Key Themes from CeFPro 3rd Party Risk Conference, London
The fourth annual CeFPro Vendor & Third Party Risk (Europe) conference was held in London in mid-June. Over 150 attendees were present, representing a wide range of financial institutions and industry exhibitors, including IHS Markit, featuring our KY3P® solution. Below are some of the key themes from the event:
- The growth in outsourcing, and an increasingly robust
regulatory environment across Europe are both significant drivers
towards a growing focus on stronger third party risk management
(TPRM). The European Banking Authority's recent Guidelines on
Outsourcing which apply from 30 September 2019,
require sound governance of third party risk. TPRM is also a key
component of Operational Resilience.
- With thousands of vendors in many cases, firms must be
selective, focussing their efforts proportionately. Vital here is
the proper assessment of inherent risk, as well as
due diligence and monitoring. In scoping their activity, firms
should look beyond vendors and include other third parties such as
exchanges, clearing houses, alliances and charities.
- Cyber breaches are ever growing and firms are
focussing significant resources on monitoring and due diligence,
looking at both third and fourth parties. In a presentation, one
cyber ratings provider described the deeply interwoven dependencies
across third, fourth and fifth parties as a forest with a shared
root system.
- Growing dependencies, and concentration risk
in particular were major topics at the conference, with speakers
and delegates underlining the importance of effective information
gathering, necessary contractual provisions and contingency
planning. The EBA Guidelines focus on this area, defining what is
expected of firms, including maintaining a register of
their outsourcing arrangements. This will enable the
regulators to monitor concentration risk in the region.
- In response to the TPRM due diligence challenge, firms have
turned to technology and to
communities of peers collaborating in their common
interest, creating due diligence tools and standards including
questionnaires and shared assessments.
- On the topic of questionnaires (both internal
and external), the conference heard separately from two speakers
recommending that these are developed with great care, to avoid the
danger of poor quality answers. These can be caused by
misunderstanding the level of audience expertise, or by fatigue or
confusion stemming from jargon-loaded, ambiguous or poorly
structured questions.
- Several conversations highlighted the importance of working closely with vendors, establishing that they have appropriately strong and aligned business continuity arrangements. Specifically referring to Fintech companies, several participants emphasised the mutual value in close collaboration and offering support and mentoring. Unlike a large financial institution, a small Fintech start-up may well lack in-house expertise to enable them to demonstrate the necessary strong risk management practices.
Posted 10 July 2019 by Will Kendal, Product Manager - KY3P®, IHS Markit
KY3P® is the first centralized data hub that simplifies and standardizes third-party risk management processes. Third-party relationships are under growing scrutiny by global regulators, including the European Banking Authority (EBA), US Office of the Comptroller of the Currency (OCC), FINRA, the UK Financial Conduct Authority, and the Monetary Authority of Singapore. As firms increase reliance on third parties to deliver business-critical processes and services, oversight complexity also increases. The lack of standardization around collecting due diligence data can lead to duplicate efforts, creating inefficient processes that might result in delays in response times, revenue recognition, increased costs and overall inconsistency of information. KY3P®, developed in partnership with global banks, asset managers, and Big 4 consulting firms, is designed to help you simplify third-party risk management processes. By standardizing due diligence questionnaires and storing third-party information centrally, the service minimizes efforts around information requests and responses.
S&P Global provides industry-leading data, software and technology platforms and managed services to tackle some of the most difficult challenges in financial markets. We help our customers better understand complicated markets, reduce risk, operate more efficiently and comply with financial regulation.
This article was published by S&P Global Market Intelligence and not by S&P Global Ratings, which is a separately managed division of S&P Global.