Banking brief: Vendor risk management increasingly complex

The heightened complexity of vendor risk management for US banks was evident at a conference sponsored by Marcus Evans in Chicago on June 3-4. Need for resources, maintaining oversight, and how organizations are managing the process internally were all hot topics of conversation. The contributing presenters made some key observations about how complex vendor risk management is becoming:

Vendor management resources

There is a growing need for vendor management resources, especially those with experience and capabilities in vendor data analysis

Regular oversight

It is increasingly important to have regular and ongoing oversight of business critical vendor activities

Collaborative accountability

There was universal support for "three-line accountability" with full collaboration and transparency between the three areas:

  1. Business unit: The business unit owns the vendor relationship
  2. Risk management function: The vendor risk management function establishes the risk tolerances and risk management protocols
  3. Audit function: The audit function validates compliance with risk management standards and protocols

A note on the focus for regulations

We’ve seen some trends and these were reinforced at the conference. Regulatory guidance and reviews are focusing on:

  • Self-identified issues
  • Application of the January 2015 collaboration paper
  • Identification of risk acceptance
  • Reliability of lines of defense
  • Specific integration with enterprise risk management (ERM) frameworks
  • Use of vendor risk management subject matter experts with the critical business units
  • A call to banks to develop solutions for service providers with large customer bases

Vendor risk managers have established critical reliance upon robust models, including vendor risk rating systems, to support necessary vendor risk management. Regulations will likely increase in this space as reliance on third party vendors for more technical and complex tasks continues to expand. Organizations will need to focus on creating collaboration between the parties necessary for successful vendor management and keep up on regulatory developments in this space.

For more information on this topic, or to learn how Baker Tilly banking specialists can help, contact our team.