FinAi News

No products in the cart.

Subscribe
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
Log In
No Result
View All Result
  • Banking
  • Lending
  • Payments
  • Risk & Security
  • Strategy
FinAi News
  • News
  • AI News Tool
  • Data
  • Transactions
  • Events
    • FinAi Banking Summit
    • FinAi Lending Summit
  • Podcast
  • WEBINARS
    • Webinar Library
BAN PLUS
Log In
No Result
View All Result
FinAi News
No Result
View All Result

Third-party risk reimagined

KearneybyKearney
May 24, 2021
in Strategy
Reading Time: 4 mins read
Share on Facebook

Among the most important recent trends in banking has been an increased tendency to outsource services previously handled internally. While this practice has its merits, a vendor’s operational weaknesses, financial instability or inappropriate conduct can create significant third-party risk that threaten a bank’s institutional standing and market fundamentals.

In the aftermath of the 2008 financial crisis, regulators began pressing banks to create more robust approaches to identifying, evaluating and monitoring third-party risk. The Federal Reserve further accelerated these efforts with its 2013 SR13-19 letter, “Guidance on Managing Outsourcing Risk.”

Banks responded in kind, building out comprehensive third-party risk management (TPRM) programs that subject vendors to extensive initial due diligence and quarterly or annual reviews. This approach worked well under then-normal circumstances. 

However, “normal circumstances” now are out the window. Cyber events such as the COVID-19 impact on supply chains and vendor networks; the Target data breach launched by fourth-party perpetrators via an unwitting third-party HVAC vendor; and the SolarWinds attacks have dramatically reshaped views of the pace and scale of third-party risk. The pandemic, in particular, raised questions that hadn’t previously been imagined. Do banks’ third-party vendors have adequate information-security protocols in place for work-from-home employees? Can those vendors actually survive a months-long shutdown with zero revenue?

For risk managers, the new norm has revealed an urgent need for the following stronger TPRM requirements:

Frequent monitoring of individual vendors 

No sane investor would monitor the market risk of a liquid securities portfolio on a quarterly basis — they’d miss far too much. Risk managers are now taking a similar view of third-party vendors. Pre-COVID approaches such as quarterly financial reviews, periodic surveys to vendors and occasional relationship calls are no longer enough. The pandemic demonstrated that vendors’ financial stability and operational capacity to meet bank demands can change significantly, and often with relatively little warning. Consequently, TPRM programs should provide for more frequent vendor monitoring and review.  

Integration of near real-time information and analytics  

Increased monitoring will require more timely information about vendors. Banks can address this need by enlarging their vendor-management teams — and by adopting more sophisticated data-analytics systems. Such systems can retrieve signals from financial, news and social media sources, and tip off a bank to any potentially dangerous developments among its vendors. The timeliness of third-party risk metrics and analytics needs to look more like market risk data feeds, implying a complete transformation in how third-party risk is conceived, measured and managed. 

Risk transparency for fourth parties and beyond   

Tightly integrated, interconnected networks of commercial relationships are capable of transmitting data — and vulnerabilities — rapidly and stealthily. Every third-party vendor is only as safe as their safest vendor or commercial relationship, and every fourth party is likewise only as safe as the weakest link in their own extended network. Banks need the ability to scan for risk “over the horizon” by understanding fourth-party relationships and vulnerabilities, including the identification of common fourth-party exposures impacting their vendor and commercial networks.  

Stronger links between third- and fourth-party risk evaluations and action plans 

For companies in all sectors, COVID-19 demonstrated that they won’t have the luxury of developing crisis plans when they are actually in a crisis; they need predefined action plans, triggered as soon as qualifying conditions arise. Banks should apply this lesson to TPRM. We advocate for the development of specific playbooks, with activation thresholds defined in advance, so that crisis-response planning takes place before a crisis, rather than after it is already underway. 

Expansion of the range of possible TPRM actions 

Historically, changes in vendor-risk profiles might have triggered a limited number of exposure-reduction efforts, such as the insourcing of affected services or the identification of alternative providers. We are now seeing banks consider a much broader and more creative range of responses to vendor distress and limitations. These include such options as prepaying on long-term contracts; making equity investments in the vendors; providing debt financing; or developing new capacity through a joint venture. Previously transactional commercial deals are now increasingly framed as partnerships, with a broad range of operational and financial structures. 

While economies in North America, Europe and parts of Asia are emerging from the pandemic, it seems foolhardy to discount the possibility of future “unprecedented” shocks to our economic systems. Banks can, and should, prepare themselves by reviewing and strengthening their TPRM plans. Even without an epochal crisis such as COVID, these precautions will equip banks to realize the benefits of third-party relationships while guarding them against the potential hazards.  

Written by Dylan Roberts, partner within the financial institutions group at Kearney

This article is presented as part of the content partnership between Bank Automation News and Kearney.

Read the full article at Kearney.com.

Tags: cybersecuritykearneyriskRisk Management

Related Posts

State Street Financial Center in Boston, Massachusetts, US, on Wednesday, July 12, 2023. State Street Corp. is scheduled to release earning figures on July 14. Photographer: Vanessa Leroy/Bloomberg
Strategy

CFO: AI to help State Street ‘rewire how we operate’

July 16, 2026
Community bank assimilates fintech talent, tech to advance digital services
Strategy

Regional banks, wealth management lead financial services M&A

July 15, 2026
Load More

EMERGING FINTECH DIRECTORY

Emerging Fintech Directory

The Buzz Podcast

SPONSORED

Build an Antifragile Strategy to Outperform the Market

July 14, 2026

How AI and Product Experts Turn Fuzzy Requirements Into Focused Dev-ready Roadmaps

April 19, 2026

Is Your Technology Supplier There for You?

April 1, 2026

Next Post
Financial services and small business: Building back stronger, together

Financial services and small business: Building back stronger, together

  • About Us
  • Help Center
  • Contact Us
  • Privacy Terms
  • ADA Compliance
  • Advertise

 [wt_cli_manage_consent]

Connect

twitter linkedin podcast podcast podcast
© 2026 Royal Media
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account

Unlock This Article

Create your free FinAi News account to access this article and stay informed on how AI is transforming financial services including banking, lending, payments, and risk.

Yes, I'd like to receive FinAi News updates, breaking news, and exclusive AI insights for financial services leaders.

Continue Reading with FinAi News Premium - Less than $2/Day

Upgrade to FinAi News Premium for unlimited access to news, insights, trends, and intelligence on how AI is transforming financial services including banking, lending, payments, and risk.
Upgrade to FinAi News Premium Subscription
No Result
View All Result
  • NEWS
    • All News
    • Banking
    • Lending
    • Payments
    • Risk & Security
    • Strategy
  • AI News Tool [Beta]
  • DATA
  • TRANSACTIONS
  • EVENTS
    • FinAi Banking Summit
    • FinAi Lending Summit
  • PODCAST
  • WEBINARS
    • Webinar Library
  • SUBSCRIBE
  • Log In / Account