Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution.
Ben Franklin once wrote that “Glass, china and reputation are easily cracked, and never well mended.”
It’s a lesson that many financial institutions have learned the hard way as they’ve entrusted their reputation to third-party service providers whose mistakes have caused material damage. Whether it’s lawsuits, outages, fraud or data breaches, consumers notice bad headlines and take their business elsewhere.
Consider the headache $18.4 billion-asset First National Bank of Omaha faced earlier this year when it came out that its credit card add-on vendor charged customers for credit monitoring services they didn’t receive.
Neither customers nor regulators differentiated between the bank and its vendor—blaming the bank for ripping off customers. Not only did the bank pay millions in penalties to the CFPB and OCC, the bad publicity of newspaper headlines costs the bank in customer goodwill. Who knows when the bank will regain this loss of public trust?
Vendor mistakes like this can hurt a financial institution’s reputation, according to the FDIC and OCC, when they cause:
While there’s no guarantee that vendor actions won’t damage an institution’s reputation, thorough due diligence can help an institution gauge the risk a particular vendor poses and mitigate those risks. It just takes some digging. The good news is that almost all of those sources are publicly available and easy to find if you know where to look.
It also helps that that many of these reputation risks overlap with other common risks including operational risk, transaction risk, compliance risk, cyber risk and cloud risk. FIs that use a comprehensive approach to vendor management will be best able to leverage existing work in these areas to quickly, efficiently and thoroughly assess reputation risk.