Hi I'm Branan Cooper, I'm the Chief Risk Officer here at Venminder. And welcome to Third Party Thursday. Today we are going to talk a little bit about board reporting.
The regulator guidance is clear - you must keep your senior management team and your board informed on developments
within your third party risk management program, particularly on activities related to critical third parties. But what does that look like in the real world?
Well for starters, you should carefully evaluate which meetings need to be established and which ones need to be attended regularly. You need to establish a sustainable, repeatable circuit of meetings. Perhaps updating your risk committee monthly and your board quarterly and anyone needed if something dramatic occurs.
You should also make sure all this is captured in writing. The guidelines should be spelled out in the third party risk management program
and be evident in your institutions enterprise risk policy. It's not sufficient enough to submit a stack of reports. You should evidence the discussions in the minutes of the relevant meetings.
Obviously, as there are new third parties vetted and approved, you want to note that in the report as well. Similarly, if there's significant changes or terminations of third parties, you need to include that as well. Again, besides just being a regulatory requirement, one of the best ways of getting the full support of your board and senior management is to keep them regularly informed.
I'm Branan Cooper and thank you for watching! If you haven't already, subscribe to the Third Party Thursday series.