Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution.
When most bankers and credit union executives think of concentration risk, they think of lending—but concentration risk has a different meaning when talking about third-party vendor management.
Regulators are looking at two main concerns:
Chances are you’re looking at this list and thinking you’ve already covered this territory with operational, credit and transaction risk—and you’d be right. In fact, the OCC includes concentrations under operational risk.
But the Federal Reserve takes a different position, expecting banks to specifically consider concentration risk when considering new vendors and managing existing ones. The good news for banks regulated by the Federal Reserve is that this shouldn’t require too much extra effort as long as the risk management is working cohesively with information shared freely. The bad news is it’s still some extra work.
So how do institutions manage concentration risk? There are two choices:
That decision should be based on a bank’s strategic goals and risk tolerance. But no matter the choice, make sure you can demonstrate thorough due diligence and documentation.