(270) 506-5140 CONTACT US
Login
Cybersecurity

Vendor Management Takes a Village or At Least a Team

Jan 31, 2018 by Branan Cooper

I will admit I was surprised to learn that even the largest companies may have third party risk sitting on the corner of ONE person’s desk. Worse yet, it is often times just ONE FACET of a busy compliance officer’s job.

In today’s world, that simply doesn’t work. A well-managed program, if handled largely in-house, requires a team of people, who can span the various pillars of third party risk management.

2 Main Reasons Why Vendor Management Takes a Team

Two main reasons uncover why vendor management is more effort than one person can handle. They are:

  • You have to cover all pillars. You have to go through your vendor list of potentially hundreds of vendors and perform due diligence, risk assessments, ongoing monitoring, reporting and contract reviews.
  • There’s ongoing work. Ever since the Office of the Comptroller of the Currency (OCC) issued Bulletin 2013-29 in October 2013, we’ve had to grapple with the very real dilemma that third party risk is an ongoing lifecycle. This means, keeping up to date on all the pillars on a continuous basis for those hundreds of third parties.

The Third Party Risk Management Team You Need

If you’re handling it all in-house, you likely need:

  • A person dedicated to each of the vendor management pillars but also cross-educated to help out at high workload times with other areas of third party risk.
  • You must have real subject matter expertise in financial analysis, business continuity planning and information security. When is the last time you met someone who had all of that experience?

All of this is troubling for a small or even mid-sized company when profit margins are extremely tight and the focus of controlling expenses argues against hiring additional dedicated staff.

In those cases, outsourcing to a team of experts can help. In that situation, make sure the team you are hiring is:

  • Well-educated
  • Easily accessible
  • Responsive to your needs

Setting up a team of talented individuals to cover third party risk at your company will lead to proper vendor management and security.

And, within your team, make sure you keep up with cybersecurity, download our infographic.

Regulatory Developments Impact Your Next Vendor Management Exam eBook

Branan Cooper

Written by Branan Cooper

Branan Cooper is the Chief Risk Officer at Venminder. Branan has nearly 30 years of experience in the financial services industry with a focus on the management of operational and regulatory processes and controls—most notably in the area of third party risk and operational compliance. Branan leads the Venminder delivery team as the third party risk management subject matter expert in residence. Branan also serves as an industry thought leader. He's a member of InfraGard and the Professional Risk Management Industry Association (PRMIA). And, he was selected in 2018 as an advisor to the Center for Financial Professionals (CEFPro) and board member for the Global Sourcing Resource Network (GSRN).

Follow Branan Cooper
Subscribe--Bg.jpg

Subscribe to the Venminder Blog