Many financial institutions (FI) turn to third-party vendors to support their day-to day-business for reasons ranging from headcount to lack of in-house expertise. Whether the work is done internally or externally, effective risk management is critical. The Office of the Comptroller of the Currency (OCC), and other regulatory and watchdog agencies and associations, have long been concerned though that the quality of risk management over third-party relationships may not be commensurate with the level of risk and complexity these relationships bring.
A bank’s use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner and in compliance with applicable laws.
There are several ways your FI may be putting your institution and account holders at risk. For example:
All illustrate the need for more comprehensive and rigorous oversight and management of third-party relationships that involve critical activities like payments, clearing, settlements, and custody, and significant shared services like information technology.
An effective third-party risk management process follows a continuous life cycle for all relationships and incorporates these phases:
Other things to consider as part of an effective risk management process:
While some institutions may find meeting third-party vendor compliance difficult, and even onerous, it goes a long way in assuring account holders and prospects that your FI takes the safety and security of funds seriously. In fact, for many consumers and businesses, compliance can be a deciding factor when choosing an institution.
In Part 2 of this discussion, we’ll talk about Q2’s proactive approach to third-party vendor risk management, and offer a few tips to help your institution. We’ll also discuss the importance of providing, receiving, and retaining information for bank management — an area where Q2 can provide significant advantages to banks and credit unions.
Source: Office of the Comptroller of the Currency, 2013