Welcome to today's Third Party Thursday! My name is Branan Cooper and I'm the Chief Risk Officer here at Venminder.
There is an old saying that goes, "an ounce of prevention is worth a pound of cure". Perhaps there is no better example than in the world of third party risk management. When you think of the amount of clean up that is required after a problem, with the benefit of hindsight, you'll likely wish you'd taken a few proactive steps to have prevented the problem altogether.
Let's look at a few common examples:
1. Contract Management
- if you don't have a well run system for handling your contacts, you may be missing some real opportunities to stave off disaster - having strong provisions for service level reporting
may alert you to problems with customer service early on, tracking contract renewal terms is vital so that you don't accidentally allow a large contract you wanted to terminate simply autorenew, and a poorly written contract exposes you in countless ways.
2. Information Security
- follow your customer's data, wherever it goes. Consider who has access, even second hand access
- remember the massive Target breach was actually facilitated by an HVAC provider's credentials being compromised. A recent study says that a data breach can cost between $130 and $170 for each record...that's a lot of money that could have been avoided by taking strong steps in information security on the front end.
3. Financial Analysis
- let's face it - financials are tough to get if you're dealing with a small privately held company, but if they are providing a vital service to your institution, you need to do everything you can to gain comfort around their financial health
. You don't want to wake up one day and find out they've suddenly gone out of business.
These are just a few things to consider - many more in future posts. Remember, what you don't know will hurt you. Again, I'm Branan and thank you for listening! Don't forget to subscribe to the Third Party Thursday series.