Third Party Risk Management
Risks arising from third party relationships are a significant corporate and regulatory concern. The Federal Reserve, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation and other regulatory authorities have provided guidance on the responsibility of financial institutions to understand, manage and monitor their third party vendor relationships. These regulatory authorities have made vendor risk management a priority for financial institutions. Self-certification vendor management programs are generally no longer sufficient to meet regulatory expectations. Rather, a robust and active vendor monitoring program is the requirement.
While the regulatory focus has been ongoing, many financial institutions continue to struggle with the challenge of implementing an effective and cost efficient system to manage third party risk in today’s complex, competitive and dynamic business environment. Additionally, financial institution boards are asking critical questions related to who their organizations do business with and the impact of vendor relationships on customers. Relevant questions include:
- Do we know the potential risks inherent in vendor relationships and how to mitigate them?
- What is the risk to customers if there is a privacy breach?
- What potential liabilities arise from vendor relationships and can they be identified and managed on a vendor-by-vendor basis?
- How would a loss of outsourced services or a breach of bank systems impact our ability to operate?
- Does the cost of managing/overseeing an outsourced function offset its benefit?
- Have we appropriately considered the potential for negative impact on our brand?
FTI Consulting helps clients answer these questions and comply with regulatory guidance and industry best practices, and implement monitoring and reporting systems to meet the needs of board members.