Banker’s Guide to Third Party Risk Management: Strategic, Complex, and Liable

by Joan McGowan, December 6, 2016
Industry Trends
Global, North America

Abstract

Celent has released a new report titled Banker’s Guide to Third-Party Risk Management: Strategic, Complex, and Liable written by Joan McGowan, a Senior Analyst with Celent’s Banking practice. 

Key Research Questions

1

Where does your bank fall on the TPRM maturity curve?

2

Why is rigorous vendor risk management so important?

3

What is the crux of rigorous third-party risk management?

Regulators continue to question the quality of third party risk management (TPRM) practices and are calling for more in-depth risk assessment, monitoring, and oversight of third parties. This is a big and expensive task. Banks should take advantage of their established risk management practices such as the Three Lines of Defense governance model and adapt operational risk management processes, controls, alerts, and escalation models to police critical and high-risk third party engagements.

Typically, banks manage third party risk on an ad hoc basis through individual business owners, responding to risks as they arise. This approach leaves banks vulnerable to cyberattacks, data breaches, and the ensuing liability. The foundation of a robust TPRM program is a centralized third party management system that enables the bank to identify and manage critical and high-risk active engagements. Such risks need to be identified, assessed, prioritized, monitored, and treated in the same way a bank treats its internal risks.

There are hundreds of relationships on a bank’s book that are inactive or low risk that do not merit risk-based due diligence. An analysis carried out by Oliver Wyman calculates the annual cost to US-based banks and their third parties for risk-based due diligence and assessments on new engagements is approximately $750 million.

“TPRM will remain a priority investment for the banking industry. Better risk management of the growing external ecosystem will raise the soundness and resiliency of a bank and lead to overall improved performance and competiveness within the industry. Operating without a strategic TPRM practice will leave your bank in the hands of fate and the regulators,” McGowan said.

“Overall, banks are still early on in their TPRM maturity levels, and there is a long way to go before they achieve best-in-class practices. By stage four, full maturity, a bank’s TPRM program should resemble the practices of operational risk management and support the enterprisewide risk management strategy,” she added.

Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally based analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is part of Marsh & McLennan Companies [NYSE: MMC].

Media Contacts

North America
Michele Pace
mpace@celent.com
Tel: +1 212 345 1366

Europe (London)
Chris Williams
cwilliams@celent.com
Tel: +44 (0)782 448 3336

Asia (Tokyo)
Yumi Nagaoka
ynagaoka@celent.com
Tel.: +81 3 3500 3023

Table of Contents

Executive Summary

1

Key Research Questions

1

Introduction

3

Complexities, Immaturities, Liabilities, and Consequences of Third Party Risks

4

Bank Relationships are Varied and Complex

4

Banks’ TPRM Practices Are Immature

6

Liabilities Can Break the Bank

7

Consequences of Poor TPRM Practice

8

TPRM Requires Strong Governance

11

TPRM Operating Models Observed in the Industry

13

Components of a Best Practice TPRM Program

15

Identification and Selection

15

Due Diligence and Onboarding

18

Negotiations and Contracts

19

Ongoing Monitoring

20

Termination

21

TPRM Technology Enablers

22

Path Forward

24

Leveraging Celent’s Expertise

25

Support for Financial Institutions

25

Support for Vendors

25

Related Celent Research

26

Sign in to download reports and access personalized information