Banks and financial institutions are increasing their relationships with third parties. In many cases, these collaborations involve key organizational functions, such as partnerships, outsourcing and contracting. In every case, they invite the possibility of serious institutional risk.
Concerned about the quality of risk management conducted by banks and financial entities in governing their (often complex) third-party relationships, the Office of the Comptroller of the Currency (OCC) has issued a bulletin designed to inform national banks and federal savings associations about the risks related to third-party relationships, and guide them in effective risk management.
These guidelines are particularly relevent in the wake of New York State's top financial regulator, Benjamin M. Lawsky, emphasizing the risk posing the financial system from third-party vendors: "It is abundantly clear that, in many respects, a firm's level of cybersecurity is only as good as the cybersecurity of its vendors." Entities wishing to collaborate with third parties should adopt the guidelines as best practices, ensuring that all activities are performed in a safe, compliant manner.
The OCC identifies eight specific areas wherein financial institutions must make substantial improvements. These include:
Although these guidelines are a great start in helping banks manage third-party risk, they're far from perfect. Compliance with new or updated guidance will require banks to make additional investments in processes, technology and human resources — investments that may not align with their current strategies. And despite their enhanced due diligence and clearer vantage points, banks cannot prevent all third-party incidents (for example, data breaches).
Today, banks exchange huge amounts of information with third-party networks — in turn, components of each network connect to other institutions and services. As a result, every relationship and connection introduces potential risks and threats to the bank system. And while this guidance offers a great start for banks seeking to assess and effectively manage third-party risk, experts concur that further guidance is required in a variety of areas, such as cybersecurity. Now a priority at the government level and a growing issue nationwide, it's vital that banks and financial institutions be protected from cybercrime.
It's time to consider risk management a necessary step to reach a new model of banking that efficiently addresses risks and is able to reduce overall costs.
Photo Source: Flickr