We were recently asked if there is a certain size threshold at which an institution should or should not consider outsourcing. The discussion led to a lot of thoughts – but when it came down to our recommendation, it had very little to do with the institution’s asset size. Instead, the decision really comes down to several key considerations.
5 Key Considerations
1. Does your financial institution have a well formed third party risk management program? If so, then you’ve likely already considered how many people and what skill sets are needed.
2. Does your financial institution have sufficient staffing dedicated to the third party risk program? Let’s face it, salary and benefits are huge line items and perhaps you simply don’t have enough resources – that could be a good time to consider some outsourcing.
3. Does your institution have people with expertise in cybersecurity, information technology, business continuity and financial risk analysis? These are all fairly specialized fields and good, qualified people can be very expensive. Outsourcing to an independent set of experts can be an expense savings.
4. Have you considered independent validation of your processes? Again, sometimes “we can’t see the forest because of the trees” – as you’re so wrapped up in how you do things, it’s easy to lose sight of best practices in the industry.
5. Have you kept up with the regulations and how to try to adapt them to such rapidly evolving technology? The FFIEC recently released Appendix E, new regulations are coming out from FinCEN… in fact, a recent report indicated that 69 regulatory changes were released in the first quarter 2016. Outsourcing portions of the process can buy you valuable time to keep up and also take advantage of independent expertise who are keeping up across multiple institutions.
Outsourcing Vendor Management Creates Efficiency
Let’s be clear – you can never outsource your responsibility to have a well-documented, highly effective third party discipline, but you can certainly outsource portions of it. At the end of the day, it doesn’t come down to the size of the financial institution but a strong consideration of the 5 questions above.
Whether it’s cost savings, resource allocation, specific expertise needed or any of a number of other factors, creating an efficient process for managing your third party risk can also create a real strategic advantage.