If you don’t read anything else this week on vendor management, read this! Recent studies by Protiviti and Crowe Horwath show that vendor risk management maturity has improved significantly, but there is still a long way to go. Our own recent survey on vendor risk management uncovered this as well - click here to read our State of Vendor Management 2017 whitepaper.
Vendor management can be your Achilles heel or it can be your saving grace. The requirements of vendor management have grown and evolved significantly over the years. And with that, there is a wide chasm between the reality of where most institutions are, where they aspire to be and where their regulators say they need to be.
Just in the past few months, the industry has seen major enforcement actions with First National Bank of Omaha (FNBO), HSBC and just last month, First Tennessee, all around the use of add on products, such as credit life insurance and identity theft protection.
The penalties of non-compliance are great. On March 6, 2017, Community Bank Insight published an article reporting that 2/3 of the CFPB’s enforcement actions have been tied to UDAAP (unfair, deceptive, abusive acts or practices) violations.
And, if you look at Payment Law Advisor and go through their handy UDAAP actions tracker, you will see many of these violations are squarely focused on the failure of an institution to oversee the actions of a THIRD PARTY.
Fortunately, given the right time and attention, the payoffs can be great. There's a real strategic advantage in doing third party risk management well, such as:
That should be a clear call to take action today - dust off your policy and program, consider the opportunity to do things better and to stay out of the headlines by making your practices a model for best in class performance.
And for help in creating a vendor management policy, program and procedures, download our Vendor Management Umbrella infographic series.