Very recently, I had the opportunity to be a featured expert in Venminder’s Thought Leadership interview series. In this series, Venminder speaks with industry thought leaders to hear their perspective and advice on third party risk, best practices and trends. I’m looking forward to sharing with you some of the key takeaways from my discussion with Branan Cooper, Venminder’s Chief Risk Officer. You can also check out the podcast here.
During our time, we covered:
- Third party risk challenges and best practices
- Ongoing monitoring trends and shifts
- Consumer complaints
- Future regulatory changes
- And more…
As CEO of Argos Risk with more than 30 years in the industry, I’m frequently exposed to the many ongoing vendor monitoring challenges that organizations face daily. With that, over the last 12 months I’ve seen quite the shift in ongoing monitoring patterns and trends at organizations. Risk professionals are feeling the pressure to ensure they’re performing ongoing monitoring and that they’re doing it very well. Therefore, they’re seeking automated third party risk tools more and more to assist them with the responsibility as manual alerts, like Google News, just aren’t cutting it anymore.
Third Party Risk Challenges
Branan and I took some time to discuss the biggest third party risk challenges right now. Here are the top three that I see:
- Setting the right mindset. In third party risk, you must understand that it’s a strategic imperative.
- Underfunding of risk mitigation efforts. There are many organizations who simply haven’t allocated the correct budget to third party risk and are utilizing Excel spreadsheets still which is quite the challenge in today’s increasing regulatory environment.
- Understanding the information being collected. You really need to have documented risk scores, classifications, in-depth risk assessments and an understanding of SOC reports, financials, reputational information, etc. We’re hearing from examiners that this is often not the case when they arrive on-site at an organization to perform an examination.
Third Party Risk Best Practices
Thankfully, there are best practices that can help combat the many third party risk challenges that you’re presented with every day. Branan and I chatted about some in more detail. They include:
- Focus on quality, not quantity. You can collect tons of due diligence; however, if you’re not thoroughly analyzing the documentation to verify it is pertinent to the product or service you’re utilizing then the effort is essentially pointless.
- Obtain concise data. To the point data is the best data. It’ll save you from sifting through information that isn’t going to get you to your end goal.
- Invest in proper alerting. You don’t necessarily need all the “fluff” alerting. You need alerts from trusted vetted sources that get to the point by sharing the key facts necessary for you to be able to make informed decisions.
Staying Abreast Ongoing Monitoring
Offering a vendor monitoring solution to over 30 industries has given me some additional insight into the common needs at many different company types. I’m finding that many industries are mirroring the same level of due diligence and best practice expectations that are implemented at financial institutions – for example, insurance and healthcare. This seems largely due to financial institutions requesting other industries, their third parties, to increase their level of oversight before they will engage in a partnership with them.
Additionally, remember that staying abreast industry news is key to ongoing monitoring. Regulators, just like all of us, are watching the daily news. They see each breach, operational disruption and other business impacting events. Of course, because of this, they continue to increase regulations and take preventive measures.
Consumer Complaints – A Major Focus
Branan and I discussed consumer complaints briefly as these have become a focal point with the introduction of the CFPB’s complaint database and more and more social media complaints. In my experience, you must study the behavioral trends in consumer complaints, meaning really analyze them by looking at the CFPB complaints database as well as other complaint boards and then determining how each one impacts your organization. When you’re reviewing the complaint, ask yourself things like, “What kind of follow up analysis needs done?” and “What potential long-term effects is this going to have on us?”
4 additional tips for reviewing complaints include:
- Determine what the complaint is
- Determine the validity of the complaint
- Test the impact of the complaint on your organization’s performance
- Take action based on your findings
Do not just look at a complaint and forget about it. It’s critical to determine next steps and address the accusation. If your third party is receiving a ton of complaints lately, then it may be time to reconsider the partnership. Do you need to identify a back-up vendor, to be safe, or replace them altogether?
A Look to the Future
Branan asked me an interesting question. He said, “With all the recent changes in leadership at the prudential regulators, what do you see for the rest of the year from a regulatory compliance perspective?” Well, put frankly, no one ever really knows what the prudential regulators are going to do next. However, some shifts that I predict include:
- A shift to having more consistent standards in place (e.g., regulators are moving from a deposit requirement and financial viability focus to now weighing in more factors).
- More requirements which will equal more scrutiny on daily vendor management functions and responsibilities.
I enjoyed my time speaking with Branan and the Venminder team. Looking forward to the next opportunity to continue our discussion.
See what steps the best vendor managers take to get the job done. Download this infographic.