Banking Exchange Magazine Logo

Third-party supplier risk management gaining

But challenges remain in integrating technologies

Third-party supplier risk management gaining

Financial services organizations continue to make significant strides in managing third-party supplier risk, according to an Ernst and Young LLP survey.

However, challenges persist in the areas of overall organizational knowledge, right-sizing staffing models, optimizing cycle times, and integrating technologies across the end-to-end third-party lifecycle.

“Given the increased regulatory scrutiny, it is not surprising that organizations are taking a closer look at their third-party populations, bringing more of them under the scope of their programs, and focusing more closely on risk segmentation,” says Chris Ritterbush, executive director, Ernst and Young LLP.

Taking hold, but tasks remain

The fifth annual EY study of third-party risk management across the financial services industry found that as organizations have finally absorbed the initial impact of sweeping regulatory change in 2013 and 2014 and have solved for core process expectations, many organizations are still adjusting the scope and scale of their risk management programs.

At the same time, survey respondents cited a lack of knowledge across business functions and a widespread lack of integration across third-party risk management tools as significant barriers to greater progress and a focus for the coming year.

“Financial services organizations are doing a better job of getting their arms around third-party risk,” says Ritterbush. “But there is still a lot to be done, especially in knowledge sharing across business areas and technology, where many organizations continue to rely heavily on spreadsheets to conduct vendor assessments.”

The survey of 49 global financial services organizations included professionals in the retail and commercial banking, investment banking, insurance, and asset management sectors.

Digging into the details

Key insights from this year’s survey include:

Financial organizations are becoming more alert to supplier risk: 71% of organizations said they conduct regulatory compliance reviews pre-contract, up from 47% in 2014.

And 39% of organizations surveyed reported that all third parties require some form of risk assessment, a significant increase from 19% from 2014.

Business unit support continues to be challenging: 71% of respondents said they were either neutral or faced challenges with business unit support in executing program requirements. This indicates continued challenges in the areas of business risk culture.

Many organizations lack the right tools: 90% of respondents felt neutral or negative about how well third-party risk management tools integrate and capture the overall risk for reporting purposes.

Additionally, nearly half of all organizations polled (49%) said it would take a week or more to pull a report on third parties using specific criteria. This points to a data challenge underpinned by a disconnect between procurement and third-party risk management systems.

Communication—especially with the board—is improving: 35% of respondents said they report third-party breaches to the board, while 71% report them to senior management. In a sign of progress, however, 43% said they report critical third parties issues to the board, up from 26%.

“It is encouraging to see that management has recognized the importance of managing third-party risk and has committed to increasing their investments and resources to help organizations meet the expectations of customers, clients, shareholders, and regulators,” Ritterbush says.

Download the study Shifting Toward Maturity [PDF]



John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at [email protected]

back to top


About Us

Connect With Us


Webinar: Real-Time Payments in the U.S. Market

Time/Date: June 16, 2021 2:00 p.m. ET

The U.S. has come a long way in its journey to real-time payments, with TCH and Zelle in market and FedNow just around the corner. COVID-19 has accelerated that demand to move to real-time. Yet many financial institutions remain unconvinced of the need to move, with less than 3% of financial institutions signed up today.

In this Banking Exchange hosted webinar Celent’s Gareth Lodge, Senior Analyst, Global Payments, and Alacriti’s Mark Ranta, Payments Practice Lead, discuss the findings in the Celent research report, Real-Time Payments in the US Market: Speeding Up or Slowing Down? A Call to Arms.


This webinar is brought to you by:
Alacriti logo