Regulatory concentration on third-party risk issues continues to build, and more talk about fintech partnerships underscores the fact that both partnerships and traditional vendor relationships are under scrutiny.
The due-diligence process that banks must go through to vet third parties frequently means much manual attention to detail and a good deal of repetitive work for the vendors. Individual banks’ due diligence questionnaires and forms frequently differ in structure, necessitating much nitty-gritty involvement by vendors in each request.
The universe of third-party relationships is vast. For a large financial services holding company, between 10,000 and 20,000 suppliers or partners may need to be vetted, according to the estimate of Abel Clark, CEO of the new company TruSight. Clark notes that each evaluation is resource-intensive and requires a great deal of expertise to handle.
A consortium of four very large financial services companies, after two years of discussions, formed TruSight, designed to conduct third-party risk assessment reports of potential partners and vendors that meet regulatory requirements. The idea is to enable multiple banks to share a common source of due diligence research compiled company by company, but at a fraction of the time and cost necessary if each bank tackled the assessment on its own, from scratch. Reports will be made available through a secure server.
Collection of reports anticipated
The consortium is developing a “library” of due diligence reports that banks and other financial companies can draw from rather than performing their own third-party risk assessments. Initially, says Clark, the collection will be stocked from reports compiled by the founding members of the consortium—American Express, Bank of America, JPMorgan Chase, and Wells Fargo.
As other banks request reports on a particular vendor, if an up-to-date one is not already “in stock,” on the list of completed reports, TruSight’s experts will develop one in reaction to the request.
Banks will be charged per report, with no subscription or other ongoing fee being required. Clark expects that as banks begin to avail themselves of the service they will begin by submitting series of requests to bring their vendor and partner due diligence records up to date from “the library.”
Updates to reports produced would also be included in the service. Institutions must periodically refresh their due diligence on third parties, the frequency varying with the nature and importance of the relationship. Clark said a cloud services vendor would be seen as more critical than the bank’s paperclip supplier.
Both the initial evaluation and any update required may necessitate an on-site visit from an evaluator as well.
No charge to vendors and partners
Clark says that the plan at present does not include charging vendors for the evaluations. The service will be available to investment banks, wealth management firms, asset managers, credit card companies, insurers, and community and regional banks.
“TruSight combines innovative technology with expertise and best practices from TruSight and the founding financial institutions,” a FAQ on the company website states. “TruSight wasn’t formed simply to assess third-party vendors and offer data and reports, it was established as part of an industry-initiated effort to transform and simplify the way financial institutions manage third-party relationships and risk.
TruSight plans to make its services available in early 2018.