1 (888) 836-6463 CONTACT US
Due Diligence

Alternatives in Third Party Risk Management

May 24, 2017 by Branan Cooper

As you may already know, I’m a cyclist. So, typically, I log a few miles every morning before work, amuse the neighbors by posting pictures of my ride on Facebook and generally enjoy rolling along with little traffic.  

But what happens if my daughter oversleeps and misses her school bus? The day’s routine is now changed because I have to drive her to school. To get the bike ride in for the day, it's time to think of alternatives. So, I move around a few things on my “to do” list and get out for a half hour at lunch. Same goes for third party risk management.

Third Party Risk Management Alternatives

In doing due diligence, you need to take much of the same approach – be organized and be disciplined about your routine and your cadence of activities. You need to prove your work. So instead of, say, Facebook pictures, do it through analysis and documentation. There are times you will need to change your plans, particularly if a third party won’t provide something. 

Examples of This 

Issue: They won’t let you review results of a recent audit.
Alternative: If you’re a bank or credit union, you may be able to get it through your regulator’s office. 

Issue: They won’t release the results of their business continuity test.
Alternative: Set up a discussion and interview the appropriate managers involved. 

Issue: They won't share their financials. 
Discuss with your CFO and potentially host a conversation with their financial team. Perhaps even consider accepting an accountant's statement. 

Issue: They won't discuss their policies and procedures over the phone.
Consider a site visit and tour. You may learn things well beyond just policies and procedures. 

Getting creative and being open to alternatives can help address concerns, prevent gaps and allow for robust documentation. Now let’s hit the road! 

Learn more about vendor document collection. Download our free infographic.

what due diligence documents you should be requiring based on your risk

Branan Cooper

Written by Branan Cooper

Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog