Insurance

Why third-party risks are now more central to banks



Why third party risks are now more central to banks | Insurance Business America















With the growth of outsourcing, managing vendor threats becomes a priority

Risk Management Issues

Written by Kenneth Araullo

Potential risks from external vendors, service providers, and partners—collectively known as third-party risks—are a growing concern for banks, according to Alex deLaricheliere (pictured), strategy and execution leader and head of banking at WTW.

As banks continue to offer more functions and services, third-party risk management is taking on a more important role in their risk strategies. Although managing merchant risk is not new, it has become important as banks look to balance efficiency and risk exposure.

Third party risks for banks include various threats, such as operational, cyber security, compliance, and legal risks.

DeLaricheliere said that when banks rely on outside providers for critical services, they indirectly expose themselves to these risks, making it critical that their risk management frameworks expand to include third-party oversight. Banks must carefully monitor their interactions to effectively mitigate these risks.

Control pressure

Increased regulatory scrutiny has also driven the importance of third-party risk management. DeLaricheliere said regulators such as the Office of the Comptroller of the Currency (OCC), the Federal Reserve, and the Consumer Financial Protection Bureau (CFPB) are now stressing the need for banks to implement strong vendor management systems.

These institutions require banks to have clear policies for evaluating, monitoring, and managing third party relationships.

Key strategies for managing these risks include due diligence before engaging third parties, establishing clear contractual agreements detailing the allocation of liabilities, and proactively monitoring high-risk vendors.

DeLaricheliere highlighted the importance of business continuity plans that deal with the potential failure of third parties, ensuring that banks can respond quickly in the event of a disruption.

An important part of due diligence, according to deLaricheliere, is checking the internet security practices of retailers. Banks must ensure that third parties have adequate data protection measures, such as encryption, access controls, and secure data storage. Conducting regular assessments of a vendor's ability to prevent and respond to cyber threats is also an important part of the onboarding process.

Technical solutions and challenges

Many banks have used risk management software to help streamline the process of overseeing third-party risk, deLaricheliere said. These tools can ease the operational, financial, and administrative burden of monitoring vendors.

By using software to track performance metrics, compliance status, and risk indicators, banks can better manage their third-party relationships and reduce potential exposure.

Managing third party risk has become more difficult as outsourcing approaches accelerate within the banking sector. Banks are increasingly outsourcing key functions, including technology, compliance, and customer services, to reduce costs and improve efficiency. However, the complexity and importance of these outsourced activities present new risks that must be carefully managed.

DeLaricheliere said that as regulatory oversight continues to evolve, banks face new expectations and compliance obligations related to third party management. These requirements require a dynamic and flexible approach to risk management.

Globalization adds further complexity, introducing cross-border risks, new regulatory challenges, and cultural differences. DeLaricheliere said banks must adopt “living” risk management strategies that can adapt to evolving threats and regulatory changes.

Enhanced due diligence is especially important when dealing with international third parties, as these relationships often involve increased risk.

Third party risk management

To address these challenges, deLaricheliere has highlighted several best practices seen in the industry. A clear governance structure is essential, with defined roles and responsibilities for third party risk management. Many banks have implemented merchant management offices or merchant risk management processes with personnel responsible for overseeing these relationships.

Continuous training and awareness of employees, especially those directly involved in the management of third parties, is also important. DeLaricheliere emphasized that employees need to understand the importance of mitigating these risks and be equipped with the necessary skills and knowledge to effectively manage third party relationships.

Finally, integrating risk management into the broader framework of the bank's business is essential for a comprehensive approach. DeLaricheliere said that by embedding third-party risk management into the risk system, banks can effectively identify, assess, and mitigate potential risks across the organization.

“Managing third party risk effectively requires a proactive and systematic approach. By implementing strong due diligence, monitoring and risk management processes, banks can reduce the potential impacts of third-party failures and ensure the resilience of their operations,” said deLaricheliere.

What are your thoughts on this matter? Please feel free to share your comments below.



Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button