(270) 506-5140 CONTACT US
Due Diligence

Creating A Culture of Compliance for Third Party Risk Management

Jan 11, 2017 by Branan Cooper

With the new year, you may reflect upon how things are going within your bank or credit union's third party risk management program. Make sure your team is on the same page.

I was recently at a conference sponsored and hosted by The Wall Street Journal on the financial services regulatory environment. It was a really good conference, featuring senior government officials from many of the major regulatory agencies. And, I noticed a theme, particularly from the Department of Justice - creating a culture of compliance.

Culture of Compliance

The Wells Fargo crisis was an easy example where they “talked the talk" (even committed it to writing about compliance expectations) but failed to "walk the walk”.

While being careful to edge around whether an actual crime occurred or if a criminal case is forthcoming, the officials openly asked when was management aware of the practices and what did they do to curtail it.

Having a culture of compliance would ensure everyone involved with third party risk management is working together with the same key points of knowledge. 

How to Create It

Creating a culture of compliance requires:

1. Making sure that every person – yes, every single person – understands they have a role in making sure the institution plays by the rules 
2. Everyone understanding that there are real consequences for violating the rules
3. Senior management setting “tone from the top” – hammering home the expectations that compliance risk is every bit as important as credit risk and operational risk

To learn more about the need to create a culture of compliance, I highly recommend the book “The New Era of Regulatory Enforcement” by Richard Girgenti and Timothy Hedley. It’s an excellent resource, particularly chapter 2 on “Raising the Bar,” on what it means to have a fully functioning compliance program. I use it often.

Having strict rules and abiding by them carefully take real work but it’s vital to the success of the institution and the right thing to do for the consumers.

Along with having a good culture for third party risk management, make sure your team is also doing these 10 best practices.

10 Best Practices of Really Good Vendor Managers Infographic

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper

Subscribe to the Venminder Blog