Vendor and Third-Party Risk Management
Following on from the first blog on research from the Center for Financial Professionals we will now focus on the role vendor and third-party risk management plays in operational risk management.
In recent years internal practices have come under scrutiny as scenarios within conduct and reputational risk have left some firms open to judgement. With this in mind ensuring that your business is managed effectively is not only important for risk management but also to satisfy consumers and stakeholders. One such area which has recently received a lot of attention is vendor and third-party risk management. As mentioned above this is also an area which is being addressed within operational resiliency. The need for increased controls and monitoring has become more apparent as failings within supply chain management can have detrimental consequences. It can be said that each firm will have their own appetite policy and controls over what is and is not acceptable from a supplier. As you can see from the below several industry professionals commented on the reasons behind this heightened risk and areas of focus, with a view beyond third parties, to fourth, fifth and beyond:
“I think the other big topic from a challenge perspective is supply chain. Your third parties and fourth parties, the suppliers you rely on, who do they rely on? That is a vulnerability so there is a lot of concern”
“More people are concerned about 4th parties, most people know 3rd party risks and having assurance and procurement and practices. But as banks become much stronger at preventing vulnerabilities from threats, fraudsters are looking for other ways to get in and an easy way to do that is attack 4thparties.”
“What are the control objectives you have or what can you demand/expect from your suppliers? Are they managing data properly, complying with GDPR and meeting all the requirements? These are the things firms need to check”
Read more about the third area highlighted in the research in the next blog – Technology Risk & Operational Risk.
To explore these this theme and more further the the 5th Annual New Generation Operational Risk: Europe on the 12-13 of March 2019 in London. ClusterSeven will be exhibiting at the Summit, www.cefpro.com/oprisk. Use code: OP-C7 to get 15% off the current rate.