Know Your Vendor: The Risky Business of Third-Party Relationships
Dan discusses a recent feature looking at how firms deal with vendor risk.
I spent last week discussing the potential demise of the entire vendor ecosystem, so I feel it's only fair to stay in that mindset by highlighting another weakness of the space.
This week we ran a story from our sister publication, Risk.net, which details how operational risk experts go about dealing with third-party risk. The story, entitled "Grappling with Vendor Risk Rules", which was written by my colleague Steve Marlin, was a fascinating look into an issue that every firm in financial services deals with to some degree.
No Easy Task
Vendor risk management is truly a monumental task. Take this excerpt from the story as an example:
For instance, one US bank has 250 full-time equivalent employees devoted to third-party risk management. The team oversees around 2,000 traditional vendors and a further 32,000 non-traditional vendors. The latter category includes about 10,000 auto dealerships through which the bank offers indirect lending services and 8,000 commercial and residential appraisers that support its mortgage business.
The article brings up an interesting point when discussing regulations around third-party risk management. Many have questioned whether regulatory bodies, such as the US Federal Reserve Board and the Office of the Comptroller of the Currency (OCC), have gone too far.
How Far?
Fourth-party risk in particular seems a bit overboard. If my firm hires a vendor who then hires another vendor to help provide the service/product I purchased, there is only so much I can do to protect myself. Sure, I can make sure the vendor I'm communicating with has the necessary governance in place, but that only goes so far.
At the end of the day, how overbearing can a firm be before the vendor pushes back. Granted, a firm is certainly entitled to ask any questions it has about subcontractors a vendor might be using, but where do you draw the line.
In the story, Bob Kellner, a senior vice president responsible for operational risk management and corporate control programs at US Bank, says his firm has an inventory of subcontractors their vendors use. The list isn't necessarily all-encompassing, focusing only on ones the bank deems "strategic."
That's all well and good, but lest we forget Target was breached through its HVAC vendor. Will firms really think to consider these types of subcontractors "strategic"?
The story is a good look at the overall space and definitely worth a read. So do yourself a favor and check it out here.
This week on the Waters Wavelength podcast ─ Episode 10: Markit-IHS Merger, FIA Boca
If you haven't already, subscribe to the podcast on iTunes here. Also, check out our SoundCloud account here.
Food for Thought
- If you're interested in my feature on open source, it should go live next week. To get a preview of what's to come, check out this audit I did of open-source projects firms are currently working on.
- Speaking of analysis pieces, I looked at treasury management and why the space is prime for electronification. Read more about it here.
- We are now under a month away from North American Trading Architecture Summit 2016, which is held in New York. For more info on the event, click here.
- One last note: This Sunday is WRESTLEMANIA! (Yes, I still watch wrestling.) The main event is a Hell in a Cell between the Undertaker (yes, he still wrestles) and Shane McMahon (yes, Vince's son). For those of you unaware of the history of these types of matches, I leave you with a seminal moment in my childhood: Long Island's own Mankind getting thrown off the top of Hell in a Cell by the Undertaker.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
Bank-led consortium takes aim at position reporting
Five banks, including Barclays, BNP Paribas, Goldman Sachs and HSBC, have joined forces to mitigate interpretation and implementation errors in position reporting disclosures.
Verafin launches genAI copilot for fincrime investigators
Features include document summarization and improved research tools.
Waters Wrap: Open source and storm clouds on the horizon
Regulators and politicians in America and Europe are increasingly concerned about AI—and, by extension, open-source development. Anthony says there are real reasons for concern.
DSB says industry is ready to meet UPI mandate ahead of deadline
The Unique Product Identifier will be required for certain OTC derivatives in the EU at the end of April, following US adoption in January.
‘Very careful thought’: T+1 will introduce costs, complexities for ETF traders
When the US moves to T+1 at the end of May 2024, firms trading ETFs will need to automate their workflows as much as possible to avoid "settlement misalignment" and additional costs.
Court case probes open-source licenses as movement stands at crossroads
The Software Freedom Conservancy’s lawsuit against TV-maker Vizio begins trial in California, raising questions about open-source licenses and the risks posed by adhering to them.
Waters Wavelength Podcast: Countdown to T+1
DTCC’s Val Wotton joins the podcast this week to discuss the impending move to T+1 in the US.
Consolidated tape hopefuls gear up for uncertain tender process
The bond tapes in the UK and EU are on track to be authorized in 2025. Prospective bidders for the role of provider must choose where to focus their efforts in anticipation of more regulatory clarity on the tender process.
Most read
- Chris Edmonds takes the reins at ICE Fixed Income and Data Services
- DTCC urges affirmation focus ahead of T+1 move
- FactSet looks to build on portfolio commentary with AI