Hi! Welcome to Third Party Thursdays. My name is Cindy Horn, and I’m the Chief Operations Officer here at Venminder. Today we’re going to talk about What can you do now to prepare for next year. So let's get started.
So, what can you do now in preparation for next year? There’s actually quite a lot, depending on the maturity of your third party program.
First, thinking of the OCC bulletin 29 of 2013 – you need to make sure your program incorporates all of these elements and really is not a static one time consideration of risk and review but an ongoing process.
Second, depending again on the maturity of your program and level of staffing available, I think it’s a good idea to have a fully centralized process – decentralized means you’re always reliant on others to do certain activities which can lead to some real challenges in promoting consistency. If at all possible, particularly the contract process, getting it all under the control of a third party risk management team is a good idea. The team should be independent of the lines of business and report to senior management, audit committee, enterprise risk or the board.
There are several very important reasons for it to be independent – primarily so that it’s not influenced by the particular goals on an operating area or forced to be deprioritized when other hot topics emerge. That does create some challenges as well to make it have the right level of influence alongside of other business areas.
I’ve seen models where third party risk sits inside the IT department or within the accounts payable and I really think the problem there is you’re always at risk of simply pushing for a favorite supplier or having the control become a cost exercise rather than a risk based approach.
Finally, Excel and word documents simply aren’t enough these days – particularly if you’re managing hundreds or even thousands of third parties – it can be very taxing on resources if there is new guidance that requires you to go back and update the third party document. That would be a nightmare in Excel. Also, generally, automated solutions are built with robust scheduling and reminder and reporting functionality and is built on the collective wisdom of many institutions.
I’d also suggest reaching out for assistance outside the organization when needed – there is real value in getting a highly educated independent validation or advice, particularly on some of the more complicated items.
Finally, when you’re spending real money or investing significant time on education or webinars or conferences into your vendor management activity, make careful note of it and track it – it’s important, not only for your budget, but also so that you claim some credit for the significant investments made by your institution in terms of time, money and talent in properly managing your vendors.
Again, I’m Cindy and thanks for watching. Don’t forget to subscribe to next week’s Third Party Thursday video.