Survey of financial services and financial technology companies reveals current processes and challenges faced in 2019.
DOWNLOAD NOWClients love Venminder because the tools are user friendly and you have an entire firm behind you to manage the everyday risks associated with third parties.
READ STORIESVendor management oversight is now recognized as a unique discipline which you can successfully outsourced.
LEARN MOREYou must define specifically who will be a part of your third party risk management program and also, equally important, who is out.
Infographic: Identifying Critical Vendors - 3 Fool-Proof Questions
Guide: Vendor Due Diligence
Hi! Welcome to Third Party Thursday. I'm Branan Cooper, the Chief Risk Officer here at Venminder. Today we're going to talk a little bit about defining the scope of your third party risk management program. Defining the scope is one of the most fundamental and also one of the most important activities in your entire third party risk program. It is absolutely crucial that you know who is in the program and who is out and why.
Clarity is important. You need to define specifically who's going to be a part of the program, the selection criteria and also the exclusion criteria is equally important to determine who needs to be out of the program. A best practice is to start with accounts payable. Identify a certain threshold amount and all the third parties then pay that amount or more.
You can then have a list, probably of thousands, but then you go to the various lines of business and consult with them to figure out which ones need to be actively managed. Actively managed is an important concept because, again, you're going to be putting through all the paces of the third party risk management program, including the appropriate selection criteria, doing a risk assessment, ongoing due diligence, ongoing monitoring, reporting to your board and senior management and hopefully managing the contracts in a centralized manner to ensure they include all the appropriate provisions.
It's important then that you also go back to lines of business on a regular basis and reverify them hopefully it's often as annually. If not, more frequent in certain cases. You need to work with senior management to keep them informed, specifically on changes around third party risk management, changes in the risk profile and ones that you may want to terminate a contract on, as an example, are things you want to bring to your board's attention. The board and senior management involvement is directly dictated by regulatory guidance.
Again, I'm Branan Cooper. Thanks for watching. And don't forget to subscribe to receive notification of next week's Third Party Thursday video.