Whether you plan to be GDPR compliant or not by the go-live date of May 25, it’s a good idea to follow these supplier risk review steps now.
This article originally appeared in Credit Union Times.
By Patrick Stakenas | April 03, 2018 at 04:09 PM
Financial services organizations – credit unions, banks, insurance companies, wealth management firms and wire houses – are constantly trying to find a balance between regulatory mandates and expectations, and operational efficiency. Massive supplier data breaches seem like they have become an almost regular occurrence (when they’re reported), customer privacy and data laws are becoming more stringent (GDPR), and predatory behavior by suppliers and vendors is an ongoing issue. Certainly, the porous nature of globalization isn’t making things any easier. With all that to contend with, it’s critical to remember you can pin the blame for risk on third parties, not the responsibility for it.
Whatever supplier management solution you use – SIM, SRM, SRPM, etc. – depends on what your goals and strategy are. Many financial services companies have traditionally used a Supplier Information Management, Supplier Relationship Management or Supplier Risk and Performance Management solution to manage operational and commercial risk – business continuity, credit issues and others. But as regulations mandate the oversight of third-party vendors, the need for more robust tools – or at least the ability to better exploit the tools at hand – is fundamentally changing how companies are approaching their supplier management technology .
No wonder financial services is one of the few verticals where the position of chief risk officer plays a fundamental role. In fact, one such institution (Santander) promoted a risk officer to CEO. In Aon’s global risk management survey report, 76% of respondents said they have even adopted a formal or partially formal approach to risk management and oversight at the board level. Obviously, the connection between corporate goals, brand value and risk is very real.
Supplier Risk Is Everywhere … but Where?
For one thing, more internal players are getting involved in the supplier lifecycle. This is a good thing in one way, in that more eyes and attention on the function increase the oversight and decrease the likelihood of invisible risk creeping in. But, having more cooks can also make everything more complex – you’ll wonder who’s doing what, when issues are being addressed and who has ownership. Finding the right balance is absolutely about collaboration and integrated shared data. Like we always say, you can’t manage what you can’t see, so a single source of data and interconnected workflows ensures all parties have access to the same data at the same time.
According to the Federal Reserve, financial institutions outsource everything from traditional core processing and information technology services, to operational activities such as accounting, appraisal management, internal audit, human resources, sales and marketing, loan review, asset and wealth management and procurement. Add to that the increase in products, services and delivery channels requiring third-party vendors and/or their technology services, and that leaves a lot of potential openings for risk to creep in.