I was chatting recently with a colleague of mine and realized that depending on your role, you could have different opinions regarding the goal of third party risk management.
She said the real test of third party risk management is to make sure they are ready for their annual regulatory examination. I told her I very respectfully disagreed. Having been a third party risk manager at a couple of different banks, I knew that the exam is a constant thought, but hardly my guiding compass.
If you are in third party risk at any institution, what is your primary concern? It’s the day-to-day activities.
8 Aspects of the Real Job
Here are the things that kept me up at night:
1. Do I have the support of senior management and the board?
2. Are the lines of business keeping me informed and involved?
3. Are my processes well documented and accurate?
4. What problem might I encounter and am I prepared?
5. Is my program up to date and do our actions match our words?
6. When I go to work tomorrow, if I find a huge problem, am I well prepared?
7. Have we cut a corner and left something unattended?
8. If we need to terminate XYZ corp quickly, can we?
The exam is like a final exam in school; important but an abstract afterthought for 11/12th’s of the year. The work we do every day prepares us for it. My biggest concern every day is, “What have I done to make things a little better today?” So, not in preparation for an exam but for the real life stuff that happens every day.
My biggest concern isn’t the teacher who may grade me once a year, but the real and looming need to do things right every single day for the safety of the financial institution and its customers/members.
To learn about due diligence documentation, download our infographic.