Sometimes, but it doesn’t replace the need for vendor risk management Some institutions try to simplify vendor management by picking the biggest vendor in each category. Going big lets them play it safe—or so they think. But choosing the largest vendor is no replacement for solid vendor management. Big vendors can offer a lot of […]
Banks accustomed to thinking of risk management as a point-by-point checklist should take note of the OCC’s Semiannual Risk Perspective for Fall 2016. Released in January, the document reinforces the agency’s enterprise wide approach to risk management, particularly when it comes to vendor management. Third-party risk management made cameos in several discussions of risk including: […]
Ever wish for a list of exactly what an examiner is looking for? When it comes to the Office of the Comptroller of the Currency and third-party vendor management, your wish has been granted with the OCC’s Bulletin 2017-7, Supplemental Examination Procedures for Risk Management of Third-Party Relationships, released on January 24. The procedures aren’t […]
It’s bad enough to be hit with a regulatory consent order. Now imagine the expense and public relations nightmare when those proceedings drag on for years. Just ask Fidelity National’s subsidiary ServiceLink. This week the Fed, FDIC and OCC fined the company $65 million for improper actions taken by its predecessor company, Lender Processing Services, […]
Well-capitalized, well-managed banks with less than $1 billion in assets must have been on the regulators “nice” list last year. The federal banking agencies, including the FDIC, the Fed and the OCC, have finalized rules permanently extending the exam cycle from 12 to 18 months. It’s a huge sigh of relief for these banks, but they shouldn’t […]
Vendor risk management is an ongoing process—one that begins with due diligence before a contract is signed and continues with monitoring throughout the length of the relationship. This blog series on the Top 10 risks will help you more effectively address how third-party vendor risk throughout every department in your financial institution. #3 Cybersecurity Risk In […]
When most bankers and credit union executives think of concentration risk, they think of lending—but concentration risk has a different meaning when talking about third-party vendor management. Regulators are looking at two main concerns: Over-reliance on a single vendor & geographic concentration.
Compliance risk is the danger financial institutions face when they outsource product and service delivery to third-party vendors. It’s not a rare occurrence. FIs are regularly called out by regulators when their vendors fail to follow the rules.
Strategic risk is the possibility that a company doesn’t make decisions that support its long-term goals. Companies that aren’t managed well and make poor strategic decisions may provide sub-par products or services or even close shop.
Ben Franklin once wrote that “Glass, china and reputation are easily cracked, and never well mended.” Reputational risk is present any time a vendor enters the picture, so it makes sense to spend the necessary time and resources to choose only those vendors who have proven to be trusted and valuable partners.