Menu
Banking Exchange Magazine Logo
Menu

Third-party supplier risk management gaining

But challenges remain in integrating technologies

Third-party supplier risk management gaining

Financial services organizations continue to make significant strides in managing third-party supplier risk, according to an Ernst and Young LLP survey.

However, challenges persist in the areas of overall organizational knowledge, right-sizing staffing models, optimizing cycle times, and integrating technologies across the end-to-end third-party lifecycle.

“Given the increased regulatory scrutiny, it is not surprising that organizations are taking a closer look at their third-party populations, bringing more of them under the scope of their programs, and focusing more closely on risk segmentation,” says Chris Ritterbush, executive director, Ernst and Young LLP.

Taking hold, but tasks remain

The fifth annual EY study of third-party risk management across the financial services industry found that as organizations have finally absorbed the initial impact of sweeping regulatory change in 2013 and 2014 and have solved for core process expectations, many organizations are still adjusting the scope and scale of their risk management programs.

At the same time, survey respondents cited a lack of knowledge across business functions and a widespread lack of integration across third-party risk management tools as significant barriers to greater progress and a focus for the coming year.

“Financial services organizations are doing a better job of getting their arms around third-party risk,” says Ritterbush. “But there is still a lot to be done, especially in knowledge sharing across business areas and technology, where many organizations continue to rely heavily on spreadsheets to conduct vendor assessments.”

The survey of 49 global financial services organizations included professionals in the retail and commercial banking, investment banking, insurance, and asset management sectors.

Digging into the details

Key insights from this year’s survey include:

Financial organizations are becoming more alert to supplier risk: 71% of organizations said they conduct regulatory compliance reviews pre-contract, up from 47% in 2014.

And 39% of organizations surveyed reported that all third parties require some form of risk assessment, a significant increase from 19% from 2014.

Business unit support continues to be challenging: 71% of respondents said they were either neutral or faced challenges with business unit support in executing program requirements. This indicates continued challenges in the areas of business risk culture.

Many organizations lack the right tools: 90% of respondents felt neutral or negative about how well third-party risk management tools integrate and capture the overall risk for reporting purposes.

Additionally, nearly half of all organizations polled (49%) said it would take a week or more to pull a report on third parties using specific criteria. This points to a data challenge underpinned by a disconnect between procurement and third-party risk management systems.

Communication—especially with the board—is improving: 35% of respondents said they report third-party breaches to the board, while 71% report them to senior management. In a sign of progress, however, 43% said they report critical third parties issues to the board, up from 26%.

“It is encouraging to see that management has recognized the importance of managing third-party risk and has committed to increasing their investments and resources to help organizations meet the expectations of customers, clients, shareholders, and regulators,” Ritterbush says.

Download the study Shifting Toward Maturity [PDF]

 

ThirdPartyEY2016 

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top

Sections

About Us

Connect With Us

Resources