Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Third-party and vendor risk management in the finance sector

The results of a Risk Management Association (RMA) and MetricStream survey on third-party and vendor risk management in financial institutions has been published.

The survey drew responses from over 100 leading financial institutions and addressed vendor management frameworks, vendor selection and monitoring processes, critical vendors and critical activities, tools and techniques, contracts, regulatory compliance, and fourth-party suppliers.

With the growing need to grow the business, provide new offerings, reduce overall costs, and maximise profitability and revenues, outsourcing to third-party service providers has become the norm for most banks and financial institutions (FIs) worldwide. Larger organizations have tens of thousands of vendor relationships to manage, and in this scenario, are increasingly exposed to financial loss and reputation if they fail to maintain adequate quality control over all third-party activities.

“Managing the risks inherent in vendor and other third party relationships has become critically important in recent years, as the actions of vendors can cause significant financial and reputational impact to organizations, no matter their size or industry,” said Edward J. DeMarco, RMA's general counsel and director of operational risk.

Some of the key findings of the survey include:

  • Third-party relationships have evolved beyond traditional models of goods and service providers to include agents, agency agreements, channel and distribution agreements, debt buyers, co-branded products and services, and correspondent bank agreements, among others.
  • Some of the bigger organizations surveyed have thousands of supplier relationships to manage, which is extremely difficult without a mature vendor governance framework in place that is thoughtfully planned, dutifully executed and consistently monitored.
  • 97 percent of the surveyed organizations have either defined, or are in the process of defining the critical activities in their institution.
  • 67 percent of the surveyed organizations do not perform due diligence on their fourth parties. 20 percent of the respondents perform due diligence at the time of sourcing/contracting the third-party, and 13 percent do it when the primary supplier notifies them of a new material fourth party.
  • Validation of regulatory compliance and effectiveness of the vendor risk management framework is conducted annually by 72 percent of the responding institutions.

More details (PDF).

•Date: 10th March 2015 • US/World •Type: Article • Topic:: Operational risk

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here