnerabilities from your partners. Enterprise can perform a third-party security risk assessment with a document to cover the nature of the relationship, key technologies involved, user accessibility, roles and responsibilities, potential vulnerabilities and threats, existing controls, consequence ratings, likelihood ratings, overall risk ratings, recommended actions.
E-SPIN Group in the enterprise ICT solution supply, consultancy, project management, training and maintenance for corporation and government agencies did business across the region and via the channel. Feel free to contact E-SPIN for your project requirement and inquiry.
Other post you may be interest:
- 5 Steps to Manage Third-Party Security
- Basics of Supply Chain Security
- Best Practices for Successfully Managing Third-Party Risk
- Lesson from Cyberthreat Hunter FireEye Hacked incident (aka SolarWinds incident)
- Ransomware rising to be the top threat
Original post 2018-Jul-18, check, rewrite and update on 2022-Mar-7.