Core provider Jack Henry is offering a way to ensure financial institutions can select vendors that align with their required levels of risk and compliance.

The Vendor Management Program integrates into Jack Henry’s Governance, Risk and Compliance (GRC) Suite, and runs an automated risk assessment on banks’ external service providers, IT vendors and related third parties, according to a recent release.

“If you’re entrusting your data to a third party, that third party has got to have the same security controls in place as what you would expect your own institution to have in place,” Amber Dolan, governance, risk and compliance senior manager at Jack Henry, told Bank Automation News.

The new GRC program considers metrics such as usage and spending, the importance of the vendor’s assets, and the vendor’s pre-existing risk level. It also looks at the information the vendor might access and the risk that may come from pairing it with a financial institution.

The program helps customers navigate the data produced during the risk assessment of vendors, Dolan said. It centralizes the information, a trend in banking that appeals to executive board members, she noted.

Previously, banks managed vendors in independent silos, which created issues when different bank departments sought a third party for a specific function without considering the risk that might create for the whole institution. It’s a paradigm shift that appeals to executive board members, according to Dolan.

“Before, there wasn’t that one centralized view of risk,” Dolan said. “This is giving them a really big-picture view of their control environment with risks, control findings and compliance-related information all in one place.”

